Secure Computation with Sublinear Amortized Work

Traditional approaches to secure computation begin by representing the function f being computed as a circuit. For any function f that depends on each of its inputs, this implies a protocol with complexity at least linear in the input size. In fact, linear running time is inherent for secure computation of non-trivial functions, since each party must “touch” every bit of their input lest information about other party’s input be leaked. This seems to rule out many interesting applications of secure computation in scenarios where at least one of the inputs is huge and sublinear-time algorithms can be utilized in the insecure setting; private database search is a prime example. We present an approach to secure two-party computation that yields sublinear-time protocols, in an amortized sense, for functions that can be computed in sublinear time on a random access machine (RAM). Furthermore, a party whose input is “small” is required to maintain only small state. We provide a generic protocol that achieves the claimed complexity, based on any oblivious RAM and any protocol for secure two-party computation. We then present an optimized version of this protocol, where generic secure two-party computation is used only for evaluating a small number of simple operations.

[1]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[2]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[3]  Miklós Ajtai,et al.  Oblivious RAMs without cryptogrpahic assumptions , 2010, STOC '10.

[4]  Joan Feigenbaum,et al.  Secure multiparty computation of approximations , 2001, TALG.

[5]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[6]  Eli Upfal,et al.  Probability and Computing: Randomized Algorithms and Probabilistic Analysis , 2005 .

[7]  Rafail Ostrovsky,et al.  Batch codes and their applications , 2004, STOC '04.

[8]  Somesh Jha,et al.  Secure function evaluation with ordered binary decision diagrams , 2006, CCS '06.

[9]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[10]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[11]  Peter Williams,et al.  Usable PIR , 2008, NDSS.

[12]  David P. Woodruff,et al.  Polylogarithmic Private Approximations and Efficient Matching , 2006, TCC.

[13]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[14]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[15]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[16]  Matthew K. Franklin,et al.  Multi-party Indirect Indexing and Applications , 2007, ASIACRYPT.

[17]  Noam Nisan,et al.  The computational complexity of universal hashing , 1990, Proceedings Fifth Annual Structure in Complexity Theory Conference.

[18]  Moni Naor,et al.  Communication preserving protocols for secure function evaluation , 2001, STOC '01.

[19]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[20]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[21]  S. Muthukrishnan,et al.  Functionally Private Approximations of Negligibly-Biased Estimators , 2009, FSTTCS.

[22]  Joe Kilian,et al.  Fast Private Norm Estimation and Heavy Hitters , 2008, TCC.

[23]  Ivan Damgård,et al.  Perfectly Secure Oblivious RAM Without Random Oracles , 2011, IACR Cryptol. ePrint Arch..

[24]  David P. Woodruff Near-optimal private approximation protocols via a black box transformation , 2011, STOC '11.

[25]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[26]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[27]  Yuval Ishai,et al.  Reducing the Servers’ Computation in Private Information Retrieval: PIR with Preprocessing , 2004, Journal of Cryptology.

[28]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.