Reflex: Faster Secure Collaborative Analytics via Controlled Intermediate Result Size Disclosure

TL;DR

Reflex tackles the prohibitive cost of secure MPC analytics by introducing a Resizer operator that trims intermediate results between oblivious operators, using user-defined probabilistic distributions to balance performance and privacy. A new RtR metric provides a principled way to compare how much information about intermediate sizes an attacker can infer under different trimming strategies. Implemented on MP-SPDZ with replicated secret sharing, Reflex supports trimming after joins, selections, and aggregations, and offers Beta-Binomial and DP-based distributions to control the trimming behavior. Empirical results show substantial runtime reductions while maintaining quantifiable privacy guarantees, enabling MPC-based analytics to approach practical feasibility and motivating future policy-driven query optimizers that jointly optimize performance and security guarantees.

Abstract

Secure Multi-Party Computation (MPC) enables collaborative analytics without exposing private data. However, OLAP queries under MPC remain prohibitively slow due to oblivious execution and padding of intermediate results with filler tuples. We present Reflex, the first framework that enables configurable trimming of intermediate results across different query operators -- joins, selections, and aggregations -- within full query plans. At its core is the Resizer operator, which can be inserted between any oblivious operators to selectively remove filler tuples under MPC using user-defined probabilistic strategies. To make privacy trade-offs interpretable, we introduce a new metric that quantifies the number of observations an attacker would need to infer the true intermediate result sizes. Reflex thus makes the performance-privacy space of secure analytics navigable, allowing users to balance efficiency and protection. Experiments show substantial runtime reductions while maintaining quantifiable privacy guarantees.

Figures (12)

• Figure 1: Motivating 3-join example: all operator selectivities are fixed at $10\%$, and the total number of tuples to process (sum of all intermediate result sizes) is a function of the amount of oblivious filler tuples included in each intermediate result. The trend is exponential when going from no fillers (green) to fully oblivious intermediate sizes (+$90\% N$ filler tuples at each operator, red)-- this explains the severe performance penalty under fully-oblivious MPC.
• Figure 2: A Query Example and its Plans. $O$ indicates oblivious operators, $N_i$ is input/output sizes, and $S_i$ refers to re-sized output after $\mathrel{ \downarrow \space \uparrow}$ operator with ($S_i < N_i$).
• Figure 3: Resizer operator. Inputs: oblivious output $\mathcal{O}_i$, oblivious output size $N_i$, true output column $c_i$ of operator $O_i$. Outputs: shuffled output $\mathcal{O}'_i$ and $c'_i$ indicating true tuples.
• Figure 4: Privacy-preserving query execution with Resizer operator. Retained filler tuples are shown in red.
• Figure 5: Resizer demonstrates linear scalability with the number of rows and logarithmic scalability with the number of columns. It outperforms the counter-based version and sort&cut by more than an order of magnitude.