Abstract
This paper studies the problem of constructing secure multiparty computation protocols whose outputs satisfy differential privacy. We first provide a general framework for multiparty protocols generating shares of noise drawn from distributions capable of achieving differential privacy. Then, using this framework, we propose two kinds of protocols based on secret sharing. The first one is a constant-round protocol which enables parties to jointly generate shares of noise drawn from the discrete Laplace distribution. This protocol always outputs shares of noise while the previously known protocol fails with non-zero probability. The second protocol allows the parties to non-interactively obtain shares of noise following the binomial distribution by predistributing keys for pseudorandom functions in the setup phase. As a result, the parties can compute a share of noise enough to provide the computational analogue of \(\epsilon \)-differential privacy with communication complexity independent of \(\epsilon \). It is much more efficient than the previous protocols which require communication complexity proportional to \(\epsilon ^{-2}\) to achieve (information-theoretic) \((\epsilon ,\delta )\)-differential privacy for some \(\delta >0\).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Acar, A., Celik, Z.B., Aksu, H., Uluagac, A.S., McDaniel, P.: Achieving secure and differentially private computations in multiparty settings. In: 2017 IEEE Symposium on Privacy-Aware Computing (PAC), pp. 49–59 (2017)
Agarwal, N., Suresh, A.T., Yu, F.X.X., Kumar, S., McMahan, B.: cpSGD: communication-efficient and differentially-private distributed SGD. In: Advances in Neural Information Processing Systems, pp. 7564–7575 (2018)
Aliasgari, M., Blanton, M., Zhang, Y., Steele, A.: Secure computation on floating point numbers. In: NDSS (2013)
Balcer, V., Cheu, A.: Separating local & shuffled differential privacy via histograms. In: 1st Conference on Information-Theoretic Cryptography (ITC 2020). Leibniz International Proceedings in Informatics (LIPIcs), vol. 163, pp. 1:1–1:14 (2020)
Balle, B., Bell, J., Gascón, A., Nissim, K.: The privacy blanket of the shuffle model. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 638–667. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_22
Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in constant number of rounds of interaction. In: Proceedings of the Eighth Annual ACM Symposium on Principles of Distributed Computing, pp. 201–209 (1989)
Beimel, A., Nissim, K., Omri, E.: Distributed private data analysis: simultaneously solving how and what. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 451–468. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_25
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10 (1988)
Bogdanov, D., Talviste, R., Willemson, J.: Deploying secure multi-party computation for financial data analysis. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 57–64. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_5
Catrina, O., Saxena, A.: Secure computation with fixed-point numbers. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 35–50. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_6
Champion, J., Shelat, A., Ullman, J.: Securely sampling biased coins with applications to differential privacy. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 603–614 (2019)
Chan, T.-H.H., Shi, E., Song, D.: Optimal lower bound for differentially private multi-party aggregation. In: Epstein, L., Ferragina, P. (eds.) ESA 2012. LNCS, vol. 7501, pp. 277–288. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33090-2_25
Cheu, A., Smith, A., Ullman, J., Zeber, D., Zhilyaev, M.: Distributed differential privacy via shuffling. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 375–403. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_13
Cramer, R., Damgård, I., Ishai, Y.: Share conversion, pseudorandom secret-sharing and applications to secure computation. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 342–362. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_19
Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J.B., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 285–304. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_15
Damgård, I., Nielsen, J.B.: Scalable and unconditionally secure multiparty computation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 572–590. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_32
Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., Naor, M.: Our data, ourselves: privacy via distributed noise generation. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 486–503. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_29
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14
Eigner, F., Kate, A., Maffei, M., Pampaloni, F., Pryvalov, I.: Differentially private data aggregation with optimal utility. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 316–325 (2014)
Gazeau, I., Miller, D., Palamidessi, C.: Preserving differential privacy under finite-precision semantics. Theoret. Comput. Sci. 655, 92–108 (2016)
Ghosh, A., Roughgarden, T., Sundararajan, M.: Universally utility-maximizing privacy mechanisms. SIAM J. Comput. 41(6), 1673–1693 (2012)
Goldreich, O.: Foundations of cryptography: volume 2, basic applications. Cambridge University Press (2009)
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)
Inusah, S., Kozubowski, T.J.: A discrete analogue of the laplace distribution. J. Stat. Plann. Inference 136(3), 1090–1102 (2006)
Kimura, E., et al.: Evaluation of secure computation in a distributed healthcare setting. Stud. Health Technol. Inf. 228, 152–156 (2016)
McSherry, F., Talwar, K.: Mechanism design via differential privacy. In: 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2007), pp. 94–103 (2007)
Mironov, I.: On significance of the least significant bits for differential privacy. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 650–661 (2012)
Mironov, I., Pandey, O., Reingold, O., Vadhan, S.: Computational differential privacy. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 126–142. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_8
Nishide, T., Ohta, K.: Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 343–360. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_23
Park, K., Park, H., Jeun, W.C., Ha, S.: Boolean circuit programming: a new paradigm to design parallel algorithms. J. Discrete Algorithms 7(2), 267–277 (2009)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Shi, E., Chan, T.H., Rieffel, E., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: NDSS, vol. 2 (2011)
Wu, G., He, Y., Wu, J., Xia, X.: Inherit differential privacy in distributed setting: Multiparty randomized function computation. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 921–928 (2016)
Acknowledgments
This research was partially supported by JSPS KAKENHI Grant Numbers JP20J20797 and JP19K22838, JST CREST Grant Numbers JPMJCR14D6 and JPMJCR19F6, Japan, and the Ministry of Internal Affairs and Communications SCOPE Grant Number 182103105.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 The Protocol for Discrete Laplace Noise Generation [17]
The authors of [17] show that sampling an integer g from the truncated geometric distribution with support \(\{z\in \mathbb {Z}:0\le z<N\}\) is reduced to generating \(\log N\) independent biased bits. They implicitly show the following lemma. Define \(\mathbb {Z}_{\ge c}=\{z\in \mathbb {Z}:z\ge c\}\) for \(c\in \mathbb {Z}\). Let \(0<p<1\) and \(t_i=(1+p^{-2^i})^{-1}\) for \(i\in \mathbb {Z}_{\ge 0}\).
Lemma 1
Let \(X_i\) be the random variable with \(\text {Ber}(t_i)\). Then \(G:=\sum _{i\in \mathbb {Z}_{\ge 0}}X_i2^i\) has the geometric distribution \(\text {Geo}(p)\), i.e., \({\mathrm {Pr}\left[ G=g \right] }=(1-p)p^g\) for \(g\ge 0\).
To obtain a concrete protocol, we provide the probability distribution of the truncated sum of the \(X_i\)’s. Let \(c\in \mathbb {N}\) and \(N=2^c\). It follows from the above lemma that \(\sum _{i\in [0..c)}X_i2^i\) follows the truncated geometric distribution, i.e., \({\mathrm {Pr}\left[ \sum _{i\in [0..c)}X_i2^i=g \right] }=D(1-p)p^g\) for \(g\in [0..N)\), where \(D=(1-p^N)^{-1}\). Indeed, the lemma implies that for every finite set \(I\subseteq \mathbb {Z}_{\ge 0}\),
where we define \(y(I)=\sum _{i\in I}2^i\). Let \(g\in [0..N)\) and \(I\subseteq [0..c)\) be such that \(g=y(I)\).
Since \(\sum _{g\in [0..N)}{\mathrm {Pr}\left[ \sum _{i\in [0..c)}X_i2^i=g \right] }=1\), we have \(\sum _{J\subseteq \mathbb {Z}_{\ge c}}p^{y(J)}=(\sum _{g\in [0..N)}(1-p)p^g)^{-1}=D\).
Then, according to [11], \(L:=\sigma G\) conditioned on \((G,\sigma )\ne (0,-1)\) follows \(\text {TDL}(p,N)\) if and \(G=\sum _{i\in [0..c)}X_i2^i\) for \(X_i\sim \text {Ber}(t_i)\).
The protocol [17] evaluates a certain Boolean circuit to generate biased bits \(X_i\). It also needs to invoke an equality test protocol to verify \((\sigma ,g)\ne (0,-1)\) and hence it fails with probability \({\mathrm {Pr}\left[ (\sigma ,g)=(0,-1) \right] }=(1-p)/2\). The statistical distance between \(\text {TDL}(p,N)\) and the output is at most \(2^{-d}\log N\).
1.2 A.2 The Protocol for Binomial Noise Generation [17]
First, the authors in [17] propose a protocol, in which the parties jointly \(\ell \) random bits \(b_k\), \(k\in [\ell ]\) and securely compute a share of \((1/M)\cdot (\sum _{k\in [\ell ]}b_k-\ell /2)\). For a function with sensitivity \(\varDelta \), the protocol achieves \((\epsilon ,\delta )\)-differential privacy for \(\epsilon \ge \epsilon (\delta ,\ell ,M,\varDelta )\) and the mean squared error is given by \(\ell /4M^2\). The protocol requires the communication complexity \(\mathcal {O} \left( \ell \text {Mult}(\varPi _{\text {Bit}}) \right) \) if the functionality \(\mathcal {F}_\text {Bit}\) is realized by a protocol \(\varPi _{\text {Bit}}\). As we mentioned in Sect. 2.2, if we implement \(\varPi _{\text {Bit}}\) with \(\textsc {xor}^*\) (resp. \(\textsc {ran}_2\)), then \(\text {Mult}(\varPi _{\text {Bit}})\) is \(\mathcal {O} \left( n \right) \) (resp. \(\mathcal {O} \left( 1 \right) \)).
In addition, a protocol simultaneously flipping n bits is proposed in [17]. Technically, each party \(i\in [n]\) shares his local random bit \(s_i\) among the other parties and then the parties obtain n shares \({\llbracket s_i\rrbracket }\), \(i\in [n]\). This can reduce the communication complexity to \(\mathcal {O} \left( \ell /n \right) \). However, since \(t\ell /n\) out of the \(\ell \) bits are revealed to the adversary, the modified protocol is \((\epsilon ,\delta )\)-differentially private only for \(\epsilon \ge \epsilon (\delta ,\ell (1-t/n),M,\varDelta )\).
Rights and permissions
Copyright information
© 2021 International Financial Cryptography Association
About this paper
Cite this paper
Eriguchi, R., Ichikawa, A., Kunihiro, N., Nuida, K. (2021). Efficient Noise Generation to Achieve Differential Privacy with Applications to Secure Multiparty Computation. In: Borisov, N., Diaz, C. (eds) Financial Cryptography and Data Security. FC 2021. Lecture Notes in Computer Science(), vol 12674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64322-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-662-64322-8_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-64321-1
Online ISBN: 978-3-662-64322-8
eBook Packages: Computer ScienceComputer Science (R0)