Paper 2024/1048

Distributional Secure Merge

Gayathri Garimella, Brown University
Srinivasan Raghuramam, Visa (United States), Massachusetts Institute of Technology
Peter Rindal, Visa (United States)
Abstract

Secure merge refers to the problem of merging two sorted lists. The problem appears in different settings where each list is held by one of two parties, or the lists are themselves shared among two or more parties. The output of a secure merge protocol is secret shared. Each variant of the problem offers many useful applications. The difficulty in designing secure merge protocols vis-a-vis insecure merge protocols (which work in linear time with a single pass over the lists) has to do with operations having to be oblivious or data-independent. In particular, the protocol cannot leak the positions of items of each list in the final merged list. On account of this, sorting-based secure merge protocols have been a common solution to the problem. However, as they introduce (poly)logarithmic overheads, there has been active investigation into the task of building (near) linear time secure merge protocols. Most recently, Hemenway et al. put forth a protocol for secure merge that does achieve linear communication and computation and a round complexity of $O({\log\log n})$, where $n$ is the length of the lists being merged. While this shows the feasibility of a linear time secure merge, it still leaves room for the design of a concretely efficient linear time secure merge. In this work, we consider a relaxation of the problem where the lists are uniformly random. We show a secure merge protocol for uniformly random lists that achieves $O({n\log\log n})$, i.e., near linear communication and computation and a round complexity of $O({\log\log n})$, where $n$ is the length of the lists being merged. Our protocol design is general and can be instantiated in a variety of settings so long as the building blocks (basic ones such as comparisons and shuffles) can be realized in said settings. Although we do not achieve the same asymptotic guarantees as Hemenway et al., our work is concretely efficient. We implement our protocol and compare it to the state of the art sorting protocols and demonstrate an order of magnitude improvement in running times and communication for lists of size of $2^{20}$. We also extend our protocol to work for lists sampled from arbitrary distributions. In particular, when the lists are (close to) identically distributed, we achieve the same efficiency as uniform lists. This immediately improve the performance of many crucial applications including PSI & Secure Join, thus illustrating the significance and applicability of our protocol in practice.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Secure MergeMPC
Contact author(s)
peterrindal @ gmail com
History
2024-06-28: approved
2024-06-27: received
See all versions
Short URL
https://ia.cr/2024/1048
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX 

@misc{cryptoeprint:2024/1048,
      author = {Gayathri Garimella and Srinivasan Raghuramam and Peter Rindal},
      title = {Distributional Secure Merge},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1048},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/1048}},
      url = {https://eprint.iacr.org/2024/1048}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.