## Secure computation with fixed-point numbers (2010)

Venue: | In Financial Cryptography and Data Security. LNCS |

Citations: | 10 - 2 self |

### BibTeX

@INPROCEEDINGS{Catrina10securecomputation,

author = {Octavian Catrina and Amitabh Saxena},

title = {Secure computation with fixed-point numbers},

booktitle = {In Financial Cryptography and Data Security. LNCS},

year = {2010}

}

### OpenURL

### Abstract

Abstract. Securecomputationisapromisingapproachtobusinessproblems in which several parties want to run a joint application and cannot reveal their inputs. Secure computation preserves the privacy of input data using cryptographic protocols, allowing the parties to obtain the benefits of data sharing and at the same time avoid the associated risks. These business applications need protocols that support all the primitive data types and allow secure protocol composition and efficient application development. Secure computation with rational numbers has been a challenging problem. We present in this paper a family of protocols for multiparty computation with rational numbers using fixed-point representation. This approach offers more efficient solutions for secure computation than other usual representations.

### Citations

122 | General secure multi-party computation from any linear scheme
- Cramer, Damg˚ard, et al.
- 2000
(Show Context)
Citation Context ...se protocols, including a more efficient solution for bit decomposition. Related Work. We use standard techniques for constructing multiparty computation protocols based on secret sharing, similar to =-=[7,8,19,6]-=-. However, the solutions presented in [8,19] aim at providing perfect privacy and constant round complexity, while our goal is to obtain efficient protocols for secure computation with fixed-point num... |

49 | Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products
- Algesheimer, Camenisch, et al.
- 2002
(Show Context)
Citation Context ...er only partial solutions. The division protocol in [15] was designed for two-party computation of statistics and relies on a particular structure of the inputs. The multiparty reciprocal protocol in =-=[1]-=- is restricted to positive integers with known range, 2 k−1 ≤ x < 2 k . This approach based on the Newton-Raphson method (and its extension to division in [14]) is closer to ours. However, our goal is... |

36 |
Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation
- Damg˚ard, Fitzi, et al.
- 2006
(Show Context)
Citation Context ...se protocols, including a more efficient solution for bit decomposition. Related Work. We use standard techniques for constructing multiparty computation protocols based on secret sharing, similar to =-=[7,8,19,6]-=-. However, the solutions presented in [8,19] aim at providing perfect privacy and constant round complexity, while our goal is to obtain efficient protocols for secure computation with fixed-point num... |

24 | Private collaborative forecasting and benchmarking
- Atallah, Bykova, et al.
- 2004
(Show Context)
Citation Context ...te data. Solutions based on secure computation have been studied for various business problems, including privacy-preserving supply chain planning [2], different types of auctions [9,4], benchmarking =-=[3]-=-, and collaborative linear programming [20]. A basic requirement of these applications is a protocol family that provides operations with all primitive data types and allows secure protocol compositio... |

21 |
A practical implementation of secure auctions based on multiparty integer computation,” in Financial Cryptography
- Bogetoft, Damg˚ard, et al.
- 2006
(Show Context)
Citation Context ... of disclosing private data. Solutions based on secure computation have been studied for various business problems, including privacy-preserving supply chain planning [2], different types of auctions =-=[9,4]-=-, benchmarking [3], and collaborative linear programming [20]. A basic requirement of these applications is a protocol family that provides operations with all primitive data types and allows secure p... |

19 | Share conversion, pseudorandom secret-sharing and applications to secure computation
- Cramer, Damg˚ard, et al.
- 2005
(Show Context)
Citation Context ...se protocols, including a more efficient solution for bit decomposition. Related Work. We use standard techniques for constructing multiparty computation protocols based on secret sharing, similar to =-=[7,8,19,6]-=-. However, the solutions presented in [8,19] aim at providing perfect privacy and constant round complexity, while our goal is to obtain efficient protocols for secure computation with fixed-point num... |

16 | Secure computation of the mean and related statistics
- Kiltz, Leander, et al.
- 2005
(Show Context)
Citation Context ...field (or ring) elements, binaryvalues,andintegers.Protocolsforsecuredivision(themostcomplextask) were developed for particular applications and offer only partial solutions. The division protocol in =-=[15]-=- was designed for two-party computation of statistics and relies on a particular structure of the inputs. The multiparty reciprocal protocol in [1] is restricted to positive integers with known range,... |

14 |
Multiparty computation for interval, equality, and comparison without bit-decomposition protocol
- Nishide, Ohta
- 2007
(Show Context)
Citation Context ... k and m, where ā ∈ Z 〈k〉 and 0 < m ≤ k. The output is an array of shared bits equal to the m least significant bits of the 2’s complement binary representation of ā. The protocol follows the idea in =-=[8,18,19]-=- for bit decomposition of Zq elements, but offers a more efficient solution for bounded integers and statistical privacy. Protocol 2.1 extracts m bits in log(m)+3 rounds with mlog(m)+2m+1 invocations,... |

13 | How to obtain full privacy in auctions
- Brandt
(Show Context)
Citation Context ... of disclosing private data. Solutions based on secure computation have been studied for various business problems, including privacy-preserving supply chain planning [2], different types of auctions =-=[9,4]-=-, benchmarking [3], and collaborative linear programming [20]. A basic requirement of these applications is a protocol family that provides operations with all primitive data types and allows secure p... |

13 | Efficient initial approximation for multiplicative division and square root by a multiplication with operand modification
- Ito, Takagi, et al.
- 1997
(Show Context)
Citation Context ...l bits) [12]. This approximation offers sufficient accuracy for our purposes and can be computed without interaction for secret c. More accurate initial approximations can be obtained by table lookup =-=[17]-=-. For example, a piece-wise linear approximation using a table with 2 k entries offers initial approximations with accuracy of 2k+2 bits. A reciprocal with 64bit accuracy can thus be computed in 2 ite... |

11 | Primitives and Applications for Multi-party Computation
- Toft
- 2007
(Show Context)
Citation Context |

8 | Non-interactive proofs for integer multiplication
- Damg˚ard, Thorbek
- 2007
(Show Context)
Citation Context ...m Replicated Secret Sharing (PRSS) [6] to generate without interaction shared random values in F with uniform distribution and random sharings of zero. Also, we use the integer variant of PRSS (RISS) =-=[10]-=- to generate shared random integers in a given interval, and the ideas in [11] for bit-share conversions (e.g., BitF2MtoZQ converts bit shares from F28 to Zq). To enable these techniques, we assume in... |

6 | Efficient conversion of secret-shared values between different fields. ePrint Archive Report 2008/221
- Damg˚ard, Thorbek
- 2008
(Show Context)
Citation Context ...random values in F with uniform distribution and random sharings of zero. Also, we use the integer variant of PRSS (RISS) [10] to generate shared random integers in a given interval, and the ideas in =-=[11]-=- for bit-share conversions (e.g., BitF2MtoZQ converts bit shares from F28 to Zq). To enable these techniques, we assume in the remainder of the paper that numbers are encoded in Zq as specified in Sec... |

6 | Cryptocomputing with rationals
- Fouque, Stern, et al.
- 2002
(Show Context)
Citation Context ...uncation protocol in [1] has absolute error |δ| ≤ n+1, where n is the number of parties. Secure computation with rational numbers has been a challenging problem. An interesting method was proposed in =-=[13]-=- for addition and multiplication of rational numbers using Paillier homomorphic encryption. This method works only for a limited number of consecutive operations (without decryption), depending on the... |

4 |
Solving linear programs using multiparty computation
- Toft
- 2009
(Show Context)
Citation Context ...tion have been studied for various business problems, including privacy-preserving supply chain planning [2], different types of auctions [9,4], benchmarking [3], and collaborative linear programming =-=[20]-=-. A basic requirement of these applications is a protocol family that provides operations with all primitive data types and allows secure protocol compositionand efficient application development. Th... |

2 |
Multiparty computation of fixed-point multiplication and reciprocal
- Catrina, Dragulin
- 2009
(Show Context)
Citation Context ...entation does not have such limitations and offers a complete protocol family for arithmetic and comparison. Protocols for multiplication and reciprocal of fixed-point numbers were first presented in =-=[5]-=-, together with two more general building blocks, reduction modulo 2 m and division by 2 m with rounding down. The fixed-point arithmetic solutions in this paper are more efficient and accurate. 2 Pre... |

1 |
SoftwareDivision and Square Root Using Goldschmidt’s Algorithms
- Markstein
- 2004
(Show Context)
Citation Context ...oth methods. We present in this paper a protocol based on Goldschmidt’s method that offers better efficiency (for similar accuracy). Goldschmidt’s method for computing a/b can be described as follows =-=[16]-=-. Let w0 be an initial approximation of 1/b with relative error ǫ0 < 1, and let a0 = a, b0 = b. For i ≥ 1 the algorithm computes: ai = ai−1wi−1, bi = bi−1wi−1, wi = 2−bi. Denote ri = ∏ i j=0 wj and ob... |