Results 1 
5 of
5
NearOptimal Private Approximation Protocols via a Black Box Transformation
"... We show the following transformation: any twoparty protocol for outputting a (1 + ε)approximation to f(x, y) = n j=1 g(xj, yj) with probability at least 2/3, for any nonnegative efficienty computable function g, can be transformed into a twoparty private approximation protocol with only a polylo ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
We show the following transformation: any twoparty protocol for outputting a (1 + ε)approximation to f(x, y) = n j=1 g(xj, yj) with probability at least 2/3, for any nonnegative efficienty computable function g, can be transformed into a twoparty private approximation protocol with only a polylogarithmic factor loss in communication, computation, and round complexity. In general it is insufficient to use secure function evaluation or fully homomorphic encryption on a standard, nonprivate protocol for approximating f. This is because the approximation may reveal information about x and y that does not follow from f(x, y). Applying our transformation and variations of it, we obtain nearoptimal private approximation protocols for a wide range of problems in the data stream literature for which previously nothing was known. We give nearoptimal private approximation protocols for the ℓpdistance for every p ≥ 0, for the heavy hitters and importance sampling problems with respect to any ℓpnorm, for the maxdominance and other dominant ℓpnorms, for the distinct summation problem, for entropy, for cascaded frequency moments, for subspace approximation and block sampling, and for measuring independence of datasets. Using a result for data streams, we obtain private approximation protocols with polylogarithmic communication for every nondecreasing and symmetric function g(xj, yj) = h(xj − yj) with at most quadratic growth. If the original (nonprivate) protocol is a simultaneous protocol, e.g., a sketching algorithm, then our only cryptographic assumption is efficient symmetric computationallyprivate information retrieval; otherwise it is fully homomorphic encryption. For all but one of these problems, the original protocol is a sketching algorithm. Our protocols generalize straightforwardly to more than two parties.
MultiParty Indirect Indexing and Applications
, 2007
"... We develop a new multiparty generalization of NaorNissim indirect indexing, making it possible for many participants to simulate a RAM machine with only polylogarithmic blowup. Our most efficient instantiation (built from lengthflexible additively homomorphic public key encryption) improves t ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We develop a new multiparty generalization of NaorNissim indirect indexing, making it possible for many participants to simulate a RAM machine with only polylogarithmic blowup. Our most efficient instantiation (built from lengthflexible additively homomorphic public key encryption) improves the communication complexity of secure multiparty computation for a number of problems in the literature. Underlying our approach is a new multiparty variant of oblivious transfer which may be of independent interest.
CommunicationEfficient Private Protocols for Longest Common Subsequence
, 2009
"... We design communication efficient twoparty and multiparty protocols for the longest common subsequence (LCS) and related problems. Our protocols achieve privacy with respect to passive adversaries, under reasonable cryptographic assumptions. We benefit from the somewhat surprising interplay of an ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We design communication efficient twoparty and multiparty protocols for the longest common subsequence (LCS) and related problems. Our protocols achieve privacy with respect to passive adversaries, under reasonable cryptographic assumptions. We benefit from the somewhat surprising interplay of an efficient blockretrieval PIR (GentryRamzan, ICALP 2005) with the classic “four Russians” algorithmic design. This result is the first improvement to the communication complexity for this application over generic results (such as Yao’s garbled circuit protocol) and, as such, is interesting as a contribution to the theory of communication efficiency for secure twoparty and multiparty applications.
Max{stable sketches: estimation of `®¡norms, dominance norms and point queries for non{negative signals
, 2006
"... Let f: f1; 2; : : : ; Ng! [0;1) be a non{negative signal, de¯ned over a very large domain and suppose that we want to be able to address approximate aggregate queries or point queries about f. To answer queries about f, we introduce a new type of random sketches called max{stable sketches. The (idea ..."
Abstract
 Add to MetaCart
Let f: f1; 2; : : : ; Ng! [0;1) be a non{negative signal, de¯ned over a very large domain and suppose that we want to be able to address approximate aggregate queries or point queries about f. To answer queries about f, we introduce a new type of random sketches called max{stable sketches. The (ideal precision) max{stable sketch of f, Ej(f); 1 · j · K, is de¯ned as: Ej(f): = max 1·i·N f(i)Zj(i); 1 · j · K; where the KN random variables Zj(i)'s are independent with standard ®¡Fr¶echet distribution, that is, PfZj(i) · xg = expf¡x¡®g; x> 0, where ® is an arbitrary positive parameter. Max{stable sketches are particularly natural when dealing with maximally updated data streams, logs of record events and dominance norms or relations between large signals. By using only max{stable sketches of relatively small size K << N, we can compute in small space and time: (i) the `®¡norm, ®> 0, of the signal (ii) the distance