Smile
  Secure Computation with Sublinear Amortized Work for Random Access Machines
joint work with Dov Gordon, Jonathan Katz, Vladimir Kolesnikov, Tal Malkin, Yevgeniy Vahlis
 

Motivation: Traditional approaches to secure computation begin by representing the function f being computed as a circuit. For any function f that depends on each of its inputs, this implies a protocol with complexity at least linear in the input size. In fact, linear running time is inherent for secure computation of non-trivial functions, since each party must ``touch'' every bit of their input lest information about other party's input be leaked. This seems to rule out many interesting applications of secure computation in scenarios where at least one of the inputs is huge and sublinear-time algorithms can be utilized in the insecure setting; private database search is a prime example. In this work we ask the question whether this gap between the efficiency of insecure and secure algorithms for the same task can be bridged, i.e. whether we can have a protocol with sublinear computation complexity in the size of its inputs.

Results: We develop an approach to secure two-party computation that yields sublinear-time protocols, in an amortized sense, for functions that can be computed in sublinear time on a random access machine (RAM). Furthermore, a party whose input is ``small'' is required to maintain only small state. We provide a generic protocol that achieves the claimed complexity, based on any oblivious RAM and any protocol for secure two-party computation. We then present an optimized version of this protocol, where generic secure two-party computation is used only for evaluating a small number of simple operations. For our optimized construction we use the ORAM protocol introduced by Ostrovsky et al. [GO'96] and Yao two party computation. For the purposes of our protocols we also introduce the notion of shared oblivious PRF (soPRF) where the input message, the key and the output PRF value are shared between two parties, and give a construction based on the oblivious PRF of [FIPR'05].

 

Resources:

  • Paper, CCS 2012
  • Short Paper
  •