Efficient Private Function Evaluation

Private function evaluation (PFE) allows two or more parties to jointly compute a private function of one of the parties on the private inputs of the other parties securely. PFE can provide a viable solution in a scenario where a server holding a function that is his intellectual property or trade s...

Full description

Bibliographic Details
Main Author: Kiss, Ágnes
Format: Others
Language:en
Published: 2021
Online Access:https://tuprints.ulb.tu-darmstadt.de/17496/1/Dissertation_%C3%81gnesKiss_160221.pdf
Kiss, Ágnes <http://tuprints.ulb.tu-darmstadt.de/view/person/Kiss=3A=C1gnes=3A=3A.html> (2021): Efficient Private Function Evaluation. (Publisher's Version)Darmstadt, Technische Universität Darmstadt, DOI: 10.26083/tuprints-00017496 <https://doi.org/10.26083/tuprints-00017496>, [Ph.D. Thesis]
Description
Summary:Private function evaluation (PFE) allows two or more parties to jointly compute a private function of one of the parties on the private inputs of the other parties securely. PFE can provide a viable solution in a scenario where a server holding a function that is his intellectual property or trade secret would like to compute this function on a client’s sensitive input, in a privacy-preserving manner. In recent years, multiple approaches have been presented for PFE. These approaches are based on techniques that are used for secure function evaluation (SFE) as well, where parties jointly compute the result of a publicly known function on their private inputs while keeping their inputs private. These techniques include homomorphic encryption, garbling techniques and secret sharing. In this thesis, we present results that improve the practicality of private function evaluation where nothing about the function is revealed except its (maximum) size. The contributions are split in two parts based on the underlying function representation as follows: PFE of Boolean circuits. Boolean circuits can represent any Boolean function and are therefore generic. PFE can be realized with the secure evaluation of a so-called universal circuit (UC) that can be programmed with a set of program bits to compute any function up to a given size n. We are the first to implement asymptotically optimal UCs with size Ω(n log n) that have been proposed by Valiant (STOC’76). We improve their concrete size by providing optimizations and show that PFE with UCs is efficient for realistic circuit sizes with hundreds of thousands of gates. We identify that the bottleneck of our PFE implementations is memory consumption, and therefore, design an algorithm that utilizes only O(n) memory at each step of the protocol execution. PFE of Boolean circuits can also be realized using additively homomorphic encryption and standard SFE techniques. This linear-complexity approach was first introduced by Katz and Malka (ASIACRYPT’11). We have shown that their protocol is practical and that our optimized implementation achieves PFE with the best performance to date for circuits starting already at a few thousand gates. This part of the thesis is based on the following four publications: [KS16] Á. KISS, T. SCHNEIDER. “Valiant’s Universal Circuit is Practical”. In: 35. Advances in Cryptology – EUROCRYPT’16. Vol. 9665. LNCS. Full version: https://ia.cr/2016/093. Code: https://encrypto.de/code/UC. Springer, 2016, pp. 699–728. CORE Rank A*. Appendix A. [GKS17] D. GÜNTHER, Á. KISS, T. SCHNEIDER. “More Efficient Universal Circuit Constructions”. In: 23. Advances in Cryptology – ASIACRYPT’17. Vol. 10625. LNCS. Full version: https://ia.cr/2017/798. Code: https://encrypto.de/code/UC. Springer, 2017, pp. 443–470. CORE Rank A. Appendix B. [AGKS20] M. Y. ALHASSAN, D. GÜNTHER, Á. KISS, T. SCHNEIDER. “Efficient and Scalable Universal Circuits”. In: Journal of Cryptology (JoC) 33.3 (2020). Springer. Online version: https://ia.cr/2019/348. Code: https://encrypto.de/code/UC, pp. 1216–1271. CORE Rank A*. Appendix C. [HKRS20] M. HOLZ, Á. KISS, D. RATHEE, T. SCHNEIDER. “Linear-Complexity Private Function Evaluation is Practical”. In: 25. European Symposium on Research in Computer Security (ESORICS’20). Vol. 12309. LNCS. Full version: https://ia.cr/2020/853. Code: https://encrypto.de/code/linearPFE. Springer, 2020, pp. 401–420. CORE Rank A. Appendix D. PFE of decision trees. Decision trees are a machine learning model that allow for efficient classification based on a set of input features. Privacy-preserving decision tree evaluation has been considered in the literature, both using homomorphic encryption and garbling techniques. We systematically analyze existing protocols, identify the sub-protocols of private decision tree evaluation, and present novel combinations that result in better communication and computation tradeoff than previous methods. This part of the thesis is based on the following systematization of knowledge (SoK) publication: [KNL+19] Á. KISS, M. NADERPOUR, J. LIU, N. ASOKAN, T. SCHNEIDER. “SoK: Modular and Efficient Private Decision Tree Evaluation”. In: Proceedings on Privacy Enhancing Technologies (PoPETs) 2019.2 (2019). De Gruyter Open. Online version: https://ia.cr/2018/1099. Code: https://encrypto.de/code/PDTE, pp. 187–208. CORE Rank B. Appendix E. This thesis presents results that contribute to making private function evaluation (PFE) efficient and practical for deployment in use cases such as privacy-preserving classification for medical diagnostics and privacy-preserving insurance rate calculation.