Secure Computation with Sublinear Amortized Work
نویسندگان
چکیده
Traditional approaches to secure computation begin by representing the function f being computed as a circuit. For any function f that depends on each of its inputs, this implies a protocol with complexity at least linear in the input size. In fact, linear running time is inherent for secure computation of non-trivial functions, since each party must “touch” every bit of their input lest information about other party’s input be leaked. This seems to rule out many interesting applications of secure computation in scenarios where at least one of the inputs is huge and sublinear-time algorithms can be utilized in the insecure setting; private database search is a prime example. We present an approach to secure two-party computation that yields sublinear-time protocols, in an amortized sense, for functions that can be computed in sublinear time on a random access machine (RAM). Furthermore, a party whose input is “small” is required to maintain only small state. We provide a generic protocol that achieves the claimed complexity, based on any oblivious RAM and any protocol for secure two-party computation. We then present an optimized version of this protocol, where generic secure two-party computation is used only for evaluating a small number of simple operations.
منابع مشابه
Amortized Sublinear Secure Multi Party Computation
We study the problem of secure two-party and multi-party computation in a setting where some of the participating parties hold very large inputs. Such settings increasingly appear when participants wish to securely query a database server, a typical situation in cloud related applications. Classic results in secure computation require work that grows linearly with the size of the input, while i...
متن کاملSublinear Zero-Knowledge Arguments for RAM Programs
We describe a new succinct zero-knowledge argument protocol with the following properties. The prover commits to a large dataset M , and can thereafter prove many statements of the form ∃w : Ri(M,w) = 1, where Ri is a public function. The protocol is succinct in the sense that the cost for the verifier (in computation & communication) does not depend on |M |, not even in any initialization phas...
متن کاملSecure Message Transmission by Public Discussion: A Brief Survey
In the problem of Secure Message Transmission in the public discussion model (SMT-PD), a Sender wants to send a message to a Receiver privately and reliably. Sender and Receiver are connected by n channels, up to t < n of which may be maliciously controlled by a computationally unbounded adversary, as well as one public channel, which is reliable but not private. The SMT-PD abstraction has been...
متن کاملPrivate Branching Programs: On Communication-Efficient Cryptocomputing
We polish a recent cryptocomputing method of Ishai and Paskin from TCC 2007. More precisely, we show that every function can be cryptocomputed in communication, linear in the product of client’s input length and the length of the branching program, and computation, linear in the size of the branching program that computes it. The method is based on the existence of a communication-efficient (2,...
متن کاملFaster Secure Two-Party Computation in the Single-Execution Setting
We propose a new protocol for two-party computation, secure against malicious adversaries, that is significantly faster than prior work in the single-execution setting (i.e., non-amortized and with no preprocessing). In particular, for computational security parameter κ and statistical security parameter ρ, our protocol uses only ρ garbled circuits and O(κ) public-key operations, whereas previo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2011 شماره
صفحات -
تاریخ انتشار 2011