Results 1  10
of
43
Privacypreserving set operations
 in Advances in Cryptology  CRYPTO 2005, LNCS
, 2005
"... In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no part ..."
Abstract

Cited by 161 (0 self)
 Add to MetaCart
In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no party learns more information about other parties ’ private input sets than what can be deduced from the result. In this paper, we propose efficient techniques for privacypreserving operations on multisets. By employing the mathematical properties of polynomials, we build a framework of efficient, secure, and composable multiset operations: the union, intersection, and element reduction operations. We apply these techniques to a wide range of practical problems, achieving more efficient results than those of previous work.
Efficient privacypreserving face recognition
, 2009
"... Automatic recognition of human faces is becoming increasingly popular in civilian and law enforcement applications that require reliable recognition of humans. However, the rapid improvement and widespread deployment of this technology raises strong concerns regarding the violation of individuals ’ ..."
Abstract

Cited by 76 (6 self)
 Add to MetaCart
Automatic recognition of human faces is becoming increasingly popular in civilian and law enforcement applications that require reliable recognition of humans. However, the rapid improvement and widespread deployment of this technology raises strong concerns regarding the violation of individuals ’ privacy. A typical application scenario for privacypreserving face recognition concerns a client who privately searches for a specific face image in the face image database of a server. In this paper we present a privacypreserving face recognition scheme that substantially improves over previous work in terms of communicationand computation efficiency: the most recent proposal of Erkin et al. (PETS’09) requires O(log M) rounds and computationally expensive operations on homomorphically encrypted data to recognize a face in a database of M faces. Our improved scheme requires only O(1) rounds and has a substantially smaller online communication complexity (by a factor of 15 for each database entry) and less computation complexity. Our solution is based on known cryptographic building blocks combining homomorphic encryption with garbled circuits. Our implementation results show the practicality of our scheme also for large databases (e.g., for M = 1000 we need less than 13 seconds and less than 4 MByte online communication on two 2.4GHz PCs connected via Gigabit Ethernet).
Efficient TwoParty Secure Computation on Committed Inputs
 In EUROCRYPT
, 2007
"... Abstract. We present an efficient construction of Yao’s “garbled circuits ” protocol for securely computing any twoparty circuit on committed inputs. The protocol is secure in a universally composable way in the presence of malicious adversaries under the decisional composite residuosity (DCR) and ..."
Abstract

Cited by 60 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present an efficient construction of Yao’s “garbled circuits ” protocol for securely computing any twoparty circuit on committed inputs. The protocol is secure in a universally composable way in the presence of malicious adversaries under the decisional composite residuosity (DCR) and strong RSA assumptions, in the common reference string model. The protocol requires a constant number of rounds (fourfive in the standard model, twothree in the random oracle model, depending on whether both parties receive the output), O(C) modular exponentiations per player, and a bandwidth of O(C) group elements, where C  is the size of the computed circuit. Our technical tools are of independent interest. We propose a homomorphic, semantically secure variant of the CamenischShoup verifiable cryptosystem, which uses shorter keys, is unambiguous (it is infeasible to generate two keys which successfully decrypt the same ciphertext), and allows efficient proofs that a committed plaintext is encrypted under a committed key. Our second tool is a practical fourround (tworound in ROM) protocol for committed oblivious transfer on strings (stringCOT) secure against malicious participants. The stringCOT protocol takes a few exponentiations per player, and is UCsecure under the DCR assumption in the common reference string model. Previous protocols of comparable efficiency achieved either committed OT on bits, or standard (noncommitted) OT on strings. 1
Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima
 In Cryptology and Network Security (CANS
, 2009
"... Abstract. We consider generic Garbled Circuit (GC)based techniques for Secure Function Evaluation (SFE) in the semihonest model. We describe efficient GC constructions for addition, subtraction, multiplication, and comparison functions. Our circuits for subtraction and comparison are approximately ..."
Abstract

Cited by 56 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We consider generic Garbled Circuit (GC)based techniques for Secure Function Evaluation (SFE) in the semihonest model. We describe efficient GC constructions for addition, subtraction, multiplication, and comparison functions. Our circuits for subtraction and comparison are approximately two times smaller (in terms of garbled tables) than previous constructions. This implies corresponding computation and communication improvements in SFE of functions using our efficient building blocks. The techniques rely on recently proposed “free XOR ” GC technique. Further, we present concrete and detailed improved GC protocols for the problem of secure integer comparison, and related problems of auctions, minimum selection, and minimal distance. Performance improvement comes both from building on our efficient basic blocks and several problemspecific GC optimizations. We provide precise cost evaluation of our constructions, which serves as a baseline for future protocols.
Location privacy via private proximity testing
 In NDSS
, 2011
"... We study privacypreserving tests for proximity: Alice can test if she is close to Bob without either party revealing any other information about their location. We describe several secure protocols that support private proximity testing at various levels of granularity. We study the use of “locatio ..."
Abstract

Cited by 53 (1 self)
 Add to MetaCart
(Show Context)
We study privacypreserving tests for proximity: Alice can test if she is close to Bob without either party revealing any other information about their location. We describe several secure protocols that support private proximity testing at various levels of granularity. We study the use of “location tags ” generated from the physical environment in order to strengthen the security of proximity testing. We implemented our system on the Android platform and report on its effectiveness. Our system uses a social network (Facebook) to manage user public keys. 1
Secure evaluation of private linear branching programs with medical applications
, 2009
"... Diagnostic and classification algorithms play an important role in data analysis, with applications in areas such as health care, fault diagnostics, or benchmarking. Branching programs (BP) is a popular representation model for describing the underlying classification/diagnostics algorithms. Typical ..."
Abstract

Cited by 32 (14 self)
 Add to MetaCart
(Show Context)
Diagnostic and classification algorithms play an important role in data analysis, with applications in areas such as health care, fault diagnostics, or benchmarking. Branching programs (BP) is a popular representation model for describing the underlying classification/diagnostics algorithms. Typical application scenarios involve a client who provides data and a service provider (server) whose diagnostic program is run on client’s data. Both parties need to keep their inputs private. We present new, more efficient privacyprotecting protocols for remote evaluation of such classification/diagnostic programs. In addition to efficiency improvements, we generalize previous solutions – we securely evaluate private linear branching programs (LBP), a useful generalization of BP that we introduce. We show practicality of our solutions: we apply our protocols to the privacypreserving classification of medical ElectroCardioGram (ECG) signals and present implementation results. Finally, we discover and fix a subtle security weakness of the most recent remote diagnostic proposal, which allowed malicious clients to learn partial information about the program.
Private and Threshold SetIntersection
 In Advances in Cryptology – CRYPTO ’05
, 2004
"... In this paper we consider the problem of privately computing the intersection of sets (setintersection), as well as several variations on this problem: cardinality setintersection, threshold setintersection, and overthreshold setintersection. Cardinality setintersection is the problem of deter ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
(Show Context)
In this paper we consider the problem of privately computing the intersection of sets (setintersection), as well as several variations on this problem: cardinality setintersection, threshold setintersection, and overthreshold setintersection. Cardinality setintersection is the problem of determining the size of the intersection set, without revealing the actual threshold set. In threshold setintersection, only the elements which appear at least a threshold number t times in the players' private inputs are revealed. Overthreshold setintersection is a variation on threshold setintersection in which not only the threshold set is revealed, but also the number of times each element in the threshold set appeared in the private inputs. We propose protocols that are more...
Testing Disjointness of Private Datasets
 In Financial Cryptography (2005
, 2005
"... Two parties, say Alice and Bob, possess two sets of elements that belong to a universe of possible values and wish to test whether these sets are disjoint or not. In this paper we consider the above problem in the setting where Alice and Bob wish to disclose no information to each other about th ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Two parties, say Alice and Bob, possess two sets of elements that belong to a universe of possible values and wish to test whether these sets are disjoint or not. In this paper we consider the above problem in the setting where Alice and Bob wish to disclose no information to each other about their sets beyond the single bit: "whether the intersection is empty or not." This problem has many applications in commercial settings where two mutually distrustful parties wish to decide with minimum possible disclosure whether there is any overlap between their private datasets. We present three protocols that solve the above problem that meet di#erent e#ciency and security objectives and data representation scenarios. Our protocols are based on Homomorphic encryption and in our security analysis, we consider the semihonest setting as well as the malicious setting. Our most e#cient construction for a large universe in terms of overall communication complexity uses a new encryption primitive that we introduce called "superposed encryption." We formalize this notion and provide a construction that may be of independent interest.
Efficient committed oblivious transfer of bit strings. Information Security
, 2007
"... Abstract. Oblivious transfer (OT) is a powerful primitive in modern cryptography, often used in a context of semihonest adversaries. Committed oblivious transfer (COT) is an enhancement involving the use of commitments, which can be used in many applications of OT covering particular malicious adv ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Oblivious transfer (OT) is a powerful primitive in modern cryptography, often used in a context of semihonest adversaries. Committed oblivious transfer (COT) is an enhancement involving the use of commitments, which can be used in many applications of OT covering particular malicious adversarial behavior. For OT, many protocols are known that cover the transfer of bit strings rather than just single bits. For COT, though, the known protocols only cover the transfer of bits. In this paper, we thus present efficient COT protocols for transferring (long) bit strings, which perform quite well in comparison to the most efficient COT protocols for bits. We prove the security of our protocols following the simulation paradigm in the cryptographic model, also assuming the random oracle model for efficient noninteractive proofs. Also, as a motivation for the use of COT instead of OT, we point out that a protocol which uses OT as a subprotocol may have subtle security issues in the presence of malicious adversaries.