Secure Computation of the kth-Ranked Element in a Star Network

We consider the problem of securely computing the kth-ranked element in a sequence of n private integers distributed among n parties. The kth-ranked element (e.g., minimum, maximum, median) is of particular interest in benchmarking, which allows a company to compare its own key performance indicator to the statistics of its peer group. The individual integers are sensitive data, yet the kth-ranked element is of mutual interest to the parties. Previous secure computation protocols for the kth-ranked element require a communication channel between each pair of parties. They do not scale to a large number of parties as they are highly interactive resulting in longer delays. Moreover, they are difficult to deploy as special arrangements are required between each pair of parties to establish a secure connection. A server model naturally fits with the client-server architecture of Internet applications in which clients are connected to the server and not to other clients. It can simplify secure computation by reducing the number of rounds, and as a result, improve its performance and scalability. In this model, there are communication channels only between each client and the server, while only clients provide inputs to the computation. Hence, it is a centralized communication pattern, i.e., a star network. We propose different approaches for privately computing the kth-ranked element in the server model, using either garbled circuits or threshold homomorphic encryption. Our schemes have a constant number of rounds and can compute the kth-ranked element within seconds for up to 50 clients in a WAN.