Changing Neighbors k Secure Sum Protocol for Secure Multi Party Computation

Secure sum computation of private data inputs is an important component of Secure Multi party Computation (SMC).In this paper we provide a protocol to compute the sum of individual data inputs with zero probability of data leakage. In our proposed protocol we break input of each party into number of segments and change the arrangement of the parties such that in each round of the computation the neighbors are changed. In this protocol it becomes impossible for semi honest parties to know the private data of some other party.

💡 Research Summary

The paper addresses a classic problem in Secure Multi‑Party Computation (SMC): how to compute the sum of private inputs held by several parties without revealing any individual value. Existing solutions, notably the random‑masking protocol by Clifton et al., are vulnerable because two adjacent parties can collude and recover the middle party’s input. The authors’ earlier work, the k‑Secure Sum protocol, mitigated this risk by splitting each input into a fixed number of segments (k) and performing the sum segment‑wise, thereby reducing the probability that colluding neighbors learn the full value. However, even that approach still allowed a non‑zero chance of leakage when the same two neighbors appear together in multiple rounds.

In this paper the authors propose a new protocol, called ck‑Secure Sum, which combines segment‑wise summation with a systematic change of neighbor relationships in every round. The key ideas are:

1. Segmentation – Each party i with private value xᵢ divides it into k = n − 1 segments dᵢ₁,…,dᵢₖ such that Σⱼ dᵢⱼ = xᵢ.
2. Ring topology – Parties are initially arranged in a logical ring P₁, P₂,…,Pₙ, with P₁ designated as the protocol initiator.
3. Round‑wise neighbor swapping – In round 1 the order is unchanged; the parties compute the sum of their first segment using the original k‑Secure Sum method. After the round finishes, party P₂ swaps its position with P₃; in round 2 the new order is used to sum the second segment. In round 3 P₂ swaps with P₄, and so on until P₂ has swapped with Pₙ. Consequently, every round a different pair of parties becomes neighbors of P₂, and similarly for all other parties as the swapping propagates.
4. Partial sums propagation – Within each round, the current partial sum is passed around the ring, each party adding its segment for that round. After k = n − 1 rounds, the initiator P₁ holds the total sum and announces it.

Security argument – Because each party’s input is split into n − 1 independent pieces, a colluding pair of semi‑honest parties can only learn at most one piece per round. Since the neighbor relationship changes every round, the same two colluders never see all pieces of any victim. Thus the probability that they reconstruct the full private value is mathematically zero under the semi‑honest model (no deviation from the protocol, only passive observation). The protocol therefore achieves “zero‑probability data leakage” against the specific threat model of two adjacent colluders.

Complexity – The protocol requires n − 1 rounds, each involving n messages (one per party). Hence the total communication and computation cost is O(n²). The authors acknowledge that this is higher than the original Clifton protocol (which needs only one round) but argue that the security gain justifies the overhead.

Limitations and practical considerations –

• The protocol assumes that parties can dynamically reorder themselves or at least logically change the routing of messages each round. In real distributed systems this may incur additional latency and synchronization overhead.
• The security proof is limited to the semi‑honest (honest‑but‑curious) adversary model; active attacks such as message tampering, replay, or denial‑of‑service are not addressed.
• No experimental evaluation or simulation results are provided; the paper presents only asymptotic complexity and a theoretical argument.
• The communication cost grows quadratically with the number of parties, which may become prohibitive for large n.

Related work – The authors give a concise historical overview, from Yao’s millionaire problem (1982) to Goldreich‑Micali‑Wigderson’s circuit‑based SMC, and list numerous applications (private information retrieval, privacy‑preserving data mining, etc.). They position their contribution as an extension of their own earlier k‑Secure Sum and Extended k‑Secure Sum papers, emphasizing that no existing protocol in the literature guarantees zero leakage when two neighbors collude.

Future directions – The paper suggests reducing the O(n²) overhead while preserving the zero‑leakage property, and exploring extensions to stronger adversarial models (malicious parties). Implementing the protocol in a realistic network environment and measuring latency, bandwidth, and fault tolerance would be natural next steps.

Conclusion – The ck‑Secure Sum protocol introduces a novel neighbor‑changing mechanism that eliminates the specific vulnerability of two colluding adjacent parties in secure sum computation. While the theoretical security claim is solid within its assumed model, practical deployment would require addressing dynamic topology management, communication overhead, and robustness against active attacks. Nonetheless, the work contributes a valuable conceptual tool to the SMC toolbox, potentially inspiring further research on dynamic neighbor strategies for other secure aggregation tasks.