dpm 2013 privacy preserving multi party reconciliation
play

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the - PowerPoint PPT Presentation

May 23, 2023 •42 likes •212 views

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

  1. DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security, RWTH Aachen University 1 Department of Computer Science, Stevens Institute of Technology 2 12.09.2013 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 1/15

  2. DPM 2013 Overview Introduction 1 Fair and Privacy-Preserving Reconciliation on Ordered Sets 2 Protocol for Minimum of Ranks Secure in the Malicious Model Evaluation 3 Conclusion 4 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 2/15

  3. DPM 2013 Fair and Privacy-Preserving Reconciliation Borda Count Vo � ng Candidate Points Peter 3 2 Michael 1 Alice Candidate Points Michael 3 2 Peter 1 Alice Candidate Points Michael 3 Alice 2 Peter 1 Result Points Michael 8 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 3/15

  4. DPM 2013 Fair and Privacy-Preserving Reconciliation on Ordered Sets Definition (MPROS) • Secure multi-party computation protocol between n parties • Input: Candidate Points Candidate Points • Ordered sets S 1 , ..., S n of size k drawn from a Peter Peter 3 3 common domain D Michael Michael 2 2 • Ranking rank S ( x i ) = k − i + 1 , x i ∈ S 1 1 Alice Alice • Fairness: MR SR Candidate Points Candidate Points Candidate Points Candidate Points f MR ( x ) = min { rank S 1 ( x ) , ..., rank S n ( x )} Michael Michael 3 2 Michael Michael 8 3 Peter Peter 2 1 Peter Peter 6 2 f SR ( x ) = rank S 1 ( x ) + ... + rank S n ( x ) 1 1 4 1 Alice Alice Alice Alice • Output: MR SR Candidate Result Points Candidate Result Points X = arg max f ( x ) t = x ∈( S 1 ∩ ... ∩ S n ) f ( x ) max Michael Michael 2 Michael Michael 8 x ∈( S 1 ∩ ... ∩ S n ) Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 4/15

  5. DPM 2013 Preliminaries Basics • Additively homomorphic cryptosystem (Threshold Paillier cryptosystem) • Compute the encrypted sum of two plaintexts given only the related ciphertexts • Privacy-preserving multiset operations (Kissner et al. 1 ) j = 1 ( x − s i , j ) • Represent multiset S i = { s i , 1 , ..., s i , k } as polynomial f i ( x ) = ∏ k • Computation on encrypted polynomials, semi-honest adversary model 1 L. Kissner and D. X. Song: Privacy-Preserving Set Operations , In CRYPTO , LNCS, 2005 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 5/15

  6. DPM 2013 Preliminaries Basics • Additively homomorphic cryptosystem (Threshold Paillier cryptosystem) • Compute the encrypted sum of two plaintexts given only the related ciphertexts • Privacy-preserving multiset operations (Kissner et al. 1 ) j = 1 ( x − s i , j ) • Represent multiset S i = { s i , 1 , ..., s i , k } as polynomial f i ( x ) = ∏ k • Computation on encrypted polynomials, semi-honest adversary model Privacy-Preserving Set Operations • Let ϕ , γ denote enc. polys, g an unenc. poly, and s , r , F i random unenc. polys ϕ × h s + h γ × h r { a , b 2 , c } ∩ { b , c 3 } = { b , c } • Multiset intersection: — ϕ × h g { a , b 2 , c } ∪ { b , c 3 } = { a , b 3 , c 4 } • Multiset union: — i = 0 γ ( i ) × h F i × h r i t Rd 1 ({ a , b 2 , c }) = { b } ∑ ˜ • Multiset reduction: — 1 L. Kissner and D. X. Song: Privacy-Preserving Set Operations , In CRYPTO , LNCS, 2005 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 5/15

  7. DPM 2013 MPROS Secure in the Semi-Honest Model Reminder Definition Fairness: f MR ( x ) = min { rank S 1 ( x ) , ..., rank S n ( x )} f SR ( x ) = rank S 1 ( x ) + ... + rank S n ( x ) Output: X = f ( x ) t = x ∈( S 1 ∩ ... ∩ S n ) f ( x ) arg max max x ∈( S 1 ∩ ... ∩ S n ) MPROS Functions 2 i = 1 { s i 1 , . . . , s il } ⋂ n • Minimum of ranks: with round 1 ≤ l ≤ k and S i = { s i 1 > ... > s ik } Rd t ( renc ( S 1 ) ∪ ... ∪ renc ( S n ) ) ∩ ( S 1 ∩ ... ∩ S n ) • Sum of ranks: with renc ( S i ) = { s rank i ( s ) ∣ s ∈ S i } and t = nk − 1 , ..., n − 1 2 G. Neugebauer, L. Brutschy, U. Meyer, S. Wetzel: Design and Implementation of Privacy-Preserving Reconciliation Protocols , 6th ACM International Workshop on Privacy and Anonymity in the Information Society, EDBT/ICDT 2013, Genoa, Italy, March 2013 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 6/15

  8. DPM 2013 How to Achieve Security in the Malicious Model Security Model • Semi-honest adversary: insider attacker that tries to infer as much (secret) information as possible, but follows the prescribed actions of the protocol • Malicious adversary: insider attacker that can almost arbitrarily deviate from the protocol except refusal to participate, manipulation of its own input, and protocol abortion Observations • MPROS is based on privacy-preserving intersections, unions, and reductions of multisets that encode the ordered input sets of the n parties • Privacy-preserving multiset operations are based on homomorphic additions and scalar multiplications → Use ZKPK’s to prove correctness of computations involving encryptions of • secret input sets • chosen random polynomials • intermediate computation results Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 7/15

  9. DPM 2013 Verifiable Set Operations Zero-Knowledge Proofs of Knowledge • We use ZKPK’s based on a threshold version of the Paillier cryptosystem • Previous work • Interactive Proof of Plaintext Knowledge • Interactive Proof of Correct Multiplication • Proof of a Subset Relation Using Verifiable Shuffles • Proof of Correct Threshold Decryption • Novel work • Non-Interactive Proof of Plaintext Knowledge and Correct Multiplication • Proof of a Homomorphic Linear Equation Polynomial Operations • Proof of Correct Multiplication of Polynomials • Proof of Arbitrary Linear Expressions of Polynomials → Enables verifiable set intersection, union, and reduction operations Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 8/15

  10. DPM 2013 Protocol Comparison (MR) - Semi-honest model (SHM) vs Malicious model (MM) Same setting: P 1 , ..., P n , ordered sets ( S i , < i ) chosen from a common domain D , pre-distributed keys, secure channels 1. Input Encryption SHM Each party P i encrypts and broadcasts its highest ranked input ϕ i , 1 = E ( x − d i , 1 ) MM Each party P i 1. Computes an encrypted shuffle ( δ i , 1 , ..., δ i , k , ... ) of the domain D 2. Broadcasts the shuffle and a correctness proof Π SHUFFLE , i Each party P i for j ∈ { 1 , .., n } 1. If j ≠ i , verifies Π SHUFFLE , j 2. Chooses random polynomial r i , j , 1 of degree 1 3. Computes and commits to ρ i , j , 1 = E 1 ( r i , j , 1 ) Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 9/15

  11. DPM 2013 Protocol Comparison (MR) - Semi-honest model (SHM) vs Malicious model (MM) 2. Set Intersection (Initially t = k − 1) SHM Each party P i 1. Chooses random polynomials r i , j of degree k − t n 2. Calculates and broadcasts γ i = ˜ j = 0 ( ϕ j , k − t × h r i , j ) ∑ n 3. Calculates π = ˜ ∑ l = 1 γ i MM Each party P i 1. Opens the commitment to ρ i , j , k − t n 2. Computes and broadcasts γ i = [ ˜ j = 0 ( ϕ j , k − t ∗ h r i , j , k − t )] r ∑ 3. Broadcasts a proof Π INTERSECT , i that γ i is correctly computed Each party P i 1. For j ∈ { 1 , .., n } ∖ { i } verifies Π INTERSECT , j 2. Calculates π = ∑ n i = 1 γ i Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 10/15

  12. DPM 2013 Protocol Comparison (MR) - Semi-honest model (SHM) vs Malicious model (MM) 2. Set Intersection (Initially t = k − 1) SHM Each party P i 1. Chooses random polynomials r i , j of degree k − t n 2. Calculates and broadcasts γ i = ˜ j = 0 ( ϕ j , k − t × h r i , j ) ∑ n 3. Calculates π = ˜ ∑ l = 1 γ i MM Each party P i 1. Opens the commitment to ρ i , j , k − t n 2. Computes and broadcasts γ i = [ ˜ j = 0 ( ϕ j , k − t ∗ h r i , j , k − t )] r ∑ 3. Broadcasts a proof Π INTERSECT , i that γ i is correctly computed Each party P i 1. For j ∈ { 1 , .., n } ∖ { i } verifies Π INTERSECT , j 2. Calculates π = ∑ n i = 1 γ i 3. Decryption SHM All parties together perform a threshold decryption of π MM All parties perform a malicious model threshold decryption of π Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 10/15

  13. DPM 2013 Protocol Analysis Correctness • We compute the same function as the semi-honest variants • Assuming that the ZKPK’s are difficult to forge, each party is forced to perform the correct computations → Correctness results in the semi-honest model also apply to our malicious model variant Security / Privacy • All parties only learn the optimal solution and the minimum of ranks value • Security proof based on the simulation paradigm given in our paper Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 11/15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation Active Research Areas Secure Multi-party Computation (SMC) Randomization approach Limitations Summary and Insights Overview

716 views • 53 slides
Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

660 views • 34 slides
Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point numbers Dan Bogdanov Sharemind project lead dan@cyber.ee https://sharemind.cyber.ee/ sharemind a machine for fast privacy-preserving computations

643 views • 42 slides
BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith

BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith

BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith Suresh CrIS Lab, IISc https://www.csa.iisc.ac.in/~cris Outline q Secure Multi-party Computation (MPC) q MPC for small number of parties (3PC) q Our

2.46k views • 53 slides
Privacy Preserving Multi-target Tracking Anton Milan Stefan Roth Konrad Schindler

Privacy Preserving Multi-target Tracking Anton Milan Stefan Roth Konrad Schindler

Privacy Preserving Multi-target Tracking Anton Milan Stefan Roth Konrad Schindler Mineichi Kudo Visual People Tracking Applications and Benefits CCTV: Increased safety Automated video analysis Crowd motion estimation

635 views • 37 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
Privacy Preserving Distributed ID3 Algorithm Nan Meng University of Hong Kong

Privacy Preserving Distributed ID3 Algorithm Nan Meng University of Hong Kong

Privacy Preserving Distributed ID3 Algorithm Nan Meng University of Hong Kong u3003637@connect.hku.hk April 29, 2016 Nan Meng (Imaging Systems Laboratory) Two-party Jointly Decision Tree April 29, 2016 1 / 29 Overview Introduction

514 views • 29 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of

Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of

Introduction ASPIR Multi-Authorizer ASPIR Conclusion Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of Computer Science, McGill University 1 / 25 Introduction ASPIR Multi-Authorizer ASPIR

325 views • 30 slides
THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM EXPOSURE Presented By LAURA J. COE INTRODUCTION Why Privacy Law Issues Matter During 2017, over 1,500 data breaches resulted in:

586 views • 57 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides
PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis

PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis

PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis Raisaro, Urs Hengartner, Adam Molyneaux and Jean-Pierre Hubaux SEPTEMBER 2013 Raw data (short reads) Sequencing Samples machine SAM file 3 billion

555 views • 26 slides
Notes in Social Choice Dimitris Fotakis S CHOOL OF E LECTRICAL AND C OMPUTER E NGINEERING N

Notes in Social Choice Dimitris Fotakis S CHOOL OF E LECTRICAL AND C OMPUTER E NGINEERING N

Notes in Social Choice Dimitris Fotakis S CHOOL OF E LECTRICAL AND C OMPUTER E NGINEERING N ATIONAL T ECHNICAL U NIVERSITY OF A THENS , G REECE Dimitris Fotakis Notes in Social Choice Social Choice and Voting Social Choice Theory Mathematical

359 views • 33 slides
Collective Schedules Fanny Pascual, Krzysztof Rzadca, Piotr Skowron Sorbonne Universit

Collective Schedules Fanny Pascual, Krzysztof Rzadca, Piotr Skowron Sorbonne Universit

Collective Schedules Fanny Pascual, Krzysztof Rzadca, Piotr Skowron Sorbonne Universit University of Warsaw, Poland AAMAS 2018 arxiv.org/abs/1803.07484 Le Corbusier (1887-1965) sitelecorbusier.com models quality of life, cost natural

702 views • 43 slides
Mechanism design without money Voting and ranking What will 2020 bring (for this course) This

Mechanism design without money Voting and ranking What will 2020 bring (for this course) This

Algorithmic game theory Ruben Hoeksma January 6, 2020 Mechanism design without money Voting and ranking What will 2020 bring (for this course) This week : Voting and ranking Next week : No lectures 20 &amp; 21 Jan: Student presentations

361 views • 22 slides
Classifier Combination Kuncheva Ch. 3 Motivation Classifiers Are functions that map feature

Classifier Combination Kuncheva Ch. 3 Motivation Classifiers Are functions that map feature

Classifier Combination Kuncheva Ch. 3 Motivation Classifiers Are functions that map feature vectors to classes. Any single classifier selected will define this function subject to certain biases due to the space of models defined, the

137 views • 12 slides
Nice but are they relevant? A political rules used for Rationality of rules scientist looks at

Nice but are they relevant? A political rules used for Rationality of rules scientist looks at

Nice, but are they relevant? The main points of the presentation What are voting Nice but are they relevant? A political rules used for Rationality of rules scientist looks at social choice results Improving old systems Varieties of

468 views • 44 slides
CHAPTER 12: MAKING GROUP DECISIONS An Introduction to Multiagent Systems

CHAPTER 12: MAKING GROUP DECISIONS An Introduction to Multiagent Systems

CHAPTER 12: MAKING GROUP DECISIONS An Introduction to Multiagent Systems http://www.csc.liv.ac.uk/mjw/pubs/imas/ Chapter 12 An Introduction to Multiagent Systems 2e Social Choice Social choice theory is concerned with group decision

278 views • 27 slides
Data-driven Methods for SMS- based FAQ Retrieval FIRE 2011 Sanmitra Bhattacharya Hung Tran

Data-driven Methods for SMS- based FAQ Retrieval FIRE 2011 Sanmitra Bhattacharya Hung Tran

Data-driven Methods for SMS- based FAQ Retrieval FIRE 2011 Sanmitra Bhattacharya Hung Tran Padmini Srinivasan Computer Science INTRODUCTION Why SMS-based FAQ Retrieval? Exponential growth in telecom market India among the top

469 views • 33 slides
Automated Verification for Functional and Relational Properties of Voting Rules Bernhard Beckert,

Automated Verification for Functional and Relational Properties of Voting Rules Bernhard Beckert,

Automated Verification for Functional and Relational Properties of Voting Rules Bernhard Beckert, Thorsten Bormer, Michael Kirsten, Till Neuber, Mattias Ulbrich | July 26, 2016 KARLSRUHE INSTITUTE OF TECHNOLOGY INSTITUTE OF THEORETICAL

920 views • 75 slides

More recommend