Volume 2 No.

5, MAY 2011 ISSN 2079-8407

Journal of Emerging Trends in Computing and Information Sciences

©2010-11 CIS Journal. All rights reserved.

http://www.cisjournal.org

A Comparative Study of Available Protocols during Privacy

Preservation in Secure Multiparty Computation
1
Zulfa Shaikh, 2Poonam Garg
1
Acropolis Institute of Technology and Research Indore,India
2
Professor, Institute of Management Technology Ghaziabad,India
1
shaikh.zulfa@gmail.com, 2pgarg@imt.edu

ABSTRACT
In this paper, comparative study of different available Secure Multiparty Computation (SMC) protocols have been
addressed. In SMC, a set of parties wishes to jointly compute some function on their inputs. This computation must
preserve certain security properties, like privacy and correctness. The general approach for such kind of computation is to
make use of trusted third party to do the computation and then announce the result publicly. The major problem with this
approach is that it is difficult to find a third party which is trusted by all the parties providing the inputs. This implies that
the data of parties must be secured. Security is meant to achieve correctness of the result of computation and keeping the
party’s input private even if some of the parties are corrupted.
Keywords: Security, Privacy, Correctness, Secure Multiparty Computation.

I. INTRODUCTION II. RELATED WORK

A massive sensitive data exist in organizations
and organizations are interested in mining of their data for
its growth. Consider a scenario where two parties having
private databases wish to cooperate by computing a data
mining algorithm on the union of their databases. Since
the databases are confidential, neither party is willing to
reveal any of the contents to the other. The information
age has enabled many organizations to gather large
volumes of data. However, the usefulness of this data is
negligible if “meaningful information” or “knowledge”
cannot be extracted from it. A key problem that arises in
any massive collection of data is that of confidentiality.
The need for privacy is sometimes due to law (e.g., for
medical databases) or can be motivated by business
interests. However, there are situations where the sharing
of data can lead to mutual gain. A key utility of large
databases today is research, whether it is scientific or
economic and market oriented. Thus, for example, the
medical field has much to gain by pooling data for
research; as can even competing businesses with mutual
interests. Despite the potential gain, this is often not
possible due to the confidentiality issues which arise. This
problem is an example of Secure Multiparty Computation.
Formally SMC can be defined as a situation
where there are n parties with private inputs x1,x2,…,xn
respectively and they want to compute value of public
function y=f(x1,x2,…,xn) such that after computation no
party has any information about the inputs of any other
party apart from the information revealed by the computed
result. This computation can be performed in two ways by
any organization.
1. The first approach is, parties themselves performing
the computation.
2. Use a trusted third party for computation.
In this paper we have compared the available
SMC protocols and analyzed them on different
parameters.
A. Yao’s Millionaire Problem
The purpose of the protocol is to compare to
private numbers (i.e. determine which is larger). In this
protocol two millionaires wish to know who is richer
without revealing any other information about their net
worth.
The cryptographic solution by Yao [1] has
communication complexity that is exponential in the
number of bits of the numbers involved, using an un
trusted third party.
B. Cachin Protocol
Cachin proposed a solution[2] based on Ф-hiding
assumption. His protocol uses an untrusted third party that
can misbehave on its own. The communication complexity
of Cachin’s scheme is O (l), where l is the number of bits
of each input number.
C. The Circuit Evaluation Protocol
In a circuit evaluation protocol, each
functionality is represented by a Boolean circuit, and a
construction takes this Boolean circuit and produces a
protocol for evaluating it. The protocol scans the circuit
from the input wires to the output wires, processing a
single gate in each basic step. When entering each basic
step, the parties hold shares of the values of the input
wires, and when the step is completed they hold shares of
the output wires.
In theory the general secure multiparty
computation problem is solvable using circuit evaluation
protocol [3, 4, and 5]. While this approach is appealing in
its generality, the communication complexity it generates
depends on the size of the circuit that expresses the
functionality F to be computed, and in addition involves a
large constant factors in their complexity.
219
 Volume 2 No.5, MAY 2011
Journal of Emerging Trends in Computing and Information Sciences
©2010-11 CIS Journal. All rights reserved.
http://www.cisjournal.org
D. 1-out-of-N Oblivious Transfer
Goldreich’s circuit evaluation protocol uses the
1-out-of-N Oblivious Transfer. An 1-out-of –N Oblivious
[6, 7] refers to a protocol where at the beginning of the
protocol one party, Bob has N inputs X1, X2 …, XN and at
the end of the protocol the other party, Alice, learns one of
the inputs Xi for some 1≤i≤N of her choice, without
learning anything about the other inputs and without
allowing Bob to learn anything about i.An efficient 1-out-
of-N Oblivious Transfer Protocol was proposed in [8] by
Naor and Pinkas. By combining this protocol with the
scheme by Cachin, Micali and Stadler [9], the 1-out-of –N
Oblivious Transfer protocol could be achieved with
polylogarithmic (in n) communication complexity.
E. Homomorphic Encryption Schemes
We need a public-key cryptosystems with a
homomorphic property for some of our protocols: Ek (x)*
Ek(y) = Ek (x+y). Many such systems exist, and examples
include the systems by Benaloh [10], Naccache and Stern
[11]. A useful property of homomorphic encryption
schemes is an “addition” operation” can be performed
based on the encrypted data without decrypting them.
F. AnonyPro
This protocol hides the identity of parties
involved in computation by introducing an intermediate
layer. The advantage of this protocol is that the third party
performing computation may not know the input comes
from which party. So the privacy of parties can be
maintained in this protocol [11].
III. PROPOSED WORK
The proposed work here is to compare different
SMC protocols on different parameters. The comparison is
shown in Table 1 at the end of references.
From the explained protocols in Table 1 the
AnonyPro protocol defines a framework where the privacy
of the parties is ensured as this protocol hides the identity
of actual parties from the third party performing the
computation by introducing an intermediate layer. Hence
in terms of privacy this protocol has taken a step ahead.
But the problem with this protocol is that, if third party is
corrupted then correctness in the result cannot be
guaranteed.
IV. CONCLUSION & FUTURE SCOPE
In this paper we studied different available
protocols and tried to conclude that AnonyPro has defined
a better framework in concern to the privacy of SMC
protocol. Also, this parameter is of major concern as no
party will try to reveal its input to any other party during
computation.
The other available protocols have been defined
with their own security algorithms and identified the
ISSN 2079-8407
communication cost. The protocols have been analyzed
and concluded in table1.
In this paper after studying the available
protocols we identified that AnonyPro works better in
terms of privacy of the parties but there are certain
observations where we have to work on:
 The privacy cannot be maintained when
intermediate layer is corrupted.
 Efficient protocol has to be designed for third party
to compute the inputs and announce the correct
result.
 AnonyPro protocol has weak security, so need is to
apply more secured algorithm on this protocol.
REFERENCES
[1] A.C.Yao. (1982), Protocol for secure computations,in
Proc. 23rd IEEE Symposium on the Foundation of
Computer Science (FOCS), IEEE, 160-164.
[2] C.Cachin. (1999), Efficient private bidding and
auctions with an oblivious third party, in Proc. 6th
ACM conference on Computer and communications
security, 120-127.
[3] A.C. Yao. (1986), How to generate and exchange
secrets, in Proc. 27th IEEE Symposium on
Foundations of Computer Science, 162-167.
[4] O.Goldreich, S. Micali, A. Wigderson. (1987), How
to play any mental game- a complete theorem for
protocol with honest majority, in the proceeding of
19th ACM symposium on the theory of computing
(STOC), 218-229.
[5] O. Goldreich. (1998), Secure Multiparty Computation
(working draft). Available from
http://www.wisdom.weizmann.ac.il/home/oded/publi
c_html/foc.html.
[6] S. Even, O. Goldreich, A. Lempel. (1985), A
randomized protocol for signing contracts.
Communications of ACM, 28:637-647.
[7] G. Brassard, C. Crepeau, J. Robert.(1987), All-or-
nothing disclosure of secrets, in Advances in
Cryptology-Crypto86, Lecture Notes in Computer
Science,234-238.
[8] M. Naor, B,Pinkas.(1999), Oblivious transfer and
Polynomial Evaluation(extended abstract), in Proc.
31th ACM Symposiumon Theory of Computing,245-
254.
[9] C. Cachin, S. Micali, M.Stadler.(1999),
Computationally private information retrieval with
polyalgorithmic communication, Advances in
Cryptology:EUROCRYPT’99,Lecture Notes in
Computer Science,402-414.
220
 Volume 2 No.5, MAY 2011 ISSN 2079-8407
Journal of Emerging Trends in Computing and Information Sciences

©2010-11 CIS Journal. All rights reserved.

http://www.cisjournal.org

[10] J. Bnaloh. (1994), Dense probabilistic encryption, in [11] D.K. Mishra, M. Chandwani (2007), Anonymity
Proc. of the Workshop on Selected Areas of enabled secure multi-party computation for Indian
Cryptography, 120-128. BPO, in Proc. TENCON 2007,IEEE,1-4.

TABLE 1 COMPARATIVE STUDY OF SMC PROTOCOLS

S.No. Available Protocol Communication complexity Correctness Privacy

Exponential in no of bits of the Third party used for

1. Yao’s Millionaire Problem numbers involved computation is un- Low
trusted, so correctness
parameter is poor
2. Cachin’s Protocol O (l), where l is number of bits Third party is un- Low
of each input number. trusted.
3. Depends on the size of the If the functionality F is Medium
Circuit Evaluation Protocol circuit. This size depends on the complicated, using the
size of input and on the circuit evaluation
complexity of expressing F as a protocol will typically
circuit. not be practical
O(m) where m is security This protocol does not
4. 1-out-N Oblivious transfer parameter perform third party Medium
computation. The
function is computed
between the parties
itself. And if the party
involved in computation
is corrupted, then
correctness in the result
cannot be ensured. High
security may result in
correct computation.
p*t*n where p>=2 and t is Third party is un trusted. Medium
5. Scalar Product protocol 1 security parameter. After Security parameter may
solving the cost is increase the correctness
in the result.
plog µ n
log p
4m*n where m is security Third party is un trusted.
6. Scalar Product protocol 2 parameter. Security algorithm may Medium
Substituting m values the cost of perform correct
protocol is computation.

4 logµ n .When n is
log n
large this protocol is more
efficient than Scalar product
Protocol 1.
As middle layer is involved in Correctness cannot be
7. AnonyPro the protocol, communication ensured when third party High
cost of the protocol is higher is corrupted.
than other available protocols.
But the advantage of this
protocol is that it hides the
identity of actual parties
involved in computation. So the
third party performing the
computation may not know the
input belongs to which party.

221