Vincent Bindschaedler
Ersin Uzun
ABSTRACT
We consider the problem of privacy-preserving data aggregation in a star network topology, i.e., several untrusting participants connected to a single aggregator. We require that the participants do not discover each other's data, and the service provider remains oblivious to each participant's individual contribution. Furthermore, the final result is to be published in a differentially private manner, i.e., the result should not reveal the contribution of any single participant to a (possibly external) adversary who knows the contributions of all other participants. In other words, we require a secure multiparty computation protocol that also incorporates a differentially private mechanism. Previous solutions have resorted to caveats such as postulating a trusted dealer to distribute keys to the participants, or introducing additional entities to withhold the decryption key from the aggregator, or relaxing the star topology by allowing pairwise communication amongst the participants. In this paper, we show how to obtain a noisy (differentially private) aggregation result using Shamir secret sharing and additively homomorphic encryption without these mitigating assumptions. More importantly, while we assume semi-honest participants, we allow the aggregator to be stronger than semi-honest, specifically in the sense that he can try to reduce the noise in the differentially private result.
To respect the differential privacy requirement, collusions of mutually untrusting entities need to be analyzed differently from traditional secure multiparty computation: It is not sufficient that such collusions do not reveal the data of honest participants; we must also ensure that the colluding entities cannot undermine differential privacy by reducing the amount of noise in the final result. Our protocols avoid this by requiring that no entity -- neither the aggregator nor any participant -- knows how much noise a participant contributes to the final result. We also ensure that if a cheating aggregator tries to influence the noise term in the differentially private output, he can be detected with overwhelming probability.
- G. Ács and C. Castelluccia. I have a DREAM! (differentially private smart metering). In Information Hiding, pages 118--132, 2011. Google Scholar
Cross Ref
- M. Ben-Or, S. Goldwasser, and A. Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 1--10, 1988. Google ScholarDigital Library
- I. Bilogrevic, J. Freudiger, E. De Cristofaro, and E. Uzun. What's the gist? privacy-preserving aggregation of user profiles. In Computer Security-ESORICS 2014, pages 128--145. 2014.Google ScholarDigital Library
- T.-H. H. Chan, E. Shi, and D. Song. Privacy-preserving stream aggregation with fault tolerance. In Financial Cryptography and Data Security, pages 200--214. 2012.Google ScholarCross Ref
- I. Damgård, M. Jurik, and J. Nielsen. A generalization of Paillier's public-key system with applications to electronic voting. International Journal of Information Security, 9(6):371--385, 2010. Google ScholarDigital Library
- C. Dwork. Differential privacy: A survey of results. In Theory and applications of models of computation, pages 1--19. Springer, 2008. Google ScholarDigital Library
- C. Dwork and A. Roth. The algorithmic foundations of differential privacy. Theoretical Computer Science, 9(3--4):211--407, 2013. Google ScholarDigital Library
- Z. Erkin, J. R. Troncoso-Pastoriza, R. Lagendijk, and F. Perez-Gonzalez. Privacy-preserving data aggregation in smart metering systems: An overview. Signal Processing Magazine, IEEE, 30(2):75--86, 2013.Google ScholarCross Ref
- Z. Erkin and G. Tsudik. Private computation of spatial and temporal power consumption with smart meters. In Applied Cryptography and Network Security, pages 561--577, 2012. Google ScholarDigital Library
- F. Garcia and B. Jacobs. Privacy-friendly energy-metering via homomorphic encryption. In Security and Trust Management, pages 226--238. 2011. Google ScholarDigital Library
- M. Jawurek and F. Kerschbaum. Fault-tolerant privacy-preserving statistics. In Privacy Enhancing Technologies, pages 221--238, 2012. Google ScholarDigital Library
- M. Joye and B. Libert. A scalable scheme for privacy-preserving aggregation of time-series data. In Financial Cryptography and Data Security, pages 111--125. 2013.Google ScholarCross Ref
- D. E. Knuth. Seminumerical Algorithms, The art of computer programming, Vol. 2, Section 4.6, 1981.Google Scholar
- S. Koltz, T. Kozubowski, and K. Podgorski. The laplace distribution and generalizations, 2001.Google Scholar
- K. Kursawe, G. Danezis, and M. Kohlweiss. Privacy-friendly aggregation for the smart-grid. In Privacy Enhancing Technologies, pages 175--191, 2011. Google ScholarCross Ref
- I. Leontiadis, K. Elkhiyaoui, and R. Molva. Private and dynamic time-series data aggregation with trust relaxation. In Cryptology and Network Security, pages 305--320. Springer, 2014. Google ScholarDigital Library
- I. Mironov. On significance of the least significant bits for differential privacy. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 650--661. ACM, 2012. Google ScholarDigital Library
- K. Nissim, S. Raskhodnikova, and A. Smith. Smooth sensitivity and sampling in private data analysis. In Proceedings of the thirty-ninth annual ACM symposium on Theory of computing, pages 75--84. ACM, 2007. Google ScholarDigital Library
- P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Advances in cryptology, EUROCRYPT99, pages 223--238, 1999. Google ScholarDigital Library
- S. Rane, J. Freudiger, A. Brito, and E. Uzun. Privacy, efficiency and fault tolerance in aggregate computations on massive star networks. In IEEE Workshop on Information Forensics and Security (WIFS 2015), Rome, Italy, November 2015.Google ScholarCross Ref
- A. Shamir. How to share a secret. Communications of the ACM, 22(11):612--613, 1979. Google ScholarDigital Library
- E. Shi, T.-H. H. Chan, E. Rieffel, R. Chow, and D. Song. Privacy-preserving aggregation of time-series data. In NDSS, volume 2, page 4, 2011.Google Scholar
- J. Stern. A new and efficient all-or-nothing disclosure of secrets protocol. In Advances in Cryptology ASIACRYPT'98, pages 357--371. Springer, 1998. Google ScholarDigital Library
Index Terms
- Achieving Differential Privacy in Secure Multiparty Data Aggregation Protocols on Star Networks
Recommendations
Secure Multiparty Sampling of a Biased Coin for Differential Privacy
Computer Security. ESORICS 2023 International WorkshopsAbstractSampling a biased coin is a key primitive in designing secure multiparty computation (MPC) for differentially private mechanisms. We explore privately sampling a biased coin from l unbiased coins and offer an unconditionally secure MPC protocol ...
Efficient Noise Generation to Achieve Differential Privacy with Applications to Secure Multiparty Computation
Financial Cryptography and Data SecurityAbstractThis paper studies the problem of constructing secure multiparty computation protocols whose outputs satisfy differential privacy. We first provide a general framework for multiparty protocols generating shares of noise drawn from distributions ...
Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority
A multiparty protocol to compute a function f(x 1, ..., x n ) operates as follows: each of n processors holds an input x i , and jointly they must compute and reveal f(x 1, ..., x n ) without revealing any additional information about the inputs. The ...
Comments