Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

Marina Blanton / Fattaneh Bayatbabolghani
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0033


Computation based on genomic data is becoming increasingly popular today, be it for medical or other purposes. Non-medical uses of genomic data in a computation often take place in a server-mediated setting where the server offers the ability for joint genomic testing between the users. Undeniably, genomic data is highly sensitive, which in contrast to other biometry types, discloses a plethora of information not only about the data owner, but also about his or her relatives. Thus, there is an urgent need to protect genomic data. This is particularly true when the data is used in computation for what we call recreational non-health-related purposes. Towards this goal, in this work we put forward a framework for server-aided secure two-party computation with the security model motivated by genomic applications. One particular security setting that we treat in this work provides stronger security guarantees with respect to malicious users than the traditional malicious model. In particular, we incorporate certified inputs into secure computation based on garbled circuit evaluation to guarantee that a malicious user is unable to modify her inputs in order to learn unauthorized information about the other user’s data. Our solutions are general in the sense that they can be used to securely evaluate arbitrary functions and offer attractive performance compared to the state of the art. We apply the general constructions to three specific types of genomic tests: paternity, genetic compatibility, and ancestry testing and implement the constructions. The results show that all such private tests can be executed within a matter of seconds or less despite the large size of one’s genomic data.

Keywords: Genomic computation; garbled circuits; server-aided computation; certified inputs


  • [1] 23andMe - Genetic Testing for Ancestry; DNA Test. http://www.23andme.com.Google Scholar

  • [2] Genealogy, Family Trees & Family History Records at Ancestry. com. http://www.ancestry.com.Google Scholar

  • [3] GenePartner.com - DNA matching: Love is no coincidence. http://www.genepartner.com.Google Scholar

  • [4] The JustGarble library. http://cseweb.ucsd.edu/groups/justgarble/.Google Scholar

  • [5] The Miracl library. http://http://www.certivox.com/miracl/.Google Scholar

  • [6] a. shelat and C. h. Shen. Two-output secure computation with malicious adversaries. In EUROCRYPT, 2011.Google Scholar

  • [7] G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. More efficient oblivious transfer and extensions for faster secure computation. In CCS, 2013.Google Scholar

  • [8] E. Ayday, J. L. Raisaro, and J. Hubaux. Personal use of genomic data: Privacy vs. storage cost. In IEEE Global Communications Conference, pages 2723-2729, 2013.Google Scholar

  • [9] E. Ayday, J. L. Raisaro, and J.-P. Hubaux. Privacy-enhancing technology for medical tests using genomic data. Technical Report EPFL-REPORT-182897, EPFL, 2012.Google Scholar

  • [10] E. Ayday, J. L. Raisaro, J.-P. Hubaux, and J. Rougemont. Protecting and evaluating genomic privacy in medical tests and personalized medicine. In WPES, pages 95-106, 2013.Google Scholar

  • [11] E. Ayday, J. L. Raisaro, P. McLaren, J. Fellay, and J.-P. Hubaux. Privacy-preserving computation of disease risk by using genomic, clinical, and environmental data. In HealthTech, 2013. Google Scholar

  • [12] P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, and G. Tsudik. Countering GATTACA: Efficient and secure testing of fullysequenced human genomes. In CCS, pages 691-702, 2011.Google Scholar

  • [13] M. Bellare, V. Hoang, S. Keelveedhi, and P. Rogaway. Efficient garbling from a fixed-key blockcipher. In IEEE Symposium of Security and Privacy, pages 478-492, 2013.Google Scholar

  • [14] M. Beye, Z. Erkin, and R. Lagendijk. Efficient privacy preserving k-means clustering in a three-party setting. In WIFS, pages 1-6, 2011.Google Scholar

  • [15] F. Bruekers, S. Katzenbeisser, K. Kursawe, and P. Tuyls. Privacy-preserving matching of DNA profiles. IACR Cryptology ePrint Archive Report 2008/203, 2008.Google Scholar

  • [16] J. Camenisch and A. Lysyanskaya. A signature scheme with efficient protocols. In SCN, pages 268-289, 2002.Google Scholar

  • [17] J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In CRYPTO, pages 56-72, 2004.Google Scholar

  • [18] J. Camenisch and M. Michels. Separability and efficiency for generic group signature schemes. In CRYPTO, 1999.Google Scholar

  • [19] J. Camenisch, D. Sommer, and R. Zimmermann. A general certification framework with applications to privacyenhancing certificate infrastructures. In Security and Privacy in Dynamic Environments, pages 25-37, 2006.Google Scholar

  • [20] J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In CRYPTO, 1997.Google Scholar

  • [21] J. Camenisch and M. Stadler. Proof systems for general statements about discrete logarithms. Technical report, Institute for Theoretical Computer Science, ETH Zurich, 1997.Google Scholar

  • [22] J. Camenisch and G. Zaverucha. Private intersection of certified sets. In FC, pages 108-127, 2009.Google Scholar

  • [23] H. Carter, C. Lever, and P. Traynor. Whitewash: Outsourcing garbled circuit generation for mobile devices. In ACSAC, pages 266-275, 2014.Google Scholar

  • [24] H. Carter, B. Mood, P. Traynor, and K. Butler. Secure outsourced garbled circuit evaluation for mobile devices. In USENIX Security Symposium, 2013.Google Scholar

  • [25] H. Carter, B. Mood, P. Traynor, and K. Butler. Outsourcing secure two-party computation as a black box. In CANS, pages 214-222, 2015.Google Scholar

  • [26] R. Cleve. Limits on the security of coin flips when half the processors are faulty. In STOC, pages 573-588, 1986.Google Scholar

  • [27] I. Damgard and E. Fujisaki. A statistically-hiding integer commitment scheme based on groups with hidden order. In ASIACRYPT, pages 125-142, 2002.Google Scholar

  • [28] E. De Cristofaro, S. Faber, P. Gasti, and G. Tsudik. GenoDroid: Are privacy-preserving genomic tests ready for prime time? In WPES, pages 97-107, 2012.Google Scholar

  • [29] E. De Cristofaro, S. Faber, and G. Tsudik. Secure genomic testing with size- and position-hiding private substring matching. In WPES, pages 107-118, 2012.Google Scholar

  • [30] E. De Cristofaro, S. Faber, and G. Tsudik. Secure genomic testing with size- and position-hiding private substring matching. In WPES, pages 107-118, 2013. Google Scholar

  • [31] E. De Cristofaro and G. Tsudik. Practical private set intersection protocols with linear complexity. In Financial Cryptography and Data Security (FC), pages 143-159, 2010.Google Scholar

  • [32] U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In STOC, pages 554-563, 1994.Google Scholar

  • [33] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature scheme. In CRYPTO, pages 186-194, 1986.Google Scholar

  • [34] E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In CRYPTO, pages 16-30, 1997.Google Scholar

  • [35] R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: outsourcing computation to untrusted workers. In CRYPTO, pages 465-482, 2010.Google Scholar

  • [36] S. Goldwasser, Y. Kalai, and G. Rothblum. One-time programs. In CRYPTO, pages 39-56, 2008.Google Scholar

  • [37] D. He, N. Furlotte, F. Hormozdiari, J. Joo, A. Wadia, R. Ostrovsky, A. Sahai, and E. Eskin. Identifying genetic relatives without compromising privacy. Genome Research, 24:664-672, 2014.Google Scholar

  • [38] A. Herzberg and H. Shulman. Oblivious and fair server-aided two-party computation. In ARES, pages 75-84, 2012.Google Scholar

  • [39] A. Herzberg and H. Shulman. Oblivious and fair serveraided two-party computation. Information Security Technical Report, (17):210-226, 2013.Google Scholar

  • [40] F. Hormozdiari, J. Joo, A. Wadia, F. Guan, R. Ostrovsky, A. Sahai, and E. Eskin. Privacy preserving protocol for detecting genetic relatives using rare variants. In ISMB, pages 204-2011, 2014.Google Scholar

  • [41] Y. Huang, J. Katz, and D. Evans. Quid-pro-quo-tocols: Strengthening semi-honest protocols with dual execution. In IEEE Symposium of Security and Privacy, 2012.Google Scholar

  • [42] Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending oblivious transfers efficiently. In CRYPTO, pages 145-161, 2003.Google Scholar

  • [43] Y. Ishai, R. Kumaresan, E. Kushilevitz, and A. Paskin- Cherniavsky. Secure computation with minimal interaction, revisited. In CRYPTO, pages 359-378, 2015.Google Scholar

  • [44] T. Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation. In ACM Workshop on Cloud Computing Security (CCSW), pages 81-92, 2014.Google Scholar

  • [45] S. Jarecki and V. Shmatikov. Efficient two-party secure computation on committed inputs. In EUROCRYPT, pages 97-114, 2007.Google Scholar

  • [46] S. Kamara, P. Mohassel, and M. Raykova. Outsourcing multiparty computation. IACR Cryptology ePrint Archive Report 2011/272, 2011.Google Scholar

  • [47] S. Kamara, P. Mohassel, and B. Riva. Salus: A system for server-aided secure function evaluation. In CCS, pages 797-808, 2012.Google Scholar

  • [48] J. Katz and L. Malka. Secure text processing with applications to private DNA matching. In CCS, pages 485-492, 2010.Google Scholar

  • [49] M. Kiraz, T. Schoenmakers, and J. Villegas. Efficient committed oblivious transfer of bit strings. In Information Security Conference (ISC), pages 130-144, 2007.Google Scholar

  • [50] V. Kolesnikov, R. Kumaresan, and A. Shikfa. Efficient verification of input consistency in server-assisted secure function evaluation. In CANS, pages 201-217, 2012.Google Scholar

  • [51] V. Kolesnikov and A. Malozemoff. Public verifiability in the covert model (almost) for free. In ASIACRYPT, 2015.Google Scholar

  • [52] V. Kolesnikov and T. Schneider. Improved garbled circuit: Free XOR gates and applications. In ICALP, pages 486-498, 2008.Google Scholar

  • [53] B. Kreuter, a. shelat, B. Mood, and K. Butler. PCF: A portable circuit format for scalable two-party secure computation. In USENIX Security Symposium, 2013.Google Scholar

  • [54] Y. Lindell. Fast cut-and-choose based protocols for malicious and covert adversaries. In CRYPTO, 2013.Google Scholar

  • [55] Y. Lindell and B. Pinkas. A proof of security of Yao’s protocol for two-party computation. Journal of Cryptology, 22(2):161-188, 2009.CrossrefGoogle Scholar

  • [56] Y. Lindell and B. Pinkas. Secure two-party computation via cut-and-choose oblivious transfer. Journal of Cryptology, 25(4):680-722, 2012.CrossrefGoogle Scholar

  • [57] P. Mohassel and M. Franklin. Efficiency tradeoffs for malicious two-party computation. In Public Key Cryptography, pages 458-73, 2006.Google Scholar

  • [58] P. Mohassel and B. Riva. Garbled circuits checking garbled circuits: More efficient and secure two-party computation. In CRYPTO, pages 36-53, 2013.Google Scholar

  • [59] P. Mohassel, M. Rosulek, and Y. Zhang. Fast and secure three-party computation: The garbled circuit approach. In CCS, pages 591-602, 2015.Google Scholar

  • [60] B. Mood, D. Gupta, K. Butler, and J. Feigenbaum. Reuse it or lose it: More efficient secure computation through reuse of encrypted values. In CCS, pages 582-596, 2014.Google Scholar

  • [61] M. Naor and B. Pinkas. Efficient oblivious transfer protocols. In SODA, pages 448-457, 2001.Google Scholar

  • [62] J. Nielsen, P. Nordholt, C. Orlandi, and S. Burra. A new approach to practical active-secure two-party computation. In CRYPTO, pages 681-700, 2012.Google Scholar

  • [63] S. Zahur, M. Rosulek, and D. Evans. Two halves make a whole: Reducing data transfer in garbled circuits using half gates. In EUROCRYPT, pages 220-250, 2015.Google Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 4, Pages 144–164, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0033.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

Marina Blanton and Fattaneh Bayatbabolghani
IEEE Security & Privacy, 2017, Volume 15, Number 5, Page 20

Comments (0)

Please log in or register to comment.
Log in