Abstract
We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
M. Atallah, M. Blanton, K. Frikken, J. Li, Efficient correlated action selection, in Financial Cryptography (2006), pp. 296–310
D. Beaver, Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority. J. Cryptol. 4(2), 75–122 (1991)
D. Beaver, S. Micali, P. Rogaway, The round complexity of secure protocols. In Proceedings of the Twenty-Second Annual ACM Symposium on the Theory of Computing (1990), pp. 503–513
I. Blake, V. Kolesnikov, Strong conditional oblivious transfer and computing on intervals, in 10th International Conference on the Theory and Application of Cryptology and Information Security ASIACRYPT (2004), pp. 515–529
C. Cachin, Efficient private bidding and auctions with an oblivious third party, in Proc. 6th ACM Conference on Computer and Communications Security (1999), pp. 120–127
C. Cachin, S. Micali, M. Stadler, Computationally private information retrieval with polylogarithmic communication, in Advances in Cryptology: EUROCRYPT ’99 (1999), pp. 402–414
R. Canetti, Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (2001), pp. 136–145
R. Canetti, Y. Ishai, R. Kumar, M. Reiter, R. Rubinfeld, R. Wright, Selective private function evaluation with applications to private statistics, in Proceedings of Twentieth ACM Symposium on Principles of Distributed Computing (2001), pp. 293–304
R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two party computation, in 34th ACM Symposium on the Theory of Computing (2002), pp. 494–503
J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, R. Wright, Secure multiparty computation of approximations, in Proceedings of 28th International Colloquium on Automata, Languages and Programming (2001), pp. 927–938
M. Fischlin, A cost-effective pay-per-multiplication comparison method for millionaires, in RSA Security 2001 Cryptographer’s Track, vol. 2020 (2001), pp. 457–471
M. Franklin, M. Yung, Communication complexity of secure computation, in Proceedings of the Twenty-Fourth Annual ACM Symposium on the Theory of Computing (1992), pp. 699–710
P. Gibbons, Y. Matias, V. Poosala, Fast incremental maintenance of approximate histograms, in Proc. 23rd Int. Conf. Very Large Data Bases (1997), pp. 466–475
O. Goldreich, Foundations of Cryptography: vol. 2, Basic Applications (Cambridge University Press, Cambridge, 2004)
O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in Proceedings of the 19th Annual Symposium on Theory of Computing, May 1987, pp. 218–229
S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in Proceedings of Advances in Cryptology (1991), pp. 77–93
Y. Ishai, K. Nissim, J. Kilian, E. Petrank, Extending oblivious transfers efficiently, in 23rd Annual International Cryptology Conference (2003), pp. 145–161
H. Jagadish, N. Koudas, S. Muthukrishnan, V. Poosala, K. Sevcik, T. Suel, Optimal histograms with quality guarantees, in Proc. 24th Int. Conf. Very Large Data Bases (1998), pp. 275–286
S. Jarecki, V. Shmatikov, Efficient two-party secure computation on committed inputs, in EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 97–114
E. Kushilevitz, N. Nisan, Communication Complexity (Cambridge University Press, Cambridge, 1997)
S. Laur, H. Lipmaa, Additive conditional disclosure of secrets and applications. Cryptology ePrint Archive, Report 2005/378, 2005
H. Lin, W. Tzeng, An efficient solution to the millionaires’ problem based on homomorphic encryption, in Third International Conference Applied Cryptography and Network Security (2005), pp. 456–466
Y. Lindell, B. Pinkas, Privacy preserving data mining. J. Cryptol. 15(3), 177–206 (2002)
Y. Lindell, B. Pinkas, An efficient protocol for secure two-party computation in the presence of malicious adversaries, in EUROCRYPT ’07 (Springer, Berlin, 2007), pp. 52–78
S. Micali, P. Rogaway, Secure computation, in Proceedings of Advances in Cryptology (1991), pp. 392–404
M. Naor, K. Nissim, Communication preserving protocols for secure function evaluation, in Proceedings of the 33rd Annual ACM Symposium on Theory of Computing (2001), pp. 590–599
B. Pfitzmann, M. Waidner, Composition and integrity preservation of secure reactive systems, in ACM Conference on Computer and Communications Security (2000), pp. 245–254
V. Poosala, V. Ganti, Y. Ioannidis, Approximate query answering using histograms. IEEE Data Eng. Bull. 22(4), 5–14 (1999)
M. Rodeh, Finding the median distributively. J. Comput. Syst. Sci. 24(2), 162–166 (1982)
L. von Ahn, N. Hopper, J. Langford, Covert two-party computation, in Proceedings of the Thirty-Seventh Annual Acm Symposium on Theory of Computing (2005), pp. 513–522
A. Yao, Protocols for secure computations, in Proceedings of the 23rd Symposium on Foundations of Computer Science (1982), pp. 160–164
A. Yao, How to generate and exchange secrets, in Proceedings of the 27th Symposium on Foundations of Computer Science (1986), pp. 162–167
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Dwork.
G. Aggarwal’s work done at HP Labs and Stanford University, and supported in part by a Stanford Graduate Fellowship, NSF Grant ITR-0331640 and NSF Grant EIA-0137761.
N. Mishra’s work partially done at HP Labs and the University of Virginia. Research supported in part by NSF grant EIA-013776.
Most of this work was done while B. Pinkas was at HP Labs. Research supported in part by the Israel Science Foundation (grant number 860/06).
Rights and permissions
About this article
Cite this article
Aggarwal, G., Mishra, N. & Pinkas, B. Secure Computation of the Median (and Other Elements of Specified Ranks). J Cryptol 23, 373–401 (2010). https://doi.org/10.1007/s00145-010-9059-9
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9059-9