Private policy negotiation

Ref: Klaus Kursawe, Gregory Neven and Pim Tuyls. In G. Di Crescenzo and A. Rubin, editors, Financial Cryptography 2006, volume 4107 of Lecture Notes in Computer Science, pages 81-95. Springer-Verlag, 2006.

Abstract: With the increasing importance of correctly handling privacy-sensitive data, significant work has been put in expressing and enforcing privacy policies. Less work has been done however on negotiating a privacy policy, especially if the negotiation process itself is considered privacy-sensitive. In this paper, we present a formal definition of the mutually privacy-preserving policy negotiation problem, i.e.~the problem of negotiating what data will be revealed under what conditions, while no party learns anything about the other parties' preferences other than the outcome of the negotiation.
We validate the definition by providing a reference solution using two-party computation techniques based on homomorphic encryption systems. Based on an evaluation of the efficiency of our protocol in terms of computation, bandwidth and communication rounds, we conclude that our solution is practically feasible for simple policies or high-bandwidth communication channels.