skip to main content
10.1145/3664476.3664490acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article

Secure Noise Sampling for DP in MPC with Finite Precision

Published: 30 July 2024 Publication History

Abstract

While secure multi-party computation (MPC) protects the privacy of inputs and intermediate values of a computation, differential privacy (DP) ensures that the output itself does not reveal too much about individual inputs. For this purpose, MPC can be used to generate noise and add this noise to the output. However, securely generating and adding this noise is a challenge considering real-world implementations on finite-precision computers, since many DP mechanisms guarantee privacy only when noise is sampled from continuous distributions requiring infinite precision.
We introduce efficient MPC protocols that securely realize noise sampling for several plaintext DP mechanisms that are secure against existing precision-based attacks: the discrete Laplace and Gaussian mechanisms, the snapping mechanism, and the integer-scaling Laplace and Gaussian mechanisms. Due to their inherent trade-offs, the favorable mechanism for a specific application depends on the available computation resources, type of function evaluated, and desired (ϵ, δ)-DP guarantee.
The benchmarks of our protocols implemented in the state-of-the-art MPC framework MOTION (Braun et al., TOPS’22) demonstrate highly efficient online runtimes of less than 32 ms/query and down to about 1ms/query with batching in the two-party setting. Also the respective offline phases are practical, requiring only 51 ms to 5.6 seconds/query depending on the batch size.

Supplemental Material

PDF File
appendix

References

[1]
Martín Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep Learning with Differential Privacy. In CCS.
[2]
Abbas Acar, Berkay Celik, Hidayet Aksu, Selcuk Uluagac, and Patrick McDaniel. 2017. Achieving Secure and Differentially Private Computations in Multiparty Settings. In PAC.
[3]
Gergely Ács and Claude Castelluccia. 2011. I Have a DREAM! (DiffeRentially privatE smArt Metering). In Information Hiding (IH).
[4]
Mehrdad Aliasgari, Marina Blanton, Yihua Zhang, and Aaron Steele. 2013. Secure Computation on Floating Point Numbers. In NDSS.
[5]
Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof, and Kazuma Ohara. 2016. High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority. In CCS.
[6]
David Archer, Shahla Atapoor, and Nigel Smart. 2021. The Cost of IEEE Arithmetic in Secure Computation. In LATINCRYPT.
[7]
Gilad Asharov, Shai Halevi, Yehuda Lindell, and Tal Rabin. 2018. Privacy-Preserving Search of Similar Patients in Genomic Data. In PETS.
[8]
Krishna Athreya and Soumendra Lahiri. 2006. Measure theory and probability theory. Springer Texts in Statistics.
[9]
John Awoyemi, Adebayo Adetunmbi, and Samuel Oluwadare. 2017. Credit card fraud detection using machine learning techniques: A comparative analysis. In International Conference on Computing Networking and Informatics (ICCNI).
[10]
Borja Balle and Yu-Xiang Wang. 2018. Improving the Gaussian Mechanism for Differential Privacy: Analytical Calibration and Optimal Denoising. In ICML.
[11]
Elaine Barker and John Kelsey. 2015. Recommendation for Random Number Generation Using Deterministic Random Bit Generators. Special Publication NIST.
[12]
Amos Beimel, Kobbi Nissim, and Eran Omri. 2008. Distributed Private Data Analysis: Simultaneously Solving How and What. In Advances in Cryptology – CRYPTO 2008, David Wagner (Ed.). Springer Berlin Heidelberg.
[13]
James Bell, Kallista Bonawitz, Adrià Gascón, Tancrède Lepoint, and Mariana Raykova. 2020. Secure Single-Server Aggregation with (Poly)Logarithmic Overhead. In CCS.
[14]
Aner Ben-Efraim, Yehuda Lindell, and Eran Omri. 2016. Optimizing Semi-Honest Secure Multiparty Computation for the Internet. In CCS.
[15]
Igor Bilogrevic, Julien Freudiger, Emiliano De Cristofaro, and Ersin Uzun. 2014. What’s the Gist? Privacy-Preserving Aggregation of User Profiles. In ESORICS.
[16]
Timm Birka, Kay Hamacher, Tobias Kussel, Helen Möllering, and Thomas Schneider. 2022. SPIKE: secure and private investigation of the kidney exchange problem. BMC Medical Informatics Decision Making (2022).
[17]
Dan Bogdanov, Sven Laur, and Jan Willemson. 2008. Sharemind: A Framework for Fast Privacy-Preserving Computations. In ESORICS.
[18]
Jonas Böhler and Florian Kerschbaum. 2021. Secure Multi-party Computation of Differentially Private Heavy Hitters. In CCS.
[19]
Lennart Braun, Daniel Demmler, Thomas Schneider, and Oleksandr Tkachenko. 2022. MOTION–A Framework for Mixed-Protocol Multi-Party Computation. In TOPS.
[20]
Niklas Büscher, Daniel Demmler, Stefan Katzenbeisser, David Kretzmer, and Thomas Schneider. 2018. HyCC: Compilation of Hybrid Protocols for Practical Secure Computation. In CCS.
[21]
Niklas Büscher, Andreas Holzer, Alina Weber, and Stefan Katzenbeisser. 2016. Compiling Low Depth Circuits for Practical Secure Computation. In ESORICS.
[22]
David Byrd and Antigoni Polychroniadou. 2020. Differentially private secure multi-party computation for federated learning in financial applications. In ICAIF.
[23]
Clément Canonne, Gautam Kamath, and Thomas Steinke. 2020. The Discrete Gaussian for Differential Privacy. In NeurIPS.
[24]
Sílvia Casacuberta, Michael Shoemate, Salil Vadhan, and Connor Wagaman. 2022. Widespread Underestimation of Sensitivity in Differentially Private Libraries and How to Fix It. In CCS.
[25]
Octavian Catrina and Amitabh Saxena. 2010. Secure Computation with Fixed-Point Numbers. In FC.
[26]
Berkay Celik, David Lopez-Paz, and Patrick McDaniel. 2017. Patient-Driven Privacy Control through Generalized Distillation. In PAC.
[27]
Jeffrey Champion, Abhi Shelat, and Jonathan R. Ullman. 2019. Securely Sampling Biased Coins with Applications to Differential Privacy. In CCS.
[28]
Hubert Chan, Elaine Shi, and Dawn Song. 2012. Privacy-Preserving Stream Aggregation with Fault Tolerance. In FC.
[29]
Melissa Chase, Ran Gilad-Bachrach, Kim Laine, Kristin E. Lauter, and Peter Rindal. 2017. Private Collaborative Neural Network Learning. Cryptology ePrint Archive, Paper 2017/762, https://eprint.iacr.org/2017/762.
[30]
Albert Cheu and Chao Yan. 2022. Necessary Conditions in Multi-Server Differential Privacy. In ITCS.
[31]
Christopher A. Choquette-Choo, Natalie Dullerud, Adam Dziedzic, Yunxiang Zhang, Somesh Jha, Nicolas Papernot, and Xiao Wang. 2021. CaPC Learning: Confidential and Private Collaborative Learning. In ICLR.
[32]
Christian Covington. 2019. Snapping Mechanism Notes. https://github.com/ctcovington/floating_point/blob/master/snapping_mechanism/notes/snapping_implementation_notes.pdf, Accessed 2022-09-29.
[33]
Ronald Cramer, Ivan Damgård, Daniel Escudero, Peter Scholl, and Chaoping Xing. 2018. SPDMath 295: Efficient MPC mod 2k for Dishonest Majority. In CRYPTO.
[34]
Aref Dajani, Amy Lauger, Phyllis Singer, Daniel Kifer, Jerome Reiter, Ashwin Machanavajjhala, Simson Garfinkel, Scot Dahl, Matthew Graham, Vishesh Karwa, Hang Kim, Philip Leclerc, Ian Schmutte, William Sexton, Lars Vilhuber, and John Abowd. 2020. The modernization of statistical disclosure limitation at the U.S. Census Bureau. U.S. Census Bureau. https://www2.census.gov/cac/sac/meetings/2017-09/statistical-disclosure-limitation.pdf
[35]
Daniel Demmler, Ghada Dessouky, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider, and Shaza Zeitouni. 2015. Automated Synthesis of Optimized Circuits for Secure Computation. In CCS.
[36]
Daniel Demmler, Thomas Schneider, and Michael Zohner. 2015. ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In NDSS.
[37]
Luc Devroye. 1986. Non-Uniform Random Variate Generation. Springer Book Archive.
[38]
Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, and Moni Naor. 2006. Our Data, Ourselves: Privacy Via Distributed Noise Generation. In CRYPTO.
[39]
Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam D. Smith. 2006. Calibrating Noise to Sensitivity in Private Data Analysis. In TCC.
[40]
Cynthia Dwork and Aaron Roth. 2014. The Algorithmic Foundations of Differential Privacy. Foundations and Trends in Theoretical Computer Science (2014).
[41]
Fabienne Eigner, Matteo Maffei, Ivan Pryvalov, Francesca Pampaloni, and Aniket Kate. 2014. Differentially private data aggregation with optimal utility. In ACSAC.
[42]
Reo Eriguchi, Atsunori Ichikawa, Noboru Kunihiro, and Koji Nuida. 2021. Efficient Noise Generation to Achieve Differential Privacy with Applications to Secure Multiparty Computation. In FC.
[43]
Daniel Escudero, Satrajit Ghosh, Marcel Keller, Rahul Rachuri, and Peter Scholl. 2020. Improved Primitives for MPC over Mixed Arithmetic-Binary Circuits. In CRYPTO.
[44]
Vivian Fang, Lloyd Brown, William Lin, Wenting Zheng, Aurojit Panda, and Raluca Ada Popa. 2022. CostCO: An automatic cost modeling framework for secure multi-party computation. In IEEE EuroS&P.
[45]
Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. 2015. Model Inversion Attacks That Exploit Confidence Information and Basic Countermeasures. In CCS.
[46]
Ivan Gazeau, Dale Miller, and Catuscia Palamidessi. 2013. Preserving differential privacy under finite-precision semantics. In International Workshop on Quantitative Aspects of Programming Languages and Systems (QAPL).
[47]
Quan Geng, Peter Kairouz, Sewoong Oh, and Pramod Viswanath. 2015. The Staircase Mechanism in Differential Privacy. IEEE Journal of Selected Topics in Signal Processing (2015).
[48]
Arpita Ghosh, Tim Roughgarden, and Mukund Sundararajan. 2009. Universally utility-maximizing privacy mechanisms. In STOC.
[49]
Oded Goldreich, Silvio Micali, and Avi Wigderson. 1987. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In STOC.
[50]
Maoguo Gong, Jialun Feng, and Yu Xie. 2020. Privacy-enhanced multi-party deep learning. Neural Networks (2020).
[51]
Google. 2020. Secure noise generation. https://github.com/google/differential-privacy/blob/main/common_docs/Secure_Noise_Generation.pdf, Accessed 2022-09-29.
[52]
Google. 2022. Google’s differential privacy libraries. https://github.com/google/differential-privacy.git, Accessed 2022-09-29.
[53]
Samuel Haney, Damien Desfontaines, Luke Hartman, Ruchit Shrestha, and Michael Hay. 2022. Precision-based attacks and interval refining: how to break, then fix, differential privacy on finite computers. Journal of Privacy and Confidentiality (2022).
[54]
Jamie Hayes, Luca Melis, George Danezis, and Emiliano De Cristofaro. 2019. LOGAN: Membership Inference Attacks Against Generative Models. In PETS.
[55]
Mikko Heikkilä, Eemil Lagerspetz, Samuel Kaski, Kana Shimizu, Sasu Tarkoma, and Antti Honkela. 2017. Differentially private Bayesian learning on distributed data. In NeurIPS.
[56]
Muhammad Ishaq, Ana L. Milanova, and Vassilis Zikas. 2019. Efficient MPC via Program Analysis: A Framework for Efficient Optimal Mixing. In CCS.
[57]
Matthew Jagielski, Jonathan Ullman, and Alina Oprea. 2020. Auditing Differentially Private Machine Learning: How Private is Private SGD?. In NeurIPS.
[58]
Bargav Jayaraman, Lingxiao Wang, David Evans, and Quanquan Gu. 2018. Distributed Learning without Distress: Privacy-Preserving Empirical Risk Minimization. In NeurIPS.
[59]
Jiankai Jin, Eleanor McMurtry, Benjamin Rubinstein, and Olga Ohrimenko. 2022. Are We There Yet? Timing and Floating-Point Attacks on Differential Privacy Systems. In IEEE S&P.
[60]
Marc Joye and Benoît Libert. 2013. A Scalable Scheme for Privacy-Preserving Aggregation of Time-Series Data. In FC.
[61]
Peter Kairouz, Ziyu Liu, and Thomas Steinke. 2021. The Distributed Discrete Gaussian Mechanism for Federated Learning with Secure Aggregation. In ICML.
[62]
Seny Kamara and Mariana Raykova. 2011. Secure outsourced computation in a multi-tenant cloud. In IBM Workshop on Cryptography and Security in Clouds.
[63]
Shiva Prasad Kasiviswanathan, Homin K. Lee, Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. 2008. What Can We Learn Privately?. In FOCS.
[64]
Marcel Keller. 2020. MP-SPDZ: A versatile framework for multi-party computation. In CCS.
[65]
Brian Knott, Shobha Venkataraman, Awni Y. Hannun, Shubho Sengupta, Mark Ibrahim, and Laurens van der Maaten. 2021. CrypTen: Secure Multi-Party Computation Meets Machine Learning. In NeurIPS.
[66]
D-U Lee, John D Villasenor, Wayne Luk, and Philip Heng Wai Leong. 2006. A hardware Gaussian noise generator using the Box-Muller method and its error analysis. IEEE transactions on computers (2006).
[67]
Peter W. Markstein. 2008. The New IEEE-754 Standard for Floating Point Arithmetic. In Numerical Validation in Current Hardware Architectures.
[68]
George Marsaglia and Thomas A Bray. 1964. A convenient method for generating normal variables. In SIAM Review.
[69]
George Marsaglia and Wai Wan Tsang. 2000. The ziggurat method for generating random variables. Journal of statistical software (2000).
[70]
Brendan McMahan, Galen Andrew, Ulfar Erlingsson, Steve Chien, Ilya Mironov, Nicolas Papernot, and Peter Kairouz. 2018. A General Approach to Adding Differential Privacy to Iterative Training Procedures. arXiv, http://arxiv.org/abs/1812.06210.
[71]
Ilya Mironov. 2012. On significance of the least significant bits for differential privacy. In CCS.
[72]
Payman Mohassel and Peter Rindal. 2018. ABY3: A Mixed Protocol Framework for Machine Learning. In CCS.
[73]
Payman Mohassel and Yupeng Zhang. 2017. SecureML: A System for Scalable Privacy-Preserving Machine Learning. In IEEE S&P.
[74]
Arvind Narayanan and Vitaly Shmatikov. 2008. Robust De-anonymization of Large Sparse Datasets. In IEEE S&P.
[75]
Arpita Patra, Thomas Schneider, Ajith Suresh, and Hossein Yalame. 2021. SynCirc: Efficient Synthesis of Depth-Optimized Circuits for Secure Computation. In HOST.
[76]
Martin Pettai and Peeter Laud. 2015. Combining Differential Privacy and Secure Multiparty Computation. In CCS.
[77]
Vibhor Rastogi and Suman Nath. 2010. Differentially private aggregation of distributed time-series with transformation and encryption. In SIGMOD.
[78]
Mike Rosulek and Lawrence Roy. 2021. Three Halves Make a Whole? Beating the Half-Gates Lower Bound for Garbled Circuits. In CRYPTO.
[79]
Thomas Schneider and Michael Zohner. 2013. GMW vs. Yao? Efficient Secure Two-Party Computation with Low Depth Circuits. In FC.
[80]
Adi Shamir. 1979. How to Share a Secret. Commun. ACM (1979).
[81]
Elaine Shi, T.-H. Hubert Chan, Eleanor Gilbert Rieffel, Richard Chow, and Dawn Song. 2011. Privacy-Preserving Aggregation of Time-Series Data. In NDSS.
[82]
Elaine Shi, T.-H. Hubert Chan, Eleanor Gilbert Rieffel, and Dawn Song. 2017. Distributed Private Data Analysis: Lower Bounds and Practical Constructions. ACM Transactions on Algorithms (2017).
[83]
Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving Deep Learning. In CCS.
[84]
Latanya Sweeney. 1997. Weaving Technology and Policy Together to Maintain Confidentiality. The Journal of Law, Medicine & Ethics (1997).
[85]
Jun Tang, Aleksandra Korolova, Xiaolong Bai, Xueqiang Wang, and Xiaofeng Wang. 2017. Privacy Loss in Apple’s Implementation of Differential Privacy on MacOS 10.12. arXiv, http://arxiv.org/abs/1709.02753.
[86]
Stacey Truex, Nathalie Baracaldo, Ali Anwar, Thomas Steinke, Heiko Ludwig, Rui Zhang, and Yi Zhou. 2019. A Hybrid Approach to Privacy-Preserving Federated Learning. In CCS.
[87]
Salil Vadhan. 2017. The Complexity of Differential Privacy. In Tutorials on the Foundations of Cryptography. Springer International Publishing, 347–450.
[88]
Royce Wilson, Celia Yuxin Zhang, William Lam, Damien Desfontaines, Daniel Simmons-Marengo, and Bryant Gipson. 2020. Differentially Private SQL with Bounded User Contribution. In PETS.
[89]
Genqiang Wu, Yeping He, JingZheng Wu, and Xianyao Xia. 2016. Inherit Differential Privacy in Distributed Setting: Multiparty Randomized Function Computation. In IEEE Trustcom/BigDataSE/ISPA.
[90]
Runhua Xu, Nathalie Baracaldo, Yi Zhou, Ali Anwar, and Heiko Ludwig. 2019. HybridAlpha: An Efficient Approach for Privacy-Preserving Federated Learning. In Workshop on Artificial Intelligence and Security (AISec@CCS).
[91]
Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets. In FOCS.
[92]
Lihua Yin, Jiyuan Feng, Hao Xun, Zhe Sun, and Xiaochun Cheng. 2021. A Privacy-Preserving Federated Learning for Multiparty Data Sharing in Social IoTs. IEEE Transactions on Network Science and Engineering (2021).

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 July 2024

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Differential Privacy
  2. Finite-Precision Computing
  3. Noise Sampling
  4. Secure Implementations
  5. Secure Multi-party Computation

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

Conference

ARES 2024

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 38
    Total Downloads
  • Downloads (Last 12 months)38
  • Downloads (Last 6 weeks)8
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media