Abstract
This paper introduces Prio+, a privacy-preserving system for the collection of aggregate statistics, with the same model and goals in mind as the original and highly influential Prio paper by Henry Corrigan-Gibbs and Dan Boneh (NSDI 2017). As in the original Prio, each client holds a private data value (e.g. number of visits to a particular website) and a small set of servers privately compute statistical functions over the set of client values (e.g. the average number of visits). To achieve security against faulty or malicious clients, unlike Prio, Prio+ clients use Boolean secret-sharing instead of zero-knowledge proofs to convince servers that their data is of the correct form and Prio+ servers execute a share conversion protocol as needed in order to properly compute over client data. This allows us to ensure that clients’ data is properly formatted essentially for free, and the work shifts to novel share-conversion protocols between servers, where some care is needed to make it efficient. Our overall approach is simpler than Prio and our Prio+ strategy reduces the client’s computational burden by at least two orders of magnitude (or more depending on the statistic) while keeping server costs comparable to Prio. Prio+ permits computation of exactly the same wide range of complex statistics as the original Prio protocol, including high-dimensional linear regression over private values held by clients.
We report detailed benchmarks of our Prio+ implementation and compare these to both the original Go implementation of Prio and the Mozilla implementation of Prio. Our Prio+ software is open-source and released with the same license as Prio.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Addanki, S., Garbe, K., Jaffe, E., Ostrovsky, R., Polychroniadou, A.: Prio+: privacy preserving aggregate statistics via Boolean shares. Cryptology ePrint Archive, Paper 2021/576 (2021). https://eprint.iacr.org/2021/576
Ben-Sasson, E., Fehr, S., Ostrovsky, R.: Near-linear unconditionally-secure multiparty computation with a dishonest minority. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 663–680. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_39
Boneh, D., Boyle, E., Corrigan-Gibbs, H., Gilboa, N., Ishai, Y.: Zero-knowledge proofs on secret-shared data via fully linear PCPs. Cryptology ePrint Archive, Report 2019/188 (2019). https://eprint.iacr.org/2019/188
Corrigan-Gibbs, H., Boneh, D.: Prio: private, robust, and scalable computation of aggregate statistics. In: 14th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 17), pp. 259–282 (2017). https://crypto.stanford.edu/prio/paper.pdf
Cramer, R., Damgård, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342–362. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_19
Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055717
Danezis, G., Fournet, C., Kohlweiss, M., Zanella-Béguelin, S.: Smart meter aggregation via secret-sharing. In: Proceedings of the First ACM Workshop on Smart Energy Grid Security, SEGS 2013, pp. 75–80. Association for Computing Machinery, New York (2013). https://doi.org/10.1145/2516930.2516944
Demmler, D., Schneider, T., Zohner, M.: ABY-a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)
Elahi, T., Danezis, G., Goldberg, I.: Privex: private collection of traffic statistics for anonymous communication networks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 1068–1079. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2660267.2660280
Emura, K., Kimura, H., Ohigashi, T., Suzuki, T., Chen, L.: Privacy-preserving aggregation of time-series data with public verifiability from simple assumptions and its implementations. Comput. J. 62(4), 614–630 (2019). https://doi.org/10.1093/comjnl/bxy135
Erlingsson, Ú., Korolova, A., Pihur, V.: RAPPOR: randomized aggregatable privacy-preserving ordinal response. CoRR abs/1407.6981 (2014). http://arxiv.org/abs/1407.6981
Escudero, D., Ghosh, S., Keller, M., Rachuri, R., Scholl, P.: Improved primitives for MPC over mixed arithmetic-binary circuits. Cryptology ePrint Archive, Paper 2020/338 (2020). https://eprint.iacr.org/2020/338
Fanti, G.C., Pihur, V., Erlingsson, Ú.: Building a RAPPOR with the unknown: privacy-preserving learning of associations and data dictionaries. CoRR abs/1503.01214 (2015). http://arxiv.org/abs/1503.01214
Glanz, J., Larson, J., Lehren, A.W.: Spy agencies tap data streaming from phone apps. New York Times (2014)
Hilts, A., Parsons, C., Knockel, J.: Every step you fake: a comparative analysis of fitness tracker privacy and security. Open Effect Rep. 76(24), 31–33 (2016)
Jeske, T.: Floating car data from smartphones: what google and waze know about you and how hackers can control traffic. In: Proceedings of the BlackHat Europe, pp. 1–12 (2013)
Joye, M., Libert, B.: A scalable scheme for privacy-preserving aggregation of time-series data. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 111–125. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_10
Keller, J., Lai, K., Perlroth, N.: How many times has your personal information been exposed to hackers. New York Times, 29 July 2015 (2015)
Melis, L., Danezis, G., Cristofaro, E.D.: Efficient private statistics with succinct sketches. CoRR abs/1508.06110 (2015). http://arxiv.org/abs/1508.06110
Popa, R.A., Balakrishnan, H.: VPriv: protecting privacy in location-based vehicular services. In: 18th USENIX Security Symposium (USENIX Security 2009). USENIX Association, Montreal (2009). https://www.usenix.org/conference/usenixsecurity09/technical-sessions/presentation/vpriv-protecting-privacy-location-based
Popa, R.A., Blumberg, A.J., Balakrishnan, H., Li, F.H.: Privacy and accountability for location-based aggregate statistics. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 653–666. Association for Computing Machinery, USA (2011). https://doi.org/10.1145/2046707.2046781
Rindal, P.: libOTe: an efficient, portable, and easy to use Oblivious Transfer Library. https://github.com/osu-crypto/libOTe
Rotaru, D., Wood, T.: Marbled circuits: mixing arithmetic and Boolean circuits with active security. Cryptology ePrint Archive, Report 2019/207 (2019). https://ia.cr/2019/207
Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_15
Shoup, V.: A proposal for an ISO standard for public key encryption. IACR Cryptology ePrint Archive 2001, 112 (2001)
Smith, B.: Uber executive suggests digging up dirt on journalists. BuzzFeed News 18 (2014)
Wang, G., Wang, B., Wang, T., Nika, A., Zheng, H., Zhao, B.Y.: Defending against sybil devices in crowdsourced mapping services. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pp. 179–191 (2016)
Acknowledgments
Supported in part by DARPA under Cooperative Agreement HR0011-20-2-0025, NSF grant CNS-2001096, NSF NRT grant DGE-1829071, US-Israel BSF grant 2015782, Cisco Research Award, Google Faculty Award, JP Morgan Faculty Award, IBM Faculty Research Award, Xerox Faculty Research Award, OKAWA Foundation Research Award, B. John Garrick Foundation Award, Teradata Research Award, Lockheed-Martin Research Award and Sunday Group. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of DARPA, the Department of Defense, the U.S. Government, or the National Science Foundation. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes not withstanding any copyright annotation therein. Prepared in part for information purposes by the Artificial Intelligence Research group of JPMorgan Chase & Co and its affiliates (“JP Morgan”), and is not a product of the Research Department of JP Morgan. JP Morgan makes no representation and warranty whatsoever and disclaims all liability, for the completeness, accuracy or reliability of the information contained herein. This document is not intended as investment research or investment advice, or a recommendation, offer or solicitation for the purchase or sale of any security, financial instrument, financial product or service, or to be used in any way for evaluating the merits of participating in any transaction, and shall not constitute a solicitation under any jurisdiction or to any person, if such solicitation under such jurisdiction or to such person would be unlawful. 2020 JPMorgan Chase & Co. All rights reserved.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Addanki, S., Garbe, K., Jaffe, E., Ostrovsky, R., Polychroniadou, A. (2022). Prio+: Privacy Preserving Aggregate Statistics via Boolean Shares. In: Galdi, C., Jarecki, S. (eds) Security and Cryptography for Networks. SCN 2022. Lecture Notes in Computer Science, vol 13409. Springer, Cham. https://doi.org/10.1007/978-3-031-14791-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-031-14791-3_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14790-6
Online ISBN: 978-3-031-14791-3
eBook Packages: Computer ScienceComputer Science (R0)