Secure two-party input-size reduction: Challenges, solutions and applications

Abstract

The computation and communication costs of many secure multiparty protocols would benefit from a preprocessing that replaces large inputs with much smaller values without changing the outputs. This preprocessing is especially advantageous when its cost can be amortized over subsequent computations that all benefit from smaller inputs. The above holds for protocols based on garbled circuits, homomorphic encryption, or other techniques. Problems benefiting from such preprocessing include pattern matching, information retrieval, and sequence comparisons that depend on (in)equality of comparands. Motivated by this (in)equality-preservation requirement, we define the problem as follows: Alice’s and Bob’s inputs are their respective private sets SA and SB of large integers, and their private outputs are images of their sets under a function ρ that injectively maps SA∪SB into {0,1,…,N-1} for a small N⩾|SA|+|SB|. Alice’s (Bob’s) knowledge of this mapping on SA (SB) must reveal nothing about SB (SA). Thus, neither party should be able to learn ρ(x) for any x that is not in its private set; otherwise, s/he could exploit the small codomain of ρ to learn about the other party’s set. We formalize the problem, propose efficient and secure (semi-honest model) solutions to it, and discuss its use cases.