Elsevier

Information Sciences

Volume 231, 10 May 2013, Pages 113-122
Information Sciences

Privacy-preserving disjunctive normal form operations on distributed sets

https://doi.org/10.1016/j.ins.2011.07.003Get rights and content

Abstract

Privacy-preserving set operations such as set union and set intersection on distributed sets are widely used in data mining in which the preservation of privacy is of the utmost concern. In this paper, we extended privacy-preserving set operations and considered privacy-preserving disjunctive normal form (DNF) operations on distributed sets. A privacy-preserving DNF operation on distributed sets can be used to find a set SF satisfying SF=(S1,1S1,t2)(St1,1St1,t2) without revealing any other information besides just the information which could be inferred from the DNF operations, where Si,j{A1,,An,A1¯,,An¯} and set Ak is known only to a party Pk. A complement set Ak¯ is defined as Ak¯=(A1An)-Ak. Using privacy-preserving DNF operations on distributed sets, it is possible to find set union, (threshold) set intersection, and a set of k-repeated elements.

Introduction

Privacy-preserving set operations in distributed environments are widely used in privacy-preserving data mining [1], [16], [25], [24], [14], [18]. When multiple parties want to discover some information from their private data while preserving their privacy, privacy-preserving set operations can be used. For example, suppose multiple hospitals want to discover the relationship between a specific disease and genetic information from the medical data of their patients. Since there are many privacy and security restrictions involved in medical data, hospitals should not reveal the medical data of their patients to the other hospitals. In this situation, hospitals can extract useful genetic information using privacy-preserving set operations without revealing their patients’ data. The extracted genetic information could be used to determine the likelihood that a person has a specific disease.

Assume there are three sets A1, A2, and A3. Many useful relationships between sets can be represented as disjunctive normal forms. Some of them are as follows (See Fig. 1.):

  • A set union is SU = A1  A2  A3.

  • A set intersection is SI = A1  A2  A3.

  • A 2-over-threshold set intersection is STO=(A1A2)(A2A3)(A3A1).

  • A 2-under-threshold set intersection is STU=(A1¯A2)(A2¯A3)(A3¯A1).

  • A set of 1-repeated elements is SR1=(A1¯A2¯A3)(A1¯A2A3¯)(A1A2¯A3¯).

  • A set of 2-repeated elements is SR2=(A1¯A2A3)(A1A2¯A3)(A1A2A3¯).

More generally, a DNF operation on distributed sets can be used to find a set SF satisfying SF=(S1,1S1,t2)(St1,1St1,t2), where Si,j{A1,,An,A1¯,,An¯} and set Ak is owned by a party Pk (1  k  n). A complement set Ak¯ is defined as Ak¯=(A1An)-Ak. t1N and t2  {1,  , n}.

Privacy-preserving set operations on distributed sets are useful in privacy-preserving data mining and secure multi-party computations. Recently, a number of privacy-preserving set operations have been proposed, such as privacy-preserving set union protocols [15], [6], [2], privacy-preserving set intersection protocols [7], [15], [17], [20], [13], [21], [26], [3], [5], [22], and privacy-preserving subset protocols [15], [22]. Another protocol, a privacy-preserving over-threshold set union protocol, was proposed in [15], [22], [23].

Unfortunately, a collection of known privacy-preserving set operations is not enough to extract the set elements defined by DNF in a privacy-preserving manner. For instance, suppose we want to find the elements that exactly k parties have. That is, we want to find SRk. We might try to use the privacy-preserving over-threshold set union protocol to find SRk. A privacy-preserving over-threshold set union protocol Ok is used to find the elements which more than k parties have. Using two over-threshold set unions Ok and Ok+1 we can get SRk=Ok-Ok+1. However, this approach reveals some information besides just SRk. That is, the elements in Ok+1 are additionally revealed. A good privacy-preserving protocol should not reveal any extra information such as Ok+1. We can find SRk using our privacy-preserving protocol for DNF operations without revealing any extra information. Our protocol can find any arbitrarily-defined set elements which can be represented as DNF in a privacy-preserving manner (See Fig. 2.).

In this paper, we proposed a privacy-preserving protocol for DNF operations with distributed sets which does not reveal any other information except the information which can be inferred from the DNF operations. Our privacy-preserving protocol for DNF operations with distributed sets makes it possible to construct many useful relationships between sets such as set union and (threshold) set intersection, as well as a set of k-repeated elements, while preserving the privacy of all the parties involved. Our privacy-preserving protocol is the first construction for DNF operations on distributed sets.

The rest of the paper is organized as follows: In Section 2, we define security notions and review primitives. In Section 3, we suggest sub-protocols which were used in our main protocol. We propose our main protocol, the privacy-preserving protocol for DNF operations with distributed sets, in Section 4. Finally, we conclude the paper in Section 5.

Section snippets

Preliminaries

In this section, we define the security in the presence of honest-but-curious adversaries and describe the cryptographic tools which were used in this paper.

Privacy-preserving sub-protocol

In this section, we describe a privacy-preserving set union protocol EncUnion and a privacy-preserving membership test protocol TestMem which were both used in our main protocol. These protocols are secure against honest-but-curious adversaries. Table 1 shows the complexities of EncUnion and TestMem.

Privacy-preserving protocol for DNF operations with distributed sets

In this section, we construct our main protocol, the privacy-preserving protocol PPDNF, for DNF operations with distributed sets. A DNF operation on distributed sets can be used to find a set SF satisfying SF=(S1,1S1,t2)(St1,1St1,t2), where Si,j{A1,,An,A1¯,,An¯} and set Ak is owned by party Pk. A complement set Ak¯ is defined as Ak¯=(A1An)-Ak.

If a protocol is a privacy-preserving protocol for DNF operations, each party Pk gets SF through the protocol but cannot extract more

Conclusion

We have constructed a privacy-preserving protocol for DNF operations, PPDNF, with distributed sets to find a set SF satisfying SF=(S1,1S1,t2)(St1,1St1,t2) in a privacy-preserving manner, where Si,j{A1,,An,A1¯,,An¯} and a complement set Ak¯ is defined as Ak¯=(A1An)-Ak. PPDNF does not reveal any other information besides just the information which could be inferred from an output set SF and the size of each private set.

PPDNF reveals the size of each private set, since PPDNF is

Acknowledgement

This work was partly supported by the IT R& D program of MKE/KEIT [KI002113, Development of Security Technology for Car-Healthcare], the IT R& D program of MKE, Korea [Development of Privacy Enhancing Cryptography on Ubiquitous Computing Environment], and Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (2010-0024219).

References (26)

  • N. Matatov et al.

    Privacy-preserving data mining: a feature set partitioning approach

    Information Sciences

    (2010)
  • D. Shah et al.

    Two methods for privacy preserving data mining with malicious participants

    Information Sciences

    (2007)
  • R. Agrawal, R. Srikant, Privacy-Preserving Data Mining, in: Proceedings 19th ACM SIGMOD Conference on Management of...
  • S. Böttcher et al.

    Secure set union and bag union computation for guaranteeing anonymity of distrustful participants

    Journal of Software

    (2008)
  • J. Camenisch, G.M. Zaverucha, Private Intersection of Certified Sets, in: Proceedings Financial Cryptography and Data...
  • Y. Desmedt, K. Kurosawa, How to Break a Practical MIX and Design a New One, Advances in Cryptology – in: Proceedings...
  • D. Dachman-Soled, T. Malkin, M. Raykova, M. Yung, Efficient robust private set intersection, in: Proceedings 7th...
  • K.B. Frikken, Privacy preserving set union, in: Proceedings 5th International Conference on Applied Cryptography and...
  • M.J. Freedman, K. Nissim, B. Pinkas, Efficient private matching and set intersection, in: Proceedings EUROCRYPT...
  • J. Furukawa, K. Sako, An Efficient Scheme for Proving a Shuffle, in: Proceedings CRYPTO Advances in Cryptology 2001,...
  • C. Gentry, Fully homomorphic encryption using ideal lattices, in: Proceedings 41st ACM Symposium on Theory of Computing...
  • C. Gentry, S. Halevi, Implementing gentry’s fully-homomorphic encryption scheme, in press in the proceeding of...
  • M. Dijk, C. Gentry, S. Halevi, V. Vaikuntanathan, Fully Homomorphic Encryption over the Integers, in: Proceedings...
  • Cited by (0)

    View full text