Secure computation of surveys

J Feigenbaum, B. Pinkas, R Ryger, F Saint-Jean

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We describe the design and implementation of a system for conducting surveys while hiding the information provided by the respondents. We use the CRA Taulbee Survey of faculty salaries in computer science departments as a concrete example in which there are real privacy concerns but in which participation is too large and uncoordinated for direct application of known secure multiparty function evaluation protocols. Our system extends earlier work considering privacy in auctions. We adopt the approach of designating a small number of parties to do the main secure computation, but we go farther in addressing the reality of haphazard input arrival, and possible non-arrival, so that “the function,” in the usual sense, is not known until it is decided at some point to cease collecting inputs, at which point the participants at large—humans and machines—cannot be expected to be available for any interaction. A major impediment to acceptance of secure-function-evaluation technology in practice is the fundamental incompatibility of privacy preservation without trusted parties with “sanity checking” of inputs. For the CRA Taulbee Survey, we show that a reasonable partial remedy is possible.
Original languageAmerican English
Title of host publicationEU Workshop on Secure Multiparty Protocols
StatePublished - 2004

Bibliographical note

HP Labs
Place of conference:Amsterdam, The Netherlands


Dive into the research topics of 'Secure computation of surveys'. Together they form a unique fingerprint.

Cite this