International Association for Cryptologic Research
The authors introduce the notion of Rate-Limited Secure Function Evaluation (RL-SFE). Loosely speaking, in an RL-SFE protocol participants can monitor and limit the number of distinct inputs (i.e., rate) used by their counterparts in multiple executions of an SFE, in a private and verifiable manner. The need for RL-SFE naturally arises in a variety of scenarios: e.g., it enables service providers to \"Meter\" their customers' usage without compromising their privacy, or can be used to prevent oracle attacks against SFE constructions. They consider three variants of RL-SFE providing different levels of security.