Secure Computation of the Median (and Other Elements of Specified Ranks) Article First Online: 05 February 2010 Received: 23 January 2007 Revised: 29 December 2009
2
Citations
198
Downloads
Abstract We consider the problem of securely computing the k th-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the k th-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k , where each round requires communication and computation cost that is linear in b , the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b , where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.

Keywords Secure function evaluation Secure multi-party computation k th-ranked element Median Semi-honest adversary Malicious adversary G. Aggarwal’s work done at HP Labs and Stanford University, and supported in part by a Stanford Graduate Fellowship, NSF Grant ITR-0331640 and NSF Grant EIA-0137761.

N. Mishra’s work partially done at HP Labs and the University of Virginia. Research supported in part by NSF grant EIA-013776.

Most of this work was done while B. Pinkas was at HP Labs. Research supported in part by the Israel Science Foundation (grant number 860/06).

References [1]

M. Atallah, M. Blanton, K. Frikken, J. Li, Efficient correlated action selection, in

Financial Cryptography (2006), pp. 296–310

Google Scholar [2]

D. Beaver, Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority.

J. Cryptol.
4 (2), 75–122 (1991)

MATH CrossRef Google Scholar [3]

D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols. In

Proceedings of the Twenty-Second Annual ACM Symposium on the Theory of Computing (1990), pp. 503–513

Google Scholar [4]

I. Blake, V. Kolesnikov, Strong conditional oblivious transfer and computing on intervals, in

10th International Conference on the Theory and Application of Cryptology and Information Security ASIACRYPT (2004), pp. 515–529

Google Scholar [5]

C. Cachin, Efficient private bidding and auctions with an oblivious third party, in

Proc. 6th ACM Conference on Computer and Communications Security (1999), pp. 120–127

Google Scholar [6]

C. Cachin, S. Micali, M. Stadler, Computationally private information retrieval with polylogarithmic communication, in

Advances in Cryptology: EUROCRYPT ’99 (1999), pp. 402–414

Google Scholar [7]

R. Canetti, Security and composition of multiparty cryptographic protocols.

J. Cryptol.
13 (1), 143–202 (2000)

MATH CrossRef MathSciNet Google Scholar [8]

R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in

Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (2001), pp. 136–145

Google Scholar [9]

R. Canetti, Y. Ishai, R. Kumar, M. Reiter, R. Rubinfeld, R. Wright, Selective private function evaluation with applications to private statistics, in

Proceedings of Twentieth ACM Symposium on Principles of Distributed Computing (2001), pp. 293–304

Google Scholar [10]

R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two party computation, in

34th ACM Symposium on the Theory of Computing (2002), pp. 494–503

Google Scholar [11]

J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, R. Wright, Secure multiparty computation of approximations, in

Proceedings of 28th International Colloquium on Automata, Languages and Programming (2001), pp. 927–938

Google Scholar [12]

M. Fischlin, A cost-effective pay-per-multiplication comparison method for millionaires, in

RSA Security 2001 Cryptographer’s Track , vol. 2020 (2001), pp. 457–471

Google Scholar [13]

M. Franklin, M. Yung, Communication complexity of secure computation, in

Proceedings of the Twenty-Fourth Annual ACM Symposium on the Theory of Computing (1992), pp. 699–710

Google Scholar [14]

P. Gibbons, Y. Matias, V. Poosala, Fast incremental maintenance of approximate histograms, in

Proc. 23rd Int. Conf. Very Large Data Bases (1997), pp. 466–475

Google Scholar [15]

O. Goldreich,

Foundations of Cryptography: vol. 2, Basic Applications (Cambridge University Press, Cambridge, 2004)

Google Scholar [16]

O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in

Proceedings of the 19th Annual Symposium on Theory of Computing , May 1987, pp. 218–229

Google Scholar [17]

S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in

Proceedings of Advances in Cryptology (1991), pp. 77–93

Google Scholar [18]

Y. Ishai, K. Nissim, J. Kilian, E. Petrank, Extending oblivious transfers efficiently, in

23rd Annual International Cryptology Conference (2003), pp. 145–161

Google Scholar [19]

H. Jagadish, N. Koudas, S. Muthukrishnan, V. Poosala, K. Sevcik, T. Suel, Optimal histograms with quality guarantees, in

Proc. 24th Int. Conf. Very Large Data Bases (1998), pp. 275–286

Google Scholar [20]

S. Jarecki, V. Shmatikov, Efficient two-party secure computation on committed inputs, in

EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 97–114

CrossRef Google Scholar [21]

E. Kushilevitz, N. Nisan,

Communication Complexity (Cambridge University Press, Cambridge, 1997)

MATH Google Scholar [22]

S. Laur, H. Lipmaa, Additive conditional disclosure of secrets and applications. Cryptology ePrint Archive, Report 2005/378, 2005

Google Scholar [23]

H. Lin, W. Tzeng, An efficient solution to the millionaires’ problem based on homomorphic encryption, in

Third International Conference Applied Cryptography and Network Security (2005), pp. 456–466

Google Scholar [24]

Y. Lindell, B. Pinkas, Privacy preserving data mining.

J. Cryptol.
15 (3), 177–206 (2002)

MATH CrossRef MathSciNet Google Scholar [25]

Y. Lindell, B. Pinkas, An efficient protocol for secure two-party computation in the presence of malicious adversaries, in

EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 52–78

CrossRef Google Scholar [26]

S. Micali, P. Rogaway, Secure computation, in

Proceedings of Advances in Cryptology (1991), pp. 392–404

Google Scholar [27]

M. Naor, K. Nissim, Communication preserving protocols for secure function evaluation, in

Proceedings of the 33rd Annual ACM Symposium on Theory of Computing (2001), pp. 590–599

Google Scholar [28]

B. Pfitzmann, M. Waidner, Composition and integrity preservation of secure reactive systems, in

ACM Conference on Computer and Communications Security (2000), pp. 245–254

Google Scholar [29]

V. Poosala, V. Ganti, Y. Ioannidis, Approximate query answering using histograms.

IEEE Data Eng. Bull.
22 (4), 5–14 (1999)

Google Scholar [30]

M. Rodeh, Finding the median distributively.

J. Comput. Syst. Sci.
24 (2), 162–166 (1982)

CrossRef MathSciNet Google Scholar [31]

L. von Ahn, N. Hopper, J. Langford, Covert two-party computation, in

Proceedings of the Thirty-Seventh Annual Acm Symposium on Theory of Computing (2005), pp. 513–522

Google Scholar [32]

A. Yao, Protocols for secure computations, in

Proceedings of the 23rd Symposium on Foundations of Computer Science (1982), pp. 160–164

Google Scholar [33]

A. Yao, How to generate and exchange secrets, in

Proceedings of the 27th Symposium on Foundations of Computer Science (1986), pp. 162–167

Google Scholar © International Association for Cryptologic Research 2010

Authors and Affiliations 1. Google Research Mountain View USA 2. Search Labs Microsoft Research Mountain View USA 3. Department of Computer Science University of Haifa Haifa Israel