### Rate-Limited Secure Function Evaluation

Özgür Dagdelen, Payman Mohassel, and Daniele Venturi

##### Abstract

We introduce the notion of rate-limited secure function evaluation (RL-SFE). Loosely speaking, in an RL-SFE protocol participants can monitor and limit the number of distinct inputs (i.e., rate) used by their counterparts in multiple executions of an SFE, in a private and verifiable manner. The need for RL-SFE naturally arises in a variety of scenarios: e.g., it enables service providers to meter'' their customers' usage without compromising their privacy, or can be used to prevent oracle attacks against SFE constructions. We consider three variants of RL-SFE providing different levels of security. As a stepping stone, we also formalize the notion of commit-first SFE (cf-SFE) wherein parties are committed to their inputs before each SFE execution. We provide compilers for transforming any cf-SFE protocol into each of the three RL-SFE variants. Our compilers are accompanied with simulation-based proofs of security in the standard model and show a clear tradeoff between the level of security offered and the overhead required. Moreover, motivated by the fact that in many client-server applications clients do not keep state, we also describe a general approach for transforming the resulting RL-SFE protocols into stateless ones. As a case study, we take a closer look at the oblivious polynomial evaluation (OPE) protocol of Hazay and Lindell, show that it is commit-first and instantiate efficient rate-limited variants of it.

Note: Full version.

Available format(s)
Category
Foundations
Publication info
A major revision of an IACR publication in PKC 2013
Keywords
secure function evaluationsecure meteringoracle attacksoblivious polynomial evaluation
Contact author(s)
oezguer dagdelen @ cased de
History
2016-03-10: last of 2 revisions
See all versions
Short URL
https://ia.cr/2013/021

CC BY

BibTeX

@misc{cryptoeprint:2013/021,
author = {Özgür Dagdelen and Payman Mohassel and Daniele Venturi},
title = {Rate-Limited Secure Function Evaluation},
howpublished = {Cryptology ePrint Archive, Paper 2013/021},
year = {2013},
note = {\url{https://eprint.iacr.org/2013/021}},
url = {https://eprint.iacr.org/2013/021}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.