Paper 2022/590

Secure Merge in Linear Time and O(log log N) Rounds

Mark Blunk, Stealth Software Technologies, Inc.
Paul Bunn, Stealth Software Technologies, Inc.
Samuel Dittmer, Stealth Software Technologies, Inc.
Steve Lu, Stealth Software Technologies, Inc.
Rafail Ostrovsky, University of California, Los Angeles
Abstract

The problem of Secure Merge consists of combining two sorted lists (which are either held separately by two parties, or secret-shared among two or more parties), and outputting a single merged (sorted) list, secret-shared among all parties. Just as insecure algorithms for comparison-based sorting are slower than merging (i.e., for lists of size $n$, $\Theta(n \log n)$ versus $\Theta(n)$), we explore whether the analogous separation exists for secure protocols; namely, if there exist techniques for performing secure merge that are more performant than simply invoking a secure multiparty sort. We answer this question affirmatively by constructing a semi-honest protocol with optimal $\Theta(n)$ communication and computation, and $\Theta(\log \log n)$ rounds of communication. Our results are based solely on black-box use of basic secure primitives, such as secure comparison and secure shuffle. Since two-party secure primitives require computational assumptions, while three-party secure primitive do not, our result imply a computationally secure two-party secure merge protocol and an information-theoretically secure three-party secure merge protocol with these bounds. Secure sort is a fundamental building block used in many MPC protocols, e.g., various private set intersection protocols and oblivious RAM protocols. More efficient secure sort can lead to concrete improvements in the overall run-time. Since secure sort can often be replaced by secure merge -- since inputs (from different participating players) can be presorted -- an efficient secure merge protocol has wide applicability. There are also a range of applications in the field of secure databases, including secure database joins, as well as updatable database storage and search, whereby secure merge can be used to insert new entries into an existing (sorted) database. In building our secure merge protocol, we develop several subprotocols that may be of independent interest. For example, we develop a protocol for secure asymmetric merge (where one list is much larger than the other).

Note: Revised for readability and clarity of exposition.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Secure MergeSecure SortSecure DatabasePrivate Set Intersection.
Contact author(s)
mark @ stealthsoftwareinc com
paul @ stealthsoftwareinc com
sam @ stealthsoftwareinc com
steve @ stealthsoftwareinc com
rafail @ cs ucla edu
History
2024-02-04: revised
2022-05-17: received
See all versions
Short URL
https://ia.cr/2022/590
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/590,
      author = {Mark Blunk and Paul Bunn and Samuel Dittmer and Steve Lu and Rafail Ostrovsky},
      title = {Secure Merge in Linear Time and O(log log N) Rounds},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/590},
      year = {2022},
      url = {https://eprint.iacr.org/2022/590}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.