Martine de Cock
ABSTRACT
This work proposes a protocol for performing linear regression over a dataset that is distributed over multiple parties. The parties will jointly compute a linear regression model without actually sharing their own private datasets. We provide security definitions, a protocol, and security proofs. Our solution is information-theoretically secure and is based on the assumption that a Trusted Initializer pre-distributes random, correlated data to the parties during a setup phase. The actual computation happens later on, during an online phase, and does not involve the trusted initializer. Our online protocol is orders of magnitude faster than previous solutions. In the case where a trusted initializer is not available, we propose a computationally secure two-party protocol based on additive homomorphic encryption that substitutes the trusted initializer. In this case, the online phase remains the same and the offline phase is computationally heavy. However, because the computations in the offline phase happen over random data, the overall problem is embarrassingly parallelizable, making it faster than existing solutions for processors with an appropriate number of cores.
- M. Aliasgari, M. Blanton, Y. Zhang, and A. Steele. Secure computation on floating point numbers. In ISOC Network and Distributed System Security Symposium -- NDSS 2013, San Diego, California, USA, Feb. 24--27, 2013. The Internet Society.Google Scholar
- D. Beaver. Precomputing oblivious transfer. In D. Coppersmith, editor, Advances in Cryptology -- CRYPTO'95, volume 963 of Lecture Notes in Computer Science, pages 97--109, Santa Barbara, CA, USA, Aug. 27--31, 1995. Springer, Berlin, Germany. Google ScholarDigital Library
- D. Beaver. Commodity-based cryptography (extended abstract). In 29th Annual ACM Symposium on Theory of Computing, pages 446--455, El Paso, Texas, USA, May 4--6, 1997. ACM Press. Google ScholarDigital Library
- D. Beaver. One-time tables for two-party computation. In Computing and Combinatorics, pages 361--370. Springer, 1998. Google ScholarDigital Library
- D. Beaver. Server-assisted cryptography. In Proceedings of the 1998 workshop on New security paradigms, NSPW '98, pages 92--106, New York, NY, USA, 1998. ACM. Google ScholarDigital Library
- R. Bendlin, I. Damgård, C. Orlandi, and S. Zakarias. Semi-homomorphic encryption and multiparty computation. In K. G. Paterson, editor, Advances in Cryptology -- EUROCRYPT 2011, volume 6632 of Lecture Notes in Computer Science, pages 169--188, Tallinn, Estonia, May 15--19, 2011. Springer, Berlin, Germany. Google ScholarDigital Library
- C. Blundo, B. Masucci, D. R. Stinson, and R. Wei. Constructions and bounds for unconditionally secure non-interactive commitment schemes. Des. Codes Cryptography, 26(1--3):97--110, June 2002. Google ScholarDigital Library
- R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In 42nd Annual Symposium on Foundations of Computer Science, pages 136--145, Las Vegas, Nevada, USA, Oct. 14--17, 2001. IEEE Computer Society Press. Google ScholarDigital Library
- O. Catrina and A. Saxena. Secure computation with fixed-point numbers. In R. Sion, editor, FC 2010: 14th International Conference on Financial Cryptography and Data Security, volume 6052 of Lecture Notes in Computer Science, pages 35--50, Tenerife, Canary Islands, Spain, Jan. 25--28, 2010. Springer, Berlin, Germany. Google ScholarDigital Library
- I. Damgård, M. Keller, E. Larraia, V. Pastro, P. Scholl, and N. P. Smart. Practical covertly secure MPC for dishonest majority - or: Breaking the SPDZ limits. In J. Crampton, S. Jajodia, and K. Mayes, editors, ESORICS 2013: 18th European Symposium on Research in Computer Security, volume 8134 of Lecture Notes in Computer Science, pages 1--18, Egham, UK, Sept. 9--13, 2013. Springer, Berlin, Germany.Google Scholar
- I. Damgård, V. Pastro, N. P. Smart, and S. Zakarias. Multiparty computation from somewhat homomorphic encryption. In R. Safavi-Naini and R. Canetti, editors, Advances in Cryptology -- CRYPTO 2012, volume 7417 of Lecture Notes in Computer Science, pages 643--662, Santa Barbara, CA, USA, Aug. 19--23, 2012. Springer, Berlin, Germany.Google Scholar
- R. Dowsley, J. Graaf, D. Marques, and A. C. A. Nascimento. A two-party protocol with trusted initializer for computing the inner product. In Y. Chung and M. Yung, editors, WISA 10: 11th International Workshop on Information Security Applications, volume 6513 of Lecture Notes in Computer Science, pages 337--350, Jeju Island, Korea, Aug. 24--26, 2010. Springer, Berlin, Germany. Google ScholarDigital Library
- R. Dowsley, J. Müller-Quade, A. Otsuka, G. Hanaoka, H. Imai, and A. C. A. Nascimento. Universally composable and statistically secure verifiable secret sharing scheme based on pre-distributed data. IEICE Transactions, 94-A(2):725--734, 2011.Google Scholar
- W. Du, Y. S. Han, and S. Chen. Privacy-preserving multivariate statistical analysis: Linear regression and classification. In In Proceedings of the 4th SIAM International Conference on Data Mining, pages 222--233, 2004.Google ScholarCross Ref
- J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, and R. N. Wright. Secure multiparty computation of approximations. In Automata, Languages and Programming, 28th International Colloquium, ICALP 2001, Crete, Greece, July 8--12, 2001, Proceedings, pages 927--938, 2001. Google ScholarDigital Library
- J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. J. Strauss, and R. N. Wright. Secure multiparty computation of approximations. ACM Transactions on Algorithms, 2(3):435--472, 2006. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography: Basic Applications, volume 2. Cambridge University Press, Cambridge, UK, 2004. Google ScholarDigital Library
- C.-H. Guo and N. J. Higham. A schur-newton method for the matrix p'th root and its inverse. SIAM Journal On Matrix Analysis and Applications, 28(3):788--804, oct 2006. Google ScholarDigital Library
- R. Hall, S. E. Fienberg, and Y. Nardi. Secure multiple linear regression based on homomorphic encryption. Journal of Official Statistics, 27(4):669--691, 2011.Google Scholar
- Y. Ishai, E. Kushilevitz, S. Meldgaard, C. Orlandi, and A. Paskin-Cherniavsky. On the power of correlated randomness in secure computation. In Theory of Cryptography, pages 600--620. Springer, 2013. Google ScholarDigital Library
- A. F. Karr, X. Lin, A. P. Sanil, and J. P. Reiter. Secure regression on distributed databases. Journal of Computational and Graphical Statistics, 14(2):263--279, 2005.Google ScholarCross Ref
- A. F. Karr, X. Lin, A. P. Sanil, and J. P. Reiter. Privacy-preserving analysis of vertically partitioned data using secure matrix products. Journal of Official Statistics, 25(1):125, 2009.Google Scholar
- E. Kiltz, G. Leander, and J. Malone-Lee. Secure computation of the mean and related statistics. In J. Kilian, editor, TCC 2005: 2nd Theory of Cryptography Conference, volume 3378 of Lecture Notes in Computer Science, pages 283--302, Cambridge, MA, USA, Feb. 10--12, 2005. Springer, Berlin, Germany. Google ScholarDigital Library
- A. C. A. Nascimento, J. Müller-Quade, A. Otsuka, G. Hanaoka, and H. Imai. Unconditionally secure homomorphic pre-distributed bit commitment and secure two-party computations. In C. Boyd and W. Mao, editors, ISC 2003: 6th International Conference on Information Security, volume 2851 of Lecture Notes in Computer Science, pages 151--164, Bristol, UK, Oct. 1--3, 2003. Springer, Berlin, Germany.Google Scholar
- A. C. A. Nascimento, J. Müller-Quade, A. Otsuka, G. Hanaoka, and H. Imai. Unconditionally non-interactive verifiable secret sharing secure against faulty majorities in the commodity based model. In M. Jakobsson, M. Yung, and J. Zhou, editors, ACNS 04: 2nd International Conference on Applied Cryptography and Network Security, volume 3089 of Lecture Notes in Computer Science, pages 355--368, Yellow Mountain, China, June 8--11, 2004. Springer, Berlin, Germany.Google Scholar
- V. Nikolaenko, U. Weinsberg, S. Ioannidis, M. Joye, D. Boneh, and N. Taft. Privacy-preserving ridge regression on hundreds of millions of records. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 334--348. IEEE, 2013. Google ScholarDigital Library
- P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In J. Stern, editor, Advances in Cryptology -- EUROCRYPT'99, volume 1592 of Lecture Notes in Computer Science, pages 223--238, Prague, Czech Republic, May 2--6, 1999. Springer, Berlin, Germany. Google ScholarDigital Library
- R. L. Rivest. Unconditionally secure commitment and oblivious transfer schemes using private channels and a trusted initializer. Preprint available at http://people.csail.mit.edu/rivest/Rivest- commitment.pdf, 1999.Google Scholar
- A. P. Sanil, A. F. Karr, X. Lin, and J. P. Reiter. Privacy preserving regression modelling via distributed computation. In Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 677--682. ACM, 2004. Google ScholarDigital Library
- S. Shalev-Shwartz and S. Ben-David. Understanding Machine Learning: From Theory to Algorithms. Cambridge University Press, 2014. Google ScholarDigital Library
- R. Tonicelli, A. C. Nascimento, R. Dowsley, J. Müller-Quade, H. Imai, G. Hanaoka, and A. Otsuka. Information-theoretically secure oblivious polynomial evaluation in the commodity-based model. International Journal of Information Security, pages 1--12, 2014. Google ScholarDigital Library
Index Terms
- Fast, Privacy Preserving Linear Regression over Distributed Datasets based on Pre-Distributed Data
Recommendations
Efficient Unconditionally Secure Comparison and Privacy Preserving Machine Learning Classification Protocols
ProvSec 2015: Proceedings of the 9th International Conference on Provable Security - Volume 9451We propose an efficient unconditionally secure protocol for privacy preserving comparison of $$\ell $$ℓ-bit integers when both integers are shared between two semi-honest parties. Using our comparison protocol as a building block, we construct two-party ...
T-out-of-n distributed oblivious transfer protocols in non-adaptive and adaptive settings
ISPEC'12: Proceedings of the 8th international conference on Information Security Practice and ExperienceThe unconditionally secure Distributed Oblivious Transfer (DOT) protocol introduced by Naor and Pinkas allows a receiver to contact k servers and obtain one out of two secrets held by a sender. In its generalized version presented by Blundo, D'Arco, De ...
Scalar product-based distributed oblivious transfer
ICISC'10: Proceedings of the 13th international conference on Information security and cryptologyIn a distributed oblivious transfer (DOT) the sender is replaced with m servers, and the receiver must contact k (k ≤ m) of these servers to learn the secret of her choice. Naor and Pinkas introduced the first unconditionally secure DOT for a sender ...
Comments