Abstract
Secure Two-Party Computation (STC) allows two mutually untrusting parties to securely evaluate a function on their private inputs. While tremendous progress has been made towards reducing processing overheads, STC still incurs significant communication overhead that is in fact prohibitive when no high-speed network connection is available, e.g., when applications are run over a cellular network. In this paper, we consider the fundamental problem of securely computing a minimum and its argument, which is a basic building block in a wide range of applications that have been proposed as STCs, e.g., Nearest Neighbor Search, Auctions, and Biometric Matchings. We first comprehensively analyze and compare the communication overhead of implementations of the three major STC concepts, i.e., Yao’s Garbled Circuits, the Goldreich-Micali-Wigderson protocol, and Homomorphic Encryption. We then propose an algorithm for securely computing minima in the semi-honest model that, compared to current state-of-the-art, reduces communication overheads by 18 % to 98 %. Lower communication overheads result in faster runtimes in constrained networks and lower direct costs for users.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: ACM CCS. ACM (2013)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Nist special publication 800–57. NIST Special Publication 800(57), 1–142 (2007)
Bellare, M., Hoang, V.T., Keelveedhi, S., Rogaway, P.: Efficient garbling from a fixed-key blockcipher. In: IEEE SP, pp. 478–492. IEEE (2013)
Carter, H., Amrutkar, C., Dacosta, I., Traynor, P.: For your phone only: custom protocols for efficient secure function evaluation on mobile devices. SCN 7(7), 1165–1176 (2014)
Carter, H., Lever, C., Traynor, P.: Whitewash: Outsourcing garbled circuit generation for mobile devices. In: ACSAC, pp. 266–275. ACM (2014)
Carter, H., Mood, B., Traynor, P., Butler, K.: Secure outsourced garbled circuit evaluation for mobile devices. In: USENIX Security. USENIX (2013)
Costantino, G., Martinelli, F., Santi, P., Amoruso, D.: An implementation of secure two-party computation for smartphones with application to privacy-preserving interest-cast. In: PST, pp. 9–16 (2012)
Damgard, I., Geisler, M., Kroigard, M.: Homomorphic encryption and secure comparison. Int. J. Appl. Crypt. 1(1), 22–31 (2008)
De Cristofaro, E., Faber, S., Gasti, P., Tsudik, G.: Genodroid: are privacy-preserving genomic tests ready for prime time? In: ACM WPES. ACM (2012)
Demmler, D., Schneider, T., Zohner, M.: Ad-hoc secure two-party computation on mobile devices using hardware tokens. In: USENIX Security (2014)
Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)
Erkin, Z., Franz, M., Guajardo, J., Katzenbeisser, S., Lagendijk, I., Toft, T.: Privacy-preserving face recognition. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 235–253. Springer, Heidelberg (2009)
Erkin, Z., Veugen, T., Toft, T., Lagendijk, R.L.: Privacy-preserving user clustering in a social network. In: IEEE WIFS, pp. 96–100. IEEE (2009)
Erkin, Z., Veugen, T., Toft, T., Lagendijk, R.L.: Generating private recommendations efficiently using homomorphic encryption and data packing. IEEE Trans. Inf. Forensics Secur. 7(3), 1053–1066 (2012)
Franz, M., Deiseroth, B., Hamacher, K., Jha, S., Katzenbeisser, S., Schröder, H.: Towards secure bioinformatics services (Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 276–283. Springer, Heidelberg (2012)
Goldreich, O., Micali, S., Wigderson, A.: How to play ANY mental game. In: ACM STOC, pp. 218–229. ACM (1987)
Huang, Y., Evans, D., Katz, J., Malka, L.: Efficient privacy-preserving biometric identification. In: NDSS (2011)
Huang, Y., Chapman, P., Evans, D.: Privacy-preserving applications on smartphones. In: USENIX HotSec. USENIX (2011)
Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security. USENIX (2011)
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)
Kerschbaum, F., Biswas, D., de Hoogh, S.: Performance comparison of secure comparison protocols. In: DEXA, pp. 133–136. IEEE (2009)
Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Improved garbled circuit building blocks and applications to auctions and computing minima. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 1–20. Springer, Heidelberg (2009)
Kolesnikov, V., Sadeghi, A.R., Schneider, T.: From dust to dawn: practically efficient two-party secure function evaluation protocols and their modular design. IACR Cryptology ePrint Archive (2010)
Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)
Kreuter, B., Shelat, A., Mood, B., Butler, K.R.: PCF: a portable circuit format for scalable two-party secure computation. In: USENIX Security. USENIX (2013)
Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - a secure two-party computation system. In: USENIX Security. USENIX (2004)
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA, pp. 448–457. SIAM (2001)
Naor, M., Pinkas, B.: Computationally secure oblivious transfer. J. Cryptology 18(1), 1–35 (2005)
Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Rane, S., Boufounos, P.: Privacy-preserving nearest neighbor methods. IEEE Signal Process. Mag. 30(2), 18–28 (2013)
Schneider, T., Zohner, M.: GMW vs. Yao? efficient secure two-party computation with low depth circuits. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 275–292. Springer, Heidelberg (2013)
Songhori, E.M., Hussain, S.U., Sadeghi, A.R., Schneider, T., Koushanfar, F.: TinyGarble: highly compressed and scalable sequential garbled circuits. In: IEEE SP. IEEE (2015)
Veugen, T.: Improving the DGK comparison protocol. In: IEEE WIFS. IEEE (2012)
Yao, A.: How to generate and exchange secrets. In: FOCS, pp. 62–167. IEEE (1986)
Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015)
Ziegeldorf, J.H., Metzke, J., Henze, M., Wehrle, K.: Choose wisely: a comparison of secure two-party computation frameworks. In: IEEE SPW. IEEE (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Min and Argmin with Shared Inputs
A Min and Argmin with Shared Inputs
In Sect. 3, we define the secure min/argmin problem as a building block within another secure computation. This definition neglects those parts of the overheads which are due to sharing inputs between client and server. We thus shortly discuss a second version of the problem where \(\mathcal {C}\) and \(\mathcal {S}\) each hold half of the inputs and the client obtains the output.
For GCs, \(\mathcal {S}\) sends its garbled inputs to \(\mathcal {C}\), amounting to nlt bit of communication. \(\mathcal {C}\) obtains its own inputs via correlated OT from \(\mathcal {S}\) at a cost of 2nlt bit. These overheads are halved for Kolesnikov’09 [22] where the arguments are implicit and not part of the inputs as well as for Huang’11 where the arguments are encrypted in the backtracking tree. Sharing inputs in GMW-based approaches requires only 2nl bit, i.e., 1 bit per input bit. Again, this overhead is halved for the restricted (arg)min circuit of Schneider’13 [31]. For both Erkin’s protocol and ours, only \(\mathcal {C}\)’s inputs need to be sent to \(\mathcal {S}\) in encrypted form, requiring 2nT bit of communication. We summarize the overall complexity in Table 4.
We implement and evaluate this second (arg)min problem. As before, we observe an implementation overhead of at most 3 % compared to the complexities in Table 4. Only the measurements for ABY-YAO significantly deviate by 14 % and 27 % coupled with a large standard deviation in the send traffic. Since this renders the measurements incomparable, we present only a comparison of the theoretical communication overhead in Table 5. The results are qualitatively very similar to the results for our initial problem definition (Table 2 in Subsect. 5.1). Furthermore, the processing required for sharing the inputs is very low in all approaches. Thus, for our second problem definition, we expect qualitatively very similar results to those presented in Subsect. 5.2.
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ziegeldorf, J.H., Hiller, J., Henze, M., Wirtz, H., Wehrle, K. (2015). Bandwidth-Optimized Secure Two-Party Computation of Minima. In: Reiter, M., Naccache, D. (eds) Cryptology and Network Security. CANS 2015. Lecture Notes in Computer Science(), vol 9476. Springer, Cham. https://doi.org/10.1007/978-3-319-26823-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-26823-1_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26822-4
Online ISBN: 978-3-319-26823-1
eBook Packages: Computer ScienceComputer Science (R0)