1 / 27

Private Graph Algorithms in the Semi-Honest Model

Private Graph Algorithms in the Semi-Honest Model. Justin Brickell November 24, 2004. Two Party Graph Algorithms. Parties P 1 and P 2 own graphs G 1 and G 2 f is a two-input graph algorithm Compute f ( G 1 , G 2 ) without revealing “unnecessary information”.

melinda-chapman
Download Presentation

Private Graph Algorithms in the Semi-Honest Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Private Graph Algorithms in the Semi-Honest Model Justin Brickell November 24, 2004

  2. Two Party Graph Algorithms • Parties P1 and P2 own graphs G1 and G2 • f is a two-input graph algorithm • Compute f(G1,G2) without revealing “unnecessary information”

  3. Unnecessary Information • Intuitively, the protocol should function as if a trusted third party computed the output • We use simulation to prove that a protocol is private

  4. The Semi-Honest Model • A malicious adversary can alter his input • A semi-honest adversary • adheres to protocol • tries to learn extra information from the message transcript

  5. General Secure Two Party Computation • Any polynomial sized functionality can be made private (in the semi-honest model) • Yao’s Method • What are our goals? • Yao’s Method is inefficient • Efficient, private protocols to compute particular graph functionalities • Take advantage of information “leaked” by the result

  6. Two-Input Graph Algorithms? • Graph Isomorphism • Comparison of graph statistics • f(G1) > f(G2) ? • max flow,diameter,average degree • Synthesized Graphs • f(G1 • G2)

  7. Graph Synthesis • G1 and G2 are weighted complete graphs on the same vertex and edge set • G1 = (V,E,w1); G2 = (V,E,w2) • gmax(G1,G2) = (V,E,wmax) • wmax(e) = max(w1(e),w2(e)) • gmin(G1,G2) = (V,E,wmin) • wmin(e) = min(w1(e),w2(e))

  8. Graph Synthesis   1 2 1 2 7 4 G1 6 5 8 gmax(G1,G2) 8 5 2 4 3 4 3 7 7 2 2 1 2 1 2 7 4 6 5 6 6 gmin(G1,G2) G2 5 2 4 3 4 3 5 5

  9. Graph Isomorphism • Unlikely to find a private protocol • No known poly-time algorithm

  10. Comparison of Graph Statistics • Compute statistic on own graph • Semi-honest participants can’t lie • Use a private comparison protocol • Yao’s Millionaire Protocol • Yao’s method (circuit protocol)

  11. Synthesized Graphs • This is the interesting case • All Pairs Shortest Distance and Single Source Shortest Distance both “leak” significant useful information • Solved: APSD(gmin),SSSD(gmin) • Solved with leaks: APSD(gmax),SSSD(gmax)

  12. APSD(gmin(G1,G2)) • Basic Idea: Add edges to the solution graph in order of smallest to largest • Private, because we can recover the order from the final solution graph

  13. Run APSD on G1 and G2 7  1 2 1 2 4 4 G1 5 5 8 G1’ 8 2 2 4 3 4 3 6 7 2 2 1 2 1 2 7 7 6 6 6 6 G2’ G2 5 5 4 3 4 3 5 5

  14. Initialize G0’ 7 2  1 2 1 2 1 2 4  7 5 6  8 6  2 5  4 3 4 3 4 3 6 5  G1’ G2’ G0’

  15. Find shortest blue edge lengths 7 2  1 2 1 2 1 2 4  7 5 6  8 6  2 5  4 3 4 3 4 3 6 5  G1’ G2’ G0’ min1 = 2 min2 = 2 min0 = 

  16. Privately find global shortest length 7 2  1 2 1 2 1 2 4  7 5 6  8 6  2 5  4 3 4 3 4 3 6 5  G1’ G2’ G0’ min1 = 2 min2 = 2 min0 =  bluemin = min(min0,min1,min2) =2

  17. Find edges of length bluemin 7 2  1 2 1 2 1 2 4  7 5 6  8 6  2 5  4 3 4 3 4 3 6 5  G1’ G2’ G0’ S1 = {e23} S2 = {e12} S0 = {} bluemin = min(min0,min1,min2) =2

  18. Privately find all edges of length bluemin 7 2  1 2 1 2 1 2 4  7 5 6  8 6  2 5  4 3 4 3 4 3 6 5  G1’ G2’ G0’ S1 = {e23} S2 = {e12} S0 = {} S = S1 S2  S3 = {e12,e23}

  19. Update S edges in G0’ 7 2 2 1 2 1 2 1 2 4  7 5 6  8 6  2 5 2 4 3 4 3 4 3 6 5  G1’ G2’ G0’ S1 = {e23} S2 = {e12} S0 = {} S = S1 S2  S3 = {e12,e23}

  20. Run APSD on G0’ 7 2 2 1 2 1 2 1 2 4  7 5 6 4 8 6  2 5 2 4 3 4 3 4 3 6 5  G1’ G2’ G0’

  21. Repeat! 7 2 2 1 2 1 2 1 2 4  7 5 6 4 8 6  2 5 2 4 3 4 3 4 3 6 5  G1’ G2’ G0’ bluemin = min(min0,min1,min2) =4 S = S1 S2  S3 = {e13,e24}

  22. 7 2 2 1 2 1 2 1 2 4 4 7 5 6 4 8 6 6 2 5 2 4 3 4 3 4 3 6 5 6 G1’ G2’ G0’ bluemin = min(min0,min1,min2) =5 S = S1 S2  S3 = {e34}

  23. 7 2 2 1 2 1 2 1 2 4 4 7 5 6 4 8 6 6 2 5 2 4 3 4 3 4 3 6 5 5 G1’ G2’ G0’ bluemin = min(min0,min1,min2) =6 S = S1 S2  S3 = {e14}

  24. … until all edges are red 7 2 2 1 2 1 2 1 2 4 4 7 5 6 4 8 6 6 2 5 2 4 3 4 3 4 3 6 5 5 G1’ G2’ G0’

  25. The solution is correct! 2 2 1 2 1 2 4 4 4 5 6 6 2 2 4 3 4 3 5 5 gmin(G1,G2) G0’

  26. Other Results • A similar protocol for SSSD(gmin) • This isn’t free! • Protocol for special case of APSD(gmax) and SSSD(gmax) • Input graphs obey triangle inequality • “Leaky” protocol for APSD(gmax) and SSSD(gmax) in the general case

  27. Final Thought • Other graph algorithms don’t leak enough information • Questions?

More Related