Selective private function evaluation with applications to private statistics

Motivated by the application of private statistical analysis of large databases, we consider the problem of <i>selective private function evaluation</i> (SPFE). In this problem, a client interacts with one or more servers holding copies of a database <i>x</i> = <i>x</i><subscrpt>1</subscrpt>, … , <i>x<subscrpt>n</subscrpt></i> in order to compute <i>f</i>(<i>x</i><subscrpt><i>i</i><subscrpt>1</subscrpt></subscrpt>, … , <i>x</i><subscrpt><i>i</i><subscrpt><i>m</i></subscrpt></subscrpt>), for some function <i>f</i> and indices <i>i</i> = <i>i</i><subscrpt>1</subscrpt>, … , <i>i<subscrpt>m</subscrpt></i> chosen by the client. Ideally, the client must learn nothing more about the database than <i>f</i>(<i>x<subscrpt>i</subscrpt></i>, … , <i>x</i><subscrpt><i>i</i><subscrpt><i>m</i></subscrpt></subscrpt>), and the servers should learn nothing. Generic solutions for this problem, based on standard techniques for secure function evaluation, incur communication complexity that is at least linear in <i>n</i>, making them prohibitive for large databases even when <i>f</i> in relatively simple and <i>m</i> is small. We present various approaches for constructing sublinear-communication SPFE protocols, both for the general problem and for special cases of interest. Our solutions not only offer sublinear communication complexity, but are also practical in many scenarios.

[1]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[2]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[3]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[4]  Julien P. Stern A New Efficient All-Or-Nothing Disclosure of Secrets Protocol , 1998, ASIACRYPT.

[5]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[6]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[7]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[8]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[9]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval , 1999, STOC 1999.

[10]  Elizabeth D Mann Private access to distributed information , 1998 .

[11]  Yuval Ishai,et al.  Information-Theoretic Private Information Retrieval: A Unified Construction , 2001, ICALP.

[12]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[13]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, CSUR.

[14]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[15]  David Chaum,et al.  Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result , 1987, CRYPTO.

[16]  Shai Halevi,et al.  A Cryptographic Solution to a Game Theoretic Problem , 2000, CRYPTO.

[17]  Jacques Stern,et al.  A New Public-Key Cryptosystem , 1997, EUROCRYPT.

[18]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[19]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[20]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[21]  Andris Ambainis,et al.  On Lower Bounds for the Communication Complexity of Private Information Retrieval ∗ , 2000 .

[22]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[23]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[24]  Yuval Ishai,et al.  Private simultaneous messages protocols with applications , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[25]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[26]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[27]  Joan Feigenbaum,et al.  Hiding Instances in Multioracle Queries , 1990, STACS.

[28]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[29]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[30]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[31]  Yuval Ishai,et al.  Improved upper bounds on information-theoretic private information retrieval (extended abstract) , 1999, STOC '99.

[32]  Moni Naor,et al.  Communication preserving protocols for secure function evaluation , 2001, STOC '01.

[33]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[34]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[35]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .

[36]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[37]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[38]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[39]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[40]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[41]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[42]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[43]  David Chaum,et al.  Multiparty Unconditionally Secure Protocols (Extended Abstract) , 1988, STOC.