research-article

Securely Sampling Discrete Gaussian Noise for Multi-Party Differential Privacy

Authors:

Tianhao WangAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 2262 - 2276

https://doi.org/10.1145/3576915.3616641

Published: 21 November 2023 Publication History

Abstract

Differential Privacy (DP) is a widely used technique for protecting individuals' privacy by limiting what can be inferred about them from aggregate data. Recently, there have been efforts to implement DP using Secure Multi-Party Computation (MPC) to achieve high utility without the need for a trusted third party. One of the key components of implementing DP in MPC is noise sampling. Our work presents the first MPC solution for sampling discrete Gaussian, a common type of noise used for constructing DP mechanisms, which plays nicely with malicious secure MPC protocols.

Our solution is both generic, supporting various MPC protocols and any number of parties, and efficient, relying primarily on bit operations and avoiding computation with transcendental functions or non-integer arithmetic. Our experiments show that our method can generate 215 discrete Gaussian samples with a standard deviation of 20 and a security parameter of 128 in 1.5 minutes.

References

[1]

Balamurugan Anandan and Chris Clifton. 2015. Laplace noise generation for two-party computational differential privacy. In 2015 13th Annual Conference on Privacy, Security and Trust (PST). IEEE, 54--61.

[2]

Victor Balcer and Albert Cheu. 2019. Separating local & shuffled differential privacy via histograms. arXiv preprint arXiv:1911.06879 (2019).

[3]

D Beaver, S Micali, and P Rogaway. The round complexity of secure protocols extended abstract. In 22nd ACM STOC.

[4]

Andrea Bittau, Úlfar Erlingsson, Petros Maniatis, Ilya Mironov, Ananth Raghunathan, David Lie, Mitch Rudominer, Ushasree Kode, Julien Tinnes, and Bernhard Seefeld. 2017. Prochlo: Strong privacy for analytics in the crowd. In Proceedings of the 26th symposium on operating systems principles. 441--459.

Digital Library

[5]

Jonas Böhler and Florian Kerschbaum. 2020. Secure multi-party computation of differentially private median. In 29th {USENIX} Security Symposium ({USENIX} Security 20). 2147--2164.

[6]

Jonas Böhler and Florian Kerschbaum. 2021. Secure Multi-party Computation of Differentially Private Heavy Hitters. (2021).

[7]

Clément L Canonne, Gautam Kamath, and Thomas Steinke. 2020. The discrete gaussian for differential privacy. arXiv preprint arXiv:2004.00010 (2020).

[8]

Jeffrey Champion, Abhi Shelat, and Jonathan Ullman. 2019. Securely sampling biased coins with applications to differential privacy. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 603--614.

Digital Library

[9]

David Chaum. 1984. Blind signature system. In Advances in Cryptology: Proceedings of Crypto 83. Springer, 153--153.

[10]

Albert Cheu, Adam Smith, Jonathan Ullman, David Zeber, and Maxim Zhilyaev. 2019. Distributed differential privacy via shuffling. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 375--403.

Digital Library

[11]

Bolin Ding, Janardhan Kulkarni, and Sergey Yekhanin. 2017. Collecting telemetry data privately. Advances in Neural Information Processing Systems, Vol. 30 (2017).

[12]

Léo Ducas, Alain Durmus, Tancrède Lepoint, and Vadim Lyubashevsky. 2013. Lattice signatures and bimodal Gaussians. In Annual Cryptology Conference. Springer, 40--56.

[13]

Léo Ducas and Phong Q Nguyen. 2012. Faster Gaussian lattice sampling using lazy floating-point arithmetic. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 415--432.

Digital Library

[14]

Nagarjun C Dwarakanath and Steven D Galbraith. 2014. Sampling from discrete Gaussians for lattice-based cryptography on a constrained device. Applicable Algebra in Engineering, Communication and Computing, Vol. 25, 3 (2014), 159--180.

Digital Library

[15]

Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, and Moni Naor. 2006. Our data, ourselves: Privacy via distributed noise generation. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 486--503.

Digital Library

[16]

Fabienne Eigner, Aniket Kate, Matteo Maffei, Francesca Pampaloni, and Ivan Pryvalov. 2014. Differentially private data aggregation with optimal utility. In Proceedings of the 30th Annual Computer Security Applications Conference. 316--325.

Digital Library

[17]

Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. 2014. Rappor: Randomized aggregatable privacy-preserving ordinal response. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. 1054--1067.

Digital Library

[18]

David Evans, Vladimir Kolesnikov, Mike Rosulek, et al. 2018. A pragmatic introduction to secure multi-party computation. Foundations and Trends® in Privacy and Security, Vol. 2, 2--3 (2018), 70--246.

[19]

Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. 2008. Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of the fortieth annual ACM symposium on Theory of computing. 197--206.

Digital Library

[20]

Oded Goldreich, Silvio Micali, and Avi Wigderson. 2019. How to play any mental game, or a completeness theorem for protocols with honest majority. Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali. 307--328.

[21]

Slawomir Goryczka and Li Xiong. 2015. A comprehensive comparison of multiparty secure additions with differential privacy. IEEE transactions on dependable and secure computing, Vol. 14, 5 (2015), 463--477.

[22]

Mikko Heikkilä, Eemil Lagerspetz, Samuel Kaski, Kana Shimizu, Sasu Tarkoma, and Antti Honkela. 2017. Differentially private bayesian learning on distributed data. Advances in neural information processing systems, Vol. 30 (2017).

[23]

Jiankai Jin, Eleanor McMurtry, Benjamin IP Rubinstein, and Olga Ohrimenko. 2022. Are we there yet? timing and floating-point attacks on differential privacy systems. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 473--488.

[24]

Peter Kairouz, Ziyu Liu, and Thomas Steinke. 2021. The distributed discrete gaussian mechanism for federated learning with secure aggregation. arXiv preprint arXiv:2102.06387 (2021).

[25]

Angshuman Karmakar, Sujoy Sinha Roy, Oscar Reparaz, Frederik Vercauteren, and Ingrid Verbauwhede. 2018. Constant-time discrete gaussian sampling. IEEE Trans. Comput., Vol. 67, 11 (2018), 1561--1571.

Digital Library

[26]

Angshuman Karmakar, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. 2019. Pushing the speed limit of constant-time discrete Gaussian sampling. A case study on the Falcon signature scheme. In Proceedings of the 56th Annual Design Automation Conference 2019. 1--6.

Digital Library

[27]

Charles FF Karney. 2016. Sampling exactly from the normal distribution. ACM Transactions on Mathematical Software (TOMS), Vol. 42, 1 (2016), 1--14.

Digital Library

[28]

Shiva Prasad Kasiviswanathan, Homin K Lee, Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. 2011. What can we learn privately? SIAM J. Comput., Vol. 40, 3 (2011), 793--826.

Digital Library

[29]

Marcel Keller. 2020. MP-SPDZ: A versatile framework for multi-party computation. In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security. 1575--1590.

Digital Library

[30]

Andrew McGregor, Ilya Mironov, Toniann Pitassi, Omer Reingold, Kunal Talwar, and Salil Vadhan. 2010. The limits of two-party differential privacy. In 2010 IEEE 51st Annual Symposium on Foundations of Computer Science. IEEE, 81--90.

Digital Library

[31]

Ilya Mironov. 2012. On significance of the least significant bits for differential privacy. In Proceedings of the 2012 ACM conference on Computer and communications security. 650--661.

Digital Library

[32]

Chris Peikert. 2010. An efficient and parallel Gaussian sampler for lattices. In Annual Cryptology Conference. Springer, 80--97.

[33]

Sikha Pentyala, Davis Railsback, Ricardo Maia, Rafael Dowsley, David Melanson, Anderson Nascimento, and Martine De Cock. 2022. Training Differentially Private Models with Secure Multiparty Computation. arXiv preprint arXiv:2202.02625 (2022).

[34]

Ryan Rogers. 2020. A Differentially Private Data Analytics $$API$$ at Scale. In 2020 {USENIX} Conference on Privacy Engineering Practice and Respect ($$PEPR$$ 20).

[35]

R Rogers, S Subramaniam, S Peng, D Durfee, S Lee, Santosh Kumar Kancha, S Sahay, P Ahammad, and API LinkedIn's Audience Engagements. 2020. A privacy preserving data analytics system at scale. Linkedin's audience engagements api (2020).

[36]

Markku-Juhani O Saarinen. 2018. Arithmetic coding and blinding countermeasures for lattice signatures. Journal of Cryptographic Engineering, Vol. 8, 1 (2018), 71--84.

[37]

Apple's Differential Privacy Team. 2017. Learning with privacy at scale. (2017).

[38]

WWDC. 2016. Engineering privacy for your users. (2016).

[39]

Andrew C Yao. 1982. Protocols for secure computations. In 23rd annual symposium on foundations of computer science (sfcs 1982). IEEE, 160--164.

Digital Library

Cited By

Pentyala SPereira MDe Cock MSalakhutdinov RKolter ZHeller KWeller AOliver NScarlett JBerkenkamp F(2024)CaPSProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3693709(40397-40413)Online publication date: 21-Jul-2024
https://dl.acm.org/doi/10.5555/3692070.3693709
Fu YWang TLuo BLiao XXu JKirda ELie D(2024)Benchmarking Secure Sampling Protocols for Differential PrivacyProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690257(318-332)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690257

Index Terms

Securely Sampling Discrete Gaussian Noise for Multi-Party Differential Privacy
1. Mathematics of computing
  1. Probability and statistics
    1. Probabilistic algorithms
2. Security and privacy
  1. Security services
    1. Privacy-preserving protocols

Recommendations

Multi-Party Computation with Omnipresent Adversary
Irvine: Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09

Secure multi-party computation (MPC) protocols enable a set of <em>n</em> mutually distrusting participants <em>P</em> ₁ , ..., <em>P</em> _<em>n</em> , each with their own private input <em>x</em> _<em>i</em> , to compute a function <em>Y</em> = <em>...
Passive corruption in statistical multi-party computation
ICITS'12: Proceedings of the 6th international conference on Information Theoretic Security

The goal of Multi-Party Computation (MPC) is to perform an arbitrary computation in a distributed, private, and fault-tolerant way. For this purpose, a fixed set of n parties runs a protocol that tolerates an adversary corrupting a subset of the parties,...
Benchmarking Secure Sampling Protocols for Differential Privacy
CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

Differential privacy (DP) is widely employed to provide privacy protection for individuals by limiting information leakage from the aggregated data. Two well-known models of DP are the central model and the local model. The former requires a trustworthy ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
742
Total Downloads

Downloads (Last 12 months)422
Downloads (Last 6 weeks)19

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pentyala SPereira MDe Cock MSalakhutdinov RKolter ZHeller KWeller AOliver NScarlett JBerkenkamp F(2024)CaPSProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3693709(40397-40413)Online publication date: 21-Jul-2024
https://dl.acm.org/doi/10.5555/3692070.3693709
Fu YWang TLuo BLiao XXu JKirda ELie D(2024)Benchmarking Secure Sampling Protocols for Differential PrivacyProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690257(318-332)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690257

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten