Journal of Cryptology

, Volume 23, Issue 3, pp 373–401

Secure Computation of the Median (and Other Elements of Specified Ranks)

Article

Abstract

We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.

Keywords

Secure function evaluation Secure multi-party computation kth-ranked element Median Semi-honest adversary Malicious adversary 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    M. Atallah, M. Blanton, K. Frikken, J. Li, Efficient correlated action selection, in Financial Cryptography (2006), pp. 296–310 Google Scholar
  2. [2]
    D. Beaver, Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. J. Cryptol. 4(2), 75–122 (1991) MATHCrossRefGoogle Scholar
  3. [3]
    D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols. In Proceedings of the Twenty-Second Annual ACM Symposium on the Theory of Computing (1990), pp. 503–513 Google Scholar
  4. [4]
    I. Blake, V. Kolesnikov, Strong conditional oblivious transfer and computing on intervals, in 10th International Conference on the Theory and Application of Cryptology and Information Security ASIACRYPT (2004), pp. 515–529 Google Scholar
  5. [5]
    C. Cachin, Efficient private bidding and auctions with an oblivious third party, in Proc. 6th ACM Conference on Computer and Communications Security (1999), pp. 120–127 Google Scholar
  6. [6]
    C. Cachin, S. Micali, M. Stadler, Computationally private information retrieval with polylogarithmic communication, in Advances in Cryptology: EUROCRYPT ’99 (1999), pp. 402–414 Google Scholar
  7. [7]
    R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000) MATHCrossRefMathSciNetGoogle Scholar
  8. [8]
    R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (2001), pp. 136–145 Google Scholar
  9. [9]
    R. Canetti, Y. Ishai, R. Kumar, M. Reiter, R. Rubinfeld, R. Wright, Selective private function evaluation with applications to private statistics, in Proceedings of Twentieth ACM Symposium on Principles of Distributed Computing (2001), pp. 293–304 Google Scholar
  10. [10]
    R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two party computation, in 34th ACM Symposium on the Theory of Computing (2002), pp. 494–503 Google Scholar
  11. [11]
    J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, R. Wright, Secure multiparty computation of approximations, in Proceedings of 28th International Colloquium on Automata, Languages and Programming (2001), pp. 927–938 Google Scholar
  12. [12]
    M. Fischlin, A cost-effective pay-per-multiplication comparison method for millionaires, in RSA Security 2001 Cryptographer’s Track, vol. 2020 (2001), pp. 457–471 Google Scholar
  13. [13]
    M. Franklin, M. Yung, Communication complexity of secure computation, in Proceedings of the Twenty-Fourth Annual ACM Symposium on the Theory of Computing (1992), pp. 699–710 Google Scholar
  14. [14]
    P. Gibbons, Y. Matias, V. Poosala, Fast incremental maintenance of approximate histograms, in Proc. 23rd Int. Conf. Very Large Data Bases (1997), pp. 466–475 Google Scholar
  15. [15]
    O. Goldreich, Foundations of Cryptography: vol. 2, Basic Applications (Cambridge University Press, Cambridge, 2004) Google Scholar
  16. [16]
    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in Proceedings of the 19th Annual Symposium on Theory of Computing, May 1987, pp. 218–229 Google Scholar
  17. [17]
    S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in Proceedings of Advances in Cryptology (1991), pp. 77–93 Google Scholar
  18. [18]
    Y. Ishai, K. Nissim, J. Kilian, E. Petrank, Extending oblivious transfers efficiently, in 23rd Annual International Cryptology Conference (2003), pp. 145–161 Google Scholar
  19. [19]
    H. Jagadish, N. Koudas, S. Muthukrishnan, V. Poosala, K. Sevcik, T. Suel, Optimal histograms with quality guarantees, in Proc. 24th Int. Conf. Very Large Data Bases (1998), pp. 275–286 Google Scholar
  20. [20]
    S. Jarecki, V. Shmatikov, Efficient two-party secure computation on committed inputs, in EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 97–114 CrossRefGoogle Scholar
  21. [21]
    E. Kushilevitz, N. Nisan, Communication Complexity (Cambridge University Press, Cambridge, 1997) MATHGoogle Scholar
  22. [22]
    S. Laur, H. Lipmaa, Additive conditional disclosure of secrets and applications. Cryptology ePrint Archive, Report 2005/378, 2005 Google Scholar
  23. [23]
    H. Lin, W. Tzeng, An efficient solution to the millionaires’ problem based on homomorphic encryption, in Third International Conference Applied Cryptography and Network Security (2005), pp. 456–466 Google Scholar
  24. [24]
    Y. Lindell, B. Pinkas, Privacy preserving data mining. J. Cryptol. 15(3), 177–206 (2002) MATHCrossRefMathSciNetGoogle Scholar
  25. [25]
    Y. Lindell, B. Pinkas, An efficient protocol for secure two-party computation in the presence of malicious adversaries, in EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 52–78 CrossRefGoogle Scholar
  26. [26]
    S. Micali, P. Rogaway, Secure computation, in Proceedings of Advances in Cryptology (1991), pp. 392–404 Google Scholar
  27. [27]
    M. Naor, K. Nissim, Communication preserving protocols for secure function evaluation, in Proceedings of the 33rd Annual ACM Symposium on Theory of Computing (2001), pp. 590–599 Google Scholar
  28. [28]
    B. Pfitzmann, M. Waidner, Composition and integrity preservation of secure reactive systems, in ACM Conference on Computer and Communications Security (2000), pp. 245–254 Google Scholar
  29. [29]
    V. Poosala, V. Ganti, Y. Ioannidis, Approximate query answering using histograms. IEEE Data Eng. Bull. 22(4), 5–14 (1999) Google Scholar
  30. [30]
    M. Rodeh, Finding the median distributively. J. Comput. Syst. Sci. 24(2), 162–166 (1982) CrossRefMathSciNetGoogle Scholar
  31. [31]
    L. von Ahn, N. Hopper, J. Langford, Covert two-party computation, in Proceedings of the Thirty-Seventh Annual Acm Symposium on Theory of Computing (2005), pp. 513–522 Google Scholar
  32. [32]
    A. Yao, Protocols for secure computations, in Proceedings of the 23rd Symposium on Foundations of Computer Science (1982), pp. 160–164 Google Scholar
  33. [33]
    A. Yao, How to generate and exchange secrets, in Proceedings of the 27th Symposium on Foundations of Computer Science (1986), pp. 162–167 Google Scholar

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  1. 1.Google ResearchMountain ViewUSA
  2. 2.Search LabsMicrosoft ResearchMountain ViewUSA
  3. 3.Department of Computer ScienceUniversity of HaifaHaifaIsrael

Personalised recommendations