CryptoDB
Privacy-Preserving Dijkstra
Authors: |
|
---|---|
Download: |
|
Presentation: | Slides |
Conference: | CRYPTO 2024 |
Abstract: | Given a graph $G(V,E)$, represented as a secret-sharing of an adjacency list, we show how to obliviously convert it into an alternative, MPC-friendly secret-shared representation, so-called $d${\sc-normalized replicated \linebreak adjacency list} (which we abbreviate to $d${\em -normalized}), where the size of our new data-structure is only 4x larger -- compared to the original (secret-shared adjacency list) representation of $G$. Yet, this new data structure enables us to execute oblivious graph algorithms that simultaneously improve underlying graph algorithms' round, computation, and communication complexity. Our $d$-{\em normalization} proceeds in two steps: \begin{itemize} \item First, we show how for any graph $G$, given a secret-shared adjacency list, where vertices are arbitrary alphanumeric strings that fit into a single RAM memory word, we can efficiently and securely rename vertices to integers from $1$ to $V$ that will appear in increasing order in the resulting secret-shared adjacency list. The secure renaming takes $O(\log V)$ rounds and $O((V+E)\log V)$ secure operations. Our algorithm also outputs in a secret-shared form two arrays: a mapping from integers to alphanumeric names and its sorted inverse. Of course, if the adjacency list is already in such an integer format, this step could be skipped. \item Second, given a secret-shared adjacency list for any graph $G$, where vertices are integers from $1$ to $V$ and are sorted, there exists a $d${\em-normalization} algorithm that takes $O(1)$ rounds and $O((V+E))$ secure operations. \end{itemize} We believe that both conversions are of independent interest. We demonstrate the power of our data structures by designing a privacy-preserving Dijkstra's single-source shortest-path algorithm that simultaneously achieves $O\left((V +E) \cdot \log V \right)$ secure operations and $O(V \cdot \log V \cdot \log \log\log V)$ rounds. Our secure Dijkstra algorithm works for any adjacency list representation as long as all vertex labels and weights can individually fit into RAM memory word. Our algorithms work for two or a constant number of servers in the honest but curious setting. The limitation of our result (to only a constant number of servers) is due to our reliance on linear work and constant-round secure shuffle. \noindent {\bf Keywords}: Oblivious Graph Algorithms, MPC, Oblivious RAM, Distributed \linebreak ORAM, Garbled RAM, Single-Source Shortest Path, Secure Dijkstra. |
BibTeX
@inproceedings{crypto-2024-34371, title={Privacy-Preserving Dijkstra}, publisher={Springer-Verlag}, doi={10.1007/978-3-031-68400-5_3}, author={Benjamin Ostrovsky}, year=2024 }