Secure computation of the median (and other elements of specified ranks)

Gagan Aggarwal; Nina Mishra; Benny Pinkas

doi:10.1007/s00145-010-9059-9

Secure computation of the median (and other elements of specified ranks)

Gagan Aggarwal, Nina Mishra, Benny Pinkas

Research output: Contribution to journal › Article › peer-review

21 Scopus citations

Abstract

We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.

Original language	English
Pages (from-to)	373-401
Number of pages	29
Journal	Journal of Cryptology
Volume	23
Issue number	3
DOIs	https://doi.org/10.1007/s00145-010-9059-9
State	Published - Jul 2010
Externally published	Yes

Bibliographical note

Funding Information:
N. Mishra’s work partially done at HP Labs and the University of Virginia. Research supported in part by NSF grant EIA-013776.

Funding Information:
G. Aggarwal’s work done at HP Labs and Stanford University, and supported in part by a Stanford Graduate Fellowship, NSF Grant ITR-0331640 and NSF Grant EIA-0137761.

Funding Information:
Most of this work was done while B. Pinkas was at HP Labs. Research supported in part by the Israel Science Foundation (grant number 860/06).

Funding

N. Mishra’s work partially done at HP Labs and the University of Virginia. Research supported in part by NSF grant EIA-013776. G. Aggarwal’s work done at HP Labs and Stanford University, and supported in part by a Stanford Graduate Fellowship, NSF Grant ITR-0331640 and NSF Grant EIA-0137761. Most of this work was done while B. Pinkas was at HP Labs. Research supported in part by the Israel Science Foundation (grant number 860/06).

Funders	Funder number
National Science Foundation	EIA-013776, ITR-0331640, EIA-0137761
Stanford University
Seventh Framework Programme	208173
Israel Science Foundation	860/06

Keywords

Kth-ranked element
Malicious adversary
Median
Secure function evaluation
Secure multi-party computation
Semi-honest adversary

Access to Document

10.1007/s00145-010-9059-9

Cite this

@article{3172088f50cb4077aa3249e5a1df7163,

title = "Secure computation of the median (and other elements of specified ranks)",

abstract = "We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.",

keywords = "Kth-ranked element, Malicious adversary, Median, Secure function evaluation, Secure multi-party computation, Semi-honest adversary",

author = "Gagan Aggarwal and Nina Mishra and Benny Pinkas",

note = "Funding Information: N. Mishra{\textquoteright}s work partially done at HP Labs and the University of Virginia. Research supported in part by NSF grant EIA-013776. Funding Information: G. Aggarwal{\textquoteright}s work done at HP Labs and Stanford University, and supported in part by a Stanford Graduate Fellowship, NSF Grant ITR-0331640 and NSF Grant EIA-0137761. Funding Information: Most of this work was done while B. Pinkas was at HP Labs. Research supported in part by the Israel Science Foundation (grant number 860/06).",

year = "2010",

month = jul,

doi = "10.1007/s00145-010-9059-9",

language = "אנגלית",

volume = "23",

pages = "373--401",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer New York",

number = "3",

}

TY - JOUR

T1 - Secure computation of the median (and other elements of specified ranks)

AU - Aggarwal, Gagan

AU - Mishra, Nina

AU - Pinkas, Benny

N1 - Funding Information: N. Mishra’s work partially done at HP Labs and the University of Virginia. Research supported in part by NSF grant EIA-013776. Funding Information: G. Aggarwal’s work done at HP Labs and Stanford University, and supported in part by a Stanford Graduate Fellowship, NSF Grant ITR-0331640 and NSF Grant EIA-0137761. Funding Information: Most of this work was done while B. Pinkas was at HP Labs. Research supported in part by the Israel Science Foundation (grant number 860/06).

PY - 2010/7

Y1 - 2010/7

N2 - We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.

AB - We consider the problem of securely computing the kth-ranked element of the union of two or more large, confidential data sets. This is a fundamental question motivated by many practical contexts. For example, two competitive companies may wish to compute the median salary of their combined employee populations without revealing to each other the exact salaries of their employees. While protocols do exist for computing the kth-ranked element, they require time that is at least linear in the sum of the sizes of their combined inputs. This paper investigates two-party and multi-party protocols for both the semi-honest and malicious cases. In the two-party setting, we prove that the problem can be solved in a number of rounds that is logarithmic in k, where each round requires communication and computation cost that is linear in b, the number of bits needed to describe each element of the input data. In the multi-party setting, we prove that the number of rounds is linear in b, where each round has overhead proportional to b multiplied by the number of parties. The multi-party protocol can be used in the two-party case. The overhead introduced by our protocols closely match the communication complexity lower bound. Our protocols can handle a malicious adversary via simple consistency checks.

KW - Kth-ranked element

KW - Malicious adversary

KW - Median

KW - Secure function evaluation

KW - Secure multi-party computation

KW - Semi-honest adversary

UR - http://www.scopus.com/inward/record.url?scp=77954757073&partnerID=8YFLogxK

U2 - 10.1007/s00145-010-9059-9

DO - 10.1007/s00145-010-9059-9

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:77954757073

SN - 0933-2790

VL - 23

SP - 373

EP - 401

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 3

ER -

Secure computation of the median (and other elements of specified ranks)

Abstract

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this