Privacy-preserving disjunctive normal form operations on distributed sets
Introduction
Privacy-preserving set operations in distributed environments are widely used in privacy-preserving data mining [1], [16], [25], [24], [14], [18]. When multiple parties want to discover some information from their private data while preserving their privacy, privacy-preserving set operations can be used. For example, suppose multiple hospitals want to discover the relationship between a specific disease and genetic information from the medical data of their patients. Since there are many privacy and security restrictions involved in medical data, hospitals should not reveal the medical data of their patients to the other hospitals. In this situation, hospitals can extract useful genetic information using privacy-preserving set operations without revealing their patients’ data. The extracted genetic information could be used to determine the likelihood that a person has a specific disease.
Assume there are three sets A1, A2, and A3. Many useful relationships between sets can be represented as disjunctive normal forms. Some of them are as follows (See Fig. 1.):
- –
A set union is SU = A1 ∪ A2 ∪ A3.
- –
A set intersection is SI = A1 ∩ A2 ∩ A3.
- –
A 2-over-threshold set intersection is .
- –
A 2-under-threshold set intersection is .
- –
A set of 1-repeated elements is .
- –
A set of 2-repeated elements is .
More generally, a DNF operation on distributed sets can be used to find a set SF satisfying , where and set Ak is owned by a party Pk (1 ⩽ k ⩽ n). A complement set is defined as . and t2 ∈ {1, … , n}.
Privacy-preserving set operations on distributed sets are useful in privacy-preserving data mining and secure multi-party computations. Recently, a number of privacy-preserving set operations have been proposed, such as privacy-preserving set union protocols [15], [6], [2], privacy-preserving set intersection protocols [7], [15], [17], [20], [13], [21], [26], [3], [5], [22], and privacy-preserving subset protocols [15], [22]. Another protocol, a privacy-preserving over-threshold set union protocol, was proposed in [15], [22], [23].
Unfortunately, a collection of known privacy-preserving set operations is not enough to extract the set elements defined by DNF in a privacy-preserving manner. For instance, suppose we want to find the elements that exactly k parties have. That is, we want to find . We might try to use the privacy-preserving over-threshold set union protocol to find . A privacy-preserving over-threshold set union protocol is used to find the elements which more than k parties have. Using two over-threshold set unions and we can get . However, this approach reveals some information besides just . That is, the elements in are additionally revealed. A good privacy-preserving protocol should not reveal any extra information such as . We can find using our privacy-preserving protocol for DNF operations without revealing any extra information. Our protocol can find any arbitrarily-defined set elements which can be represented as DNF in a privacy-preserving manner (See Fig. 2.).
In this paper, we proposed a privacy-preserving protocol for DNF operations with distributed sets which does not reveal any other information except the information which can be inferred from the DNF operations. Our privacy-preserving protocol for DNF operations with distributed sets makes it possible to construct many useful relationships between sets such as set union and (threshold) set intersection, as well as a set of k-repeated elements, while preserving the privacy of all the parties involved. Our privacy-preserving protocol is the first construction for DNF operations on distributed sets.
The rest of the paper is organized as follows: In Section 2, we define security notions and review primitives. In Section 3, we suggest sub-protocols which were used in our main protocol. We propose our main protocol, the privacy-preserving protocol for DNF operations with distributed sets, in Section 4. Finally, we conclude the paper in Section 5.
Section snippets
Preliminaries
In this section, we define the security in the presence of honest-but-curious adversaries and describe the cryptographic tools which were used in this paper.
Privacy-preserving sub-protocol
In this section, we describe a privacy-preserving set union protocol EncUnion and a privacy-preserving membership test protocol TestMem which were both used in our main protocol. These protocols are secure against honest-but-curious adversaries. Table 1 shows the complexities of EncUnion and TestMem.
Privacy-preserving protocol for DNF operations with distributed sets
In this section, we construct our main protocol, the privacy-preserving protocol PPDNF, for DNF operations with distributed sets. A DNF operation on distributed sets can be used to find a set SF satisfying , where and set Ak is owned by party Pk. A complement set is defined as .
If a protocol is a privacy-preserving protocol for DNF operations, each party Pk gets SF through the protocol but cannot extract more
Conclusion
We have constructed a privacy-preserving protocol for DNF operations, PPDNF, with distributed sets to find a set SF satisfying in a privacy-preserving manner, where and a complement set is defined as . PPDNF does not reveal any other information besides just the information which could be inferred from an output set SF and the size of each private set.
PPDNF reveals the size of each private set, since PPDNF is
Acknowledgement
This work was partly supported by the IT R& D program of MKE/KEIT [KI002113, Development of Security Technology for Car-Healthcare], the IT R& D program of MKE, Korea [Development of Privacy Enhancing Cryptography on Ubiquitous Computing Environment], and Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (2010-0024219).
References (26)
- et al.
Privacy-preserving data mining: a feature set partitioning approach
Information Sciences
(2010) - et al.
Two methods for privacy preserving data mining with malicious participants
Information Sciences
(2007) - R. Agrawal, R. Srikant, Privacy-Preserving Data Mining, in: Proceedings 19th ACM SIGMOD Conference on Management of...
- et al.
Secure set union and bag union computation for guaranteeing anonymity of distrustful participants
Journal of Software
(2008) - J. Camenisch, G.M. Zaverucha, Private Intersection of Certified Sets, in: Proceedings Financial Cryptography and Data...
- Y. Desmedt, K. Kurosawa, How to Break a Practical MIX and Design a New One, Advances in Cryptology – in: Proceedings...
- D. Dachman-Soled, T. Malkin, M. Raykova, M. Yung, Efficient robust private set intersection, in: Proceedings 7th...
- K.B. Frikken, Privacy preserving set union, in: Proceedings 5th International Conference on Applied Cryptography and...
- M.J. Freedman, K. Nissim, B. Pinkas, Efficient private matching and set intersection, in: Proceedings EUROCRYPT...
- J. Furukawa, K. Sako, An Efficient Scheme for Proving a Shuffle, in: Proceedings CRYPTO Advances in Cryptology 2001,...