In [12] a private approximation of a function f is defined to be another function F that approximates f in the usual sense, but does not reveal any information about x other than what can be deduced from f(x). We give the first two-party private approximation of the l2 distance with polylogarithmic communication. This, in particular, resolves the main open question of [12]. We then look at the private near neighbor problem in which Alice has a query point in {0, 1} d and Bob a set of n points in {0, 1} d, and Alice should privately learn the point closest to her query. We improve upon existing protocols, resolving open questions of [13, 10]. Then, we relax the problem by defining the private approximate near neighbor problem, which requires introducing a notion of secure computation of approximations for functions that return sets of points rather than values. For this problem we give several protocols with sublinear communication.

Abstract. We present new protocols for secure distributed constraint satisfaction problems (DisCSPs). The presented protocols are the first to enable an oblivious use of advanced search techniques heuristics. The first protocol is a centralized protocol, where two of the agents collect ‘encrypted’ data from all other parties, and obliviously perform a search algorithm. Our protocol improves on the previous solution of [YKH05] in several ways: It does not require introducing new agents into the protocol; it enables the use of non-trivial search techniques such as backjumping and ordering heuristics of variables and values; and, it completely eliminates information leakage to all agents. Our second protocol makes the first steps toward a feasible distributed secured protocol for solving DisCSPs. Our protocol enables agents to concurrently perform non sequential (asynchronous) algorithms. It forms an alternative network, whose nodes are small groups (e.g. pairs) of agents, that is generated from the original DisCSP. Each node group obliviously performs the roles of all its members in the search algorithm. We also identify the communication pattern of the protocol as a possible leakage source, and suggest how to eliminate this leakage. Finally, we discuss a hybrid solution that combines the centralized and distributed protocols and reduces the total communication cost. 1

Human Desoxyribo-Nucleic Acid (DNA) sequences offer a wealth of information that reveal, among others, predisposition to various diseases and paternity relations. The breadth and personalized nature of this information highlights the need for privacy-preserving protocols. In this paper, we present a new error-resilient privacy-preserving string searching protocol that is suitable for running private DNA queries. This protocol checks if a short template (e.g., a string that describes a mutation leading to a disease), known to one party, is present inside a DNA sequence owned by another party, accounting for possible errors and without disclosing to each party the other party’s input. Each query is formulated as a regular expression over a finite alphabet and implemented as an automaton. As the main technical contribution, we provide a protocol that allows to execute any finite state machine in an oblivious manner, requiring a communication complexity which is linear both in the number of states and the length of the input string. Categories and Subject Descriptors

The algorithms we propose here are simple but our contribution consists in identifying the simple guidelines required for a high level of privacy. Achieving the highest level of privacy for secrets used in a distributed computation implies that the distributed computation (steps) should be independent of the value of these secrets. When the expected answer of a constraint satisfaction solver is either a solution or no solution, then the previous assumption leads to algorithms that take always the computation time of the worst case. This is particularly disturbing for such NP-hard problems. In this work we start from the observation that sometimes (specially for hard problems) users find it acceptable to receive as result not only a solution or the answer no solution but also a failure with meaning don’t know, or solutions proven optimal only within a subset of the problem space. More exactly, users accept incomplete solvers. It is argued in (Silaghi 2005b) that, for certain problems, privacy reasons lead users to prefer having an answer meaning don’t know even when the secure multi-party computation could have proven no solution (to avoid revealing that all alternatives are infeasible). While the solution proposed there is slower than complete algorithms, here we show secure incomplete solutions that are faster than complete solvers, allowing to address larger problem instances. We show that one can build time-aware instances where given a known amount of available time, we obtain an incomplete solver terminating in that time and offering a very high degree of privacy, namely nonuniform requested t-privacy.

In this paper we survey the notion of Single-Database Private Information Retrieval (PIR). The first Single-Database PIR was constructed in 1997 by Kushilevitz and Ostrovsky and since then Single-Database PIR has emerged as an important cryptographic primitive. For example, Single-Database PIR turned out to be intimately connected to collision-resistant hash functions, oblivious transfer and public-key encryptions with additional properties. In this survey, we give an overview of many of the constructions for Single-Database PIR (including an abstract construction based upon homomorphic encryption) and describe some of the connections of PIR to other primitives.

In the private matching problem, a client and a server each hold a set of n input elements. The client wants to privately compute the intersection of these two sets: he learns which elements he has in common with the server (and nothing more), while the server gains no information at all. In certain applications it would be useful to have a fuzzy private matching protocol that reports a match even if two elements are only similar instead of equal. We consider this fuzzy private matching problem, in a semi-honest environment. First we show that the original solution proposed by Freedman et al. [9] is incorrect. Subsequently we present two fuzzy private matching protocols. The first, simple, protocol has a large bit message complexity. The second protocol improves this, but here the client incurs a O(n) factor time complexity. 1

We provide algorithms guaranteeing high levels of privacy by computing uniformly random solutions to stable marriages problems. We also provide efficient algorithms extracting a nonuniformly random solution and guaranteeing t-privacy for any threshold t. The most private solution is expensive and is based on a distributed /shared CSP model of the problem. The most efficient version is based on running the Gale-Shapley algorithm after shuffling the men (or women) in the shared secret description of the problem. We introduce an efficient arithmetic circuit for the Gale-Shapley algorithm that can employ a cryptographic primitive we propose for vector access with an arbitrary number of participants.

We propose cryptographic primitives for reading and assigning the (shared) secret found at a secret index in a vector of secrets. The problem can also be solved in constant round with existing general techniques based on arithmetic circuits and the "equality test" in [4]. However the proposed technique requires to exchange less bits. The proposed primitives require a number of rounds that is independent of the size N of the vector, and only depends (linearly) on the number t of computing servers. A previously known primitive for reading a vector at a secret index works only for 2party computations. Our primitives work for any number of computing participants/servers.