Selective private function evaluation with applications to private statistics
Abstract
Motivated by the application of private statistical analysis of large databases, we consider the problem of selective private function evaluation (SPFE). In this problem, a client interacts with one or more servers holding copies of a database x = x1,..., xn in order to compute f(xi1,..., xim), for some function f and indices i = i1,..., im chosen by the client. Ideally, the client must learn nothing more about the database than f(xi1,..., xim), and the servers should learn nothing. Generic solutions for this problem, based on standard techniques for secure function evaluation, incur communication complexity that is at least linear in n, making them prohibitive for large databases even when f is relatively simple and m is small. We present various approaches for constructing sublinear-communication SPFE protocols, both for the general problem and for special cases of interest. Our solutions not only offer sublinear communication complexity, but are also practical in many scenarios.