Hiccups on the road to privacy-preserving linear programming
Proceedings of the 8th ACM workshop on Privacy in the electronic society
Improved primitives for secure multiparty integer computation
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Secure multiparty linear programming using fixed-point arithmetic
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Leakage quantification of cryptographic operations
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Sub-linear, secure comparison with two non-colluding parties
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Secure computation with fixed-point numbers
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
On the (Im)possibility of privately outsourcing linear programming
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
Solving linear programming (LP) problems can be used to solve many different types of problems. Immediate examples include certain types of auctions as well as benchmarking. However, the input data may originate from different, mistrusting sources, which implies the need for a privacy preserving solution.We present a protocol solving this problem using black-box access to secure modulo arithmetic. The solution can be instantiated in various settings: Adversaries may be both active and adaptive, but passive and/or static ones can be employed, e.g. for efficiency reasons. Perfect security can be obtained in the information theoretic setting (up to 1/3 corruptions), while corruption-of-all-but-one is possible in the cryptographic setting. The latter allows a two-party protocol.The solution is based on the well known simplex method. Letting n denote the number of initial variables and m the number of constraints, each pivot requires only $\mathcal{O}({\rm loglog}(m))$ rounds in which $\mathcal{O}(m(m+ n))$ multiplication protocols and $\mathcal{O}(m+n)$ comparison protocols are invoked; this is equivalent to the base-algorithm. A constant-rounds variation is also possible, this increases the number of comparisons to $\mathcal{O}(m^2+n)$.