prio private robust and efficient computation of
play

Prio: Private, Robust, and Efficient Computation of Aggregate - PowerPoint PPT Presentation

Apr 15, 2023 •284 likes •1.92k views

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and Dan Boneh Stanford University Appeared at NSDI 2017 Today: Non-private aggregation StressTracker Blood pressure Twitter usage Today:

  1. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1

  2. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1 Servers learn the 
 sum of client values and learn nothing else .

  3. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1 Servers learn the 
 sum of client values and learn nothing else .

  4. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1 Learn that three phones Servers learn the 
 are on the Bay Bridge— sum of client values don’t know which three and learn nothing else .

  5. Computing private sums

  6. Computing private sums Exact correctness: If everyone follows the protocol, servers compute the sum of all x i s. Privacy: Any proper subset of the servers learns nothing but the sum of the x i s. Efficiency: Follows by inspection.

  7. Computing private sums Exact correctness: If everyone follows the protocol, servers compute the sum of all x i s. Privacy: Any proper subset of the servers learns nothing but the sum of the x i s. Efficiency: Follows by inspection. Robustness: ???

  8. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 F x

  9. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 x is supposed to be F a 0/1 value x

  10. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 F x

  11. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3

  12. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 An evil client needn’t follow the rules!

  13. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 + + = 21 An evil client needn’t 10 4 7 follow the rules!

  14. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 10 4 7

  15. Private sums: 
 Server A Server B Server C A “straw-man” scheme garbage garbage garbage F

  16. Private sums: 
 Server A Server B Server C A “straw-man” scheme garbage garbage garbage A single bad client can undetectably F corrupt the sum Users have incentives to cheat Typical defenses 
 (NIZKs) are costly

  17. Outline • Background: The private aggregation problem • A straw-man solution for private sums • Providing robustness with SNIPs • Evaluation • Discussion: Real-world considerations

  18. Outline • Background: The private aggregation problem • A straw-man solution for private sums • Providing robustness with SNIPs • Evaluation • Discussion: Real-world considerations

  19. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x = 1

  20. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x = 1

  21. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 + ( ) + ( ) = 1 -12 -2 x = 1

  22. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 -12 -2 x = 1

  23. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 -12 -2 x = 1

  24. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 -12 -2 In this example, the servers want to x = 1 ensure that their shares sum to 0 or 1 
 …without learning x.

  25. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c More generally, servers x = 1 hold shares of the client’s private value x • hold an arbitrary public predicate Valid( · ) 
 • – expressed as an arithmetic circuit want to test if “Valid(x)” holds, without leaking x •

  26. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c More generally, servers x = 1 hold shares of the client’s private value x • hold an arbitrary public predicate Valid( · ) 
 • – expressed as an arithmetic circuit want to test if “Valid(x)” holds, without leaking x • For our running example: 
 Valid(x) = “x ∈ {0,1}”

  27. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c More generally, servers x = 1 hold shares of the client’s private value x • hold an arbitrary public predicate Valid( · ) 
 • – expressed as an arithmetic circuit want to test if “Valid(x)” holds, without leaking x •

  28. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c x = 1

  29. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c π a x = 1

  30. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c π a π b x = 1

  31. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c π a π b x = 1 π c

  32. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  33. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  34. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 Servers gossip π a , x a π b , x b x c π c , x = 1

  35. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  36. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Ok. 0 0 0 π a , x a π b , x b x c π c , x = 1

  37. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Ok. Ok. 0 0 0 π a , x a π b , x b x c π c , x = 1

  38. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Ok. Ok. Ok. 0 0 0 π a , x a π b , x b x c π c , x = 1

  39. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  40. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) x a x b x c x = 1

  41. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  42. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Fail 0 0 0 π a , x a π b , x b x c π c , x = 1

  43. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Fail Fail 0 0 0 π a , x a π b , x b x c π c , x = 1

  44. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Fail Fail Fail 0 0 0 π a , x a π b , x b x c π c , x = 1

  45. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  46. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 X X X x a x b x c x = 1 • Prio servers detect and reject malformed client submissions • In this example, each client can influence the aggregate statistic by +/- 1, at most

  47. We need a proof system Prover Verifiers π a , π b , π c x c x a A “valid” x x b

  48. We need a proof system Prover Verifiers π a , π b , π c x c x a A “valid” x x b Valid(x) holds?

  49. We need a proof system Prover Verifiers π a , π b , π c x c x a A “valid” x x b

  50. We need a proof system Prover Verifiers π a , π b , π c x c x a A “valid” x x b Completeness. Honest prover convinces honest verifiers. Soundness. Dishonest prover rarely convinces 
 honest verifiers. Zero knowledge. Any proper subset of the verifiers learns 
 nothing about x, except that x is valid.

  51. 
 
 Traditional techniques • Non-interactive proofs in ROM 
 [FS86], [BFM88], [BDMP91], [CP92], [CS97], [M00], … • zkSNARKs and KOE-based proofs 
 [G10], [L12], [GGPR13], [BCGTV13], [PGHR13], … • Multi-party computation 
 [Y82], [GMW87], [BGW88], [CCD88], [CLOS02], [DPSZ12], [DKLPSS13], … In our setting, SNIPs are a more efficient solution.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and Dan Boneh Stanford University NSDI 2017 Today: Non-private aggregation StressTracker Blood pressure Twitter usage Today: Non-private

1.92k views • 178 slides
A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D.

A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D.

A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D. Augot, Franc oise Levy-dit-Vehel, Abudllatif Shikfa INRIA, ENSTA, Alcatel-Lucent D. Augot GT-BAC T el ecom, December 11, 2014 - 1/27 Outline

654 views • 31 slides
WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of

WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of

GSTAR: Storage Aware Routing Protocol for Efficient and Robust Services Nehal Somani, Abhishek Chanda, Samuel Nelson, Dipankar Raychaudhuri WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of mobility

783 views • 20 slides
STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF

STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF

STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF PORTFOLIO SELECTION 1952, Markowitz: Efficient frontier for one-off investments 1956, Kelly: Optimize expected terminal wealth for repeated games 1991,

583 views • 10 slides
The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence of what we do collection, evaluation, sharing these are all core to decision making whether it is part of the bridge team, the ashore side

352 views • 14 slides
Efficient Computation of Extensions for Dynamic Abstract Argumentation Frameworks: An Incremental

Efficient Computation of Extensions for Dynamic Abstract Argumentation Frameworks: An Incremental

Introduction Incremental Computation Experiments Conclusions and future work Efficient Computation of Extensions for Dynamic Abstract Argumentation Frameworks: An Incremental Approach Gianvincenzo Alfano, Sergio Greco, Francesco Parisi {

541 views • 29 slides
Efficient Private File Retrieval by Combining ORAM and PIR

Efficient Private File Retrieval by Combining ORAM and PIR

Efficient Private File Retrieval by Combining ORAM and PIR Travis Mayberry Erik-Oliver Blass Agnes Chan 1 Hiding Access Pa>erns Oblivious RAM Private Informa6on

529 views • 25 slides
Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia

Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia

Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia & Wireless Networking Lab. Seoul National University, Korea http://www.mwnl.snu.ac.kr Introduction Wi-Fi has become an indispensable part of

700 views • 49 slides
The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H.

The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H.

The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H. P. Kriegel R. Schneider B. Seeger Praktische Informatik, Universitaet Bremen February 23, 2013 Presented by Zhitao Gong Beckmann et al.

262 views • 22 slides
Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic

Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic

Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic Driving Data Ali Rafei 1 , Michael R. Elliott 1 , Carol A.C. Flannagan 2 1 Michigan Program in Survey Methodology 2 University of Michigan

932 views • 66 slides
Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of

Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of

Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of Wisconsin-Milwaukee 44th Actuarial Research Conference Madison, WI, July 30August 1, 2009 a In collaboration with Jones and Zitikis (University

895 views • 73 slides
Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable; user friendly; well documented; . . . but first of all, CORRECT dont forget though: also, executable. . . Correctness

202 views • 19 slides
A predictive multi-modal imaging marker for designing efficient and robust AD clinical trials

A predictive multi-modal imaging marker for designing efficient and robust AD clinical trials

A predictive multi-modal imaging marker for designing efficient and robust AD clinical trials Vikas Singh , Ozioma Okonkwo Sterling C. Johnson , Vamsi K. Ithapu Computer Sciences Biostatistics and Medical Informatics

793 views • 54 slides
Making Polynomials Robust to Noise Alexander Sherstov U C L A Noise in computation 2 Noise in

Making Polynomials Robust to Noise Alexander Sherstov U C L A Noise in computation 2 Noise in

Making Polynomials Robust to Noise Alexander Sherstov U C L A Noise in computation 2 Noise in computation human error 2 Noise in computation human error malicious third party 2 Noise in computation human randomness error malicious

1.94k views • 124 slides
Highly Efficient Gradient Computation for Highly Efficient Gradient Computation for Density-

Highly Efficient Gradient Computation for Highly Efficient Gradient Computation for Density-

Highly Efficient Gradient Computation for Highly Efficient Gradient Computation for Density- -Constrained Analytical Placement Methods Constrained Analytical Placement Methods Density Jason Cong and Guojie Luo Jason Cong and Guojie Luo UCLA

492 views • 22 slides
Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
Collective Rationality in Graph Aggregation Ulle Endriss Institute for Logic, Language and

Collective Rationality in Graph Aggregation Ulle Endriss Institute for Logic, Language and

Graph Aggregation S eminaire D.R.I. @ ENS, February 2016 Collective Rationality in Graph Aggregation Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam joint work with Umberto Grandi (Toulouse)

333 views • 20 slides
The dCacheBillingAggregator Gregory J. Sharp Daniel S. Riley Overview The dCache file system

The dCacheBillingAggregator Gregory J. Sharp Daniel S. Riley Overview The dCache file system

The dCacheBillingAggregator Gregory J. Sharp Daniel S. Riley Overview The dCache file system manages storage for many OSG SEs, including CMS and Atlas tier 1 & 2 sites. dCache records various interesting transfer statistics in its

517 views • 6 slides
Collective Prefetching for Parallel I/O Systems Yong Chen and Philip C. Roth Oak Ridge National

Collective Prefetching for Parallel I/O Systems Yong Chen and Philip C. Roth Oak Ridge National

Collective Prefetching for Parallel I/O Systems Yong Chen and Philip C. Roth Oak Ridge National Laboratory Outline I/O gap in high-performance computing I/O prefetching and limitation Collective prefetching design and implementation

469 views • 19 slides
Applications Three sample applications Fuzzy inferno Nostalgic cow Twilight Eden Fuzzy inferno

Applications Three sample applications Fuzzy inferno Nostalgic cow Twilight Eden Fuzzy inferno

Applications Three sample applications Fuzzy inferno Nostalgic cow Twilight Eden Fuzzy inferno Fuzzy inferno Fuzzy inferno Fuzzy inferno Fuzzy inferno Nostalgic cow Nostalgic cow Nostalgic cow Nostalgic cow Nostalgic cow Nostalgic cow

1.08k views • 50 slides
On Overlapping Communication and File I/O in Collective Write Operation Raafat Feki and Edgar

On Overlapping Communication and File I/O in Collective Write Operation Raafat Feki and Edgar

On Overlapping Communication and File I/O in Collective Write Operation Raafat Feki and Edgar Gabriel Parallel Software Technologies Lab Department of Computer Science, University of Houston, Houston, USA Email: {rfeki, egabriel}@uh.edu

373 views • 10 slides
Full Virtualization for GPUs Reconsidered Revisit -- Suzuki, Yusuke, et al. GPUvm: Why not

Full Virtualization for GPUs Reconsidered Revisit -- Suzuki, Yusuke, et al. GPUvm: Why not

Full Virtualization for GPUs Reconsidered Revisit -- Suzuki, Yusuke, et al. GPUvm: Why not virtualizing GPUs at the hypervisor?. USENIX ATC 14. Hangchen Yu 1 , Christopher J. Rossbach 1,2 1 The University of Texas at Austin 2 VMware

880 views • 40 slides
Datadog: A Real-Time Metrics Database for Trillions of Points/Day Ian NOWLAND

Datadog: A Real-Time Metrics Database for Trillions of Points/Day Ian NOWLAND

Datadog: A Real-Time Metrics Database for Trillions of Points/Day Ian NOWLAND (https://twitter.com/inowland) VP , Metrics and Monitors Joel BARCIAUSKAS (https://twitter.com/JoelBarciauskas) QCon NYC 19 Director, Aggregation Metrics Some

1.37k views • 90 slides
Demand Management from an Aggregator's Perspective David Brewster, President May 21, 2009

Demand Management from an Aggregator's Perspective David Brewster, President May 21, 2009

Demand Management from an Aggregator's Perspective David Brewster, President May 21, 2009 Todays Energy Challenges Unprecedented Challenges Higher Increased Renewable Demand Costs Energy Fall Summer 10% of Costs for 1% of the Time

720 views • 32 slides

More recommend