Private Computation with Individual and Joint Privacy Anoosheh - - PowerPoint PPT Presentation

Private Computation with Individual and Joint Privacy

Anoosheh Heidarzadeh (Texas A&M University)

Joint with: Alex Sprintson (Texas A&M University) ISIT 2020

This material is based upon work supported by the National Science Foundation (NSF) under Grants No. 1718658 and 1642983.

Association Between Total Cholesterol and High Glucose

A database of medical records stored at a server

Patient 1 Patient 2 Patient 3 Patient 4 Patient 5 Patient K …

Total Cholesterol 210 High Glucose High Sodium Total Cholesterol 172 High Glucose Low Sodium Total Cholesterol 161 Low Glucose High Sodium Total Cholesterol 185 High Glucose High Sodium Total Cholesterol 155 Low Glucose Low Sodium Total Cholesterol 198 High Glucose Low Sodium

We know (the average of) Total Cholesterol of some patients with High Glucose. We want to query the server so as to compute the average of Total Cholesterol of all patients with High Glucose;

(We know which patients have High/Low Glucose or High/Low Sodium or ....)

Query must not reveal to the server if averaging over patients with High Glucose or Low Glucose or High Sodium or Low Sodium or ....

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 0 / 20

Private Computation (PC) + Side Information (SI)

• N servers, each storing a copy of

K i.i.d. messages X1, . . . , XK ∈ Fqℓ.

• A user has a side information:
• (Uncoded SI) XS := {Xi : i ∈ S}

for M-subset S ⊆ [K];

• (Coded SI) Y [S,U] :=

i∈S uiXi

for M-subset S ⊆ [K], and U = {ui ∈ Fq \ {0} : i ∈ S}.

• The user has a demand:
• Z [W ,V ] :=

j∈W vjXj for

D-subset W ⊆ [K] \ S, and V = {vj ∈ Fq \ {0} : j ∈ W }.

Server 1 Server N

…

# [

A %,',(,)]

# [

Q %,',(,)]

,

Q[%,',(,)] A[

, %,',(,)]

S: Side info.’s support index set U: Side info.’s coefficient set M: Side info.’s support size W : Demand’s support index set V : Demand’s coefficient set D: Demand’s support size

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 1 / 20

Private Computation (PC) + Side Information (SI)

Goal: To design a protocol for generating {(Qn, An)}n∈[N] in order to: min. H(A[N])/H(Z[W,V]) (download cost) s.t. H(Z[W,V]|A[N], Q[N], XS, W, V, S) = 0 (recoverability, USI) H(Z[W,V]|A[N], Q[N], Y[S,U], W, V, S, U) = 0 (recoverability, CSI) I(1{j∈W}; Qn) = 0 ∀j ∈ [K], ∀n ∈ [N] (individual privacy)

• r

I(W; Qn) = 0 ∀n ∈ [N] (joint privacy) Several other privacy conditions in the literature, for instance, I(W, V; Qn) = 0 ∀n ∈ [N] (full privacy) in, e.g., [Sun-Jafar’17, Mirmohseni-MaddahAli’18] for the case w/o SI.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 2 / 20

PC + SI

(various settings)

Single-Server:

• Without SI:
• Full Privacy: Must download the entire database [Sun-Jafar’17]
• Individual/Joint Privacy: Less download [This work]
• With Uncoded/Coded SI:
• Individual/Joint Privacy: Even less download [This work]
• Full Privacy: Open problem

Multi-Server:

• Without SI:
• Full Privacy: [Sun-Jafar’17, Mirmohseni-MaddahAli’18,

Obead-Kliewer’18, Chen et al.’18, ...]

• Individual/Joint Privacy: Open problems
• With Uncoded/Coded SI:
• Individual/Joint/Full Privacy: Open problems

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 3 / 20

Model

• N = 1 server, storing K

i.i.d. messages X1, . . . , XK ∈ Fqℓ.

• S = {i1, . . . , iM}: M indices

chosen randomly from [K].

• U = {ui1, . . . , uiM}: M elements

chosen randomly from Fq \ {0}.

• W = {j1, . . . , jD}: D indices

chosen randomly from [K] \ S.

• V = {vj1, . . . , vjD}: D elements

chosen randomly from Fq \ {0}.

A[$,&,',(] Q[$,&,',(]

S: Side info.’s support index set U: Side info.’s coefficient set M: Side info.’s support size W : Demand’s support index set V : Demand’s coefficient set D: Demand’s support size

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 4 / 20

Main Results

(without side information)

𝐿 𝐸 𝐿

𝑁 = 0 𝐸 ≥ 1

𝐿 − 𝐸 + 1 PC Individual Privacy

𝑁 = 0 𝐸 ≥ 1 𝑁 = 0 𝐸 ≥ 1 𝑁 = 0 𝐸 ≥ 1

𝐿 Achievability and Converse for all 𝐸 Achievability and Converse for all 𝐸 PIR Individual Privacy PIR Joint Privacy PC Joint Privacy

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 5 / 20

Main Results

(with uncoded and coded side information)

𝑣!!𝑌!! + ⋯ + 𝑣!"𝑌!"

• r

𝑌!!, … , 𝑌!"

𝑌!", … , 𝑌!# 𝑌!", … , 𝑌!#

𝑣!!𝑌!! + ⋯ + 𝑣!"𝑌!"

• r

𝑌!!, … , 𝑌!"

𝐿 𝑁 + 𝐸 𝐸𝐿 𝑁 + 𝐸 𝑁 ≥ 1 𝐸 ≥ 1 𝐸𝐿 𝑁 + 𝐸 − 𝐸 + 1

PC + SI Individual Privacy

𝑁 ≥ 1 𝐸 ≥ 1 𝑁 ≥ 1 𝐸 ≥ 1 𝑁 ≥ 1 𝐸 ≥ 1 min .𝐿 − 𝑁, 𝐸"𝐿 𝑁 + 𝐸" 0

Achievability and Converse for all 𝑁 and 𝐸 Achievability for all 𝑁 and 𝐸 Converse for 𝑁 < 𝐸 and 𝑁 = 𝐸 = 2 for all 𝐸 PIR + SI Individual Privacy PIR + SI Joint Privacy PC + SI Joint Privacy

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 6 / 20

Private Computation with Individual Privacy (IPC) (IPC-USI and IPC-CSI)

Connection to Codes with Combinatorial Constraints

Lemma (A Necessary Condition for Individual Privacy) For any j ∈ [K], there must exist D-subset W ∗ ⊆ [K], j ∈ W ∗, D-multiset V ∗ ⊆ Fq \ {0}, and M-subset S∗ ⊆ [K] \ W ∗, such that H(Z[W ∗,V ∗]|A, Q, XS∗) = 0. Thinking of scalar-linear IPC protocols, this necessary condition implies the need for a linear code C of length K such that: For any j ∈ [K], there is a codeword c such that (Uncoded SI) supp(c) ∋ j and D ≤ wt(c) ≤ M + D; (Coded SI) supp(c) ∋ j and wt(c) ∈ {D, M + D}. Minimizing the download cost ≡ Minimizing the dimension of C.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 7 / 20

Main Contributions

(Private Computation with Individual Privacy)

Theorem (IPC-USI and IPC-CSI) Uncoded/Coded SI: Minimum Download Cost =

• K

M+D

• .

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 8 / 20

Main Contributions

(Private Computation with Individual Privacy)

Theorem (IPC-USI and IPC-CSI) Uncoded/Coded SI: Minimum Download Cost =

• K

M+D

• .

Converse:

• (Uncoded/Coded SI) For all K, M, D.
• By the necessary condition for individual privacy, for any valid

(Q, A), ∃ a set of at most K − ⌈

K M+D ⌉ messages given which

all other messages can be recovered from (Q, A). Achievability:

• (Uncoded/Coded SI) For all K, M, D.
• A probabilistic partitioning that allows the parts to overlap

[Heidarzadeh-Kazemi-Sprintson’19].

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 8 / 20

Generalized Modified Partition-and-Code

X1, . . . , X11 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 2, D = 2 S = {3, 4} U = {u3, u4} Y = u3X3 + u4X4 W = {1, 2} V = {v1, v2} Z = v1X1 + v2X2

• Let K = 11 and n = ⌈

K M+D ⌉ = 3.

• Design a (K, n)q code such that for

any j ∈ [K], ∃ a codeword with support

• f size M + D = 4 that contains j.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 9 / 20

Generalized Modified Partition-and-Code

X1, . . . , X11 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 2, D = 2 S = {3, 4} U = {u3, u4} Y = u3X3 + u4X4 W = {1, 2} V = {v1, v2} Z = v1X1 + v2X2

(i) Take a 3 × 11 generator matrix of the form: Xi1 Xi2 Xi3 Xi4 Xi5 Xi6 Xi7 Xi8 Xi9 Xi10 Xi11   ∗1 ∗2 ∗3 ∗4

• 5
• 6
• 7
• 8

⋄1 ⋄9 ⋄10 ⋄11   (ii) Consider n = 3 linear combinations: ˆ X1 = ∗1Xi1 + ∗2Xi2 + ∗3Xi3 + ∗4Xi4 ˆ X2 = ◦5Xi5 + ◦6Xi6 + ◦7Xi7 + ◦8Xi8 ˆ X3 = ⋄1Xi1 + ⋄9Xi9 + ⋄10Xi10 + ⋄11Xi11 (iii) Choose i1, . . . , i11 and ∗, ◦, ⋄’s carefully to satisfy the recoverability and privacy cond.’s.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 10 / 20

Generalized Modified Partition-and-Code

X1, . . . , X11 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 2, D = 2 S = {3, 4} U = {u3, u4} Y = u3X3 + u4X4 W = {1, 2} V = {v1, v2} Z = v1X1 + v2X2

(iii.1) Construct a proper random permutation: 1 2 3 4 5 6 7 8 9 10 11 i2 i4 i1 i3 i10 i8 i6 i5 i11 i9 i7

• 1
• 3
• 

 ∗ ∗ ∗ ∗

• ⋄

⋄ ⋄ ⋄  

• M+D=4
• 1. According to a prob. dist. (depending on K, M, D),

choose one of the rows;

• 2. According to another prob. dist. (depending on

K, M, D), assign 1, 2, 3, 4 to the M + D = 4 columns corresponding to the chosen row.

• 3. Randomly assign 5, . . . , 11 to the rest of columns.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 11 / 20

Generalized Modified Partition-and-Code

X1, . . . , X11 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 2, D = 2 S = {3, 4} U = {u3, u4} Y = u3X3 + u4X4 W = {1, 2} V = {v1, v2} Z = v1X1 + v2X2

(iii.2) Complete the generator matrix using U, V : X3 X1 X4 X2 X8 X7 X11 X6 X10 X5 X9   u3 v1 u4 v2 u3 v1 u4 v2 u3 v1 u4 v2   (iv) Query n = 3 linear combinations: ˆ X1 = u3X3 + v1X1 + u4X4 + v2X2 ˆ X2 = u3X8 + v1X7 + u4X11 + v2X6 ˆ X3 = u3X3 + v1X10 + u4X5 + v2X9 (v) Recover Z by subtracting Y from ˆ X1.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 12 / 20

Private Computation with Joint Privacy (JPC) (JPC-USI and JPC-CSI)

Connection to Codes with Combinatorial Constraints

Lemma (A Necessary Condition for Joint Privacy) For any D-subset W ∗ ⊆ [K], there must exist D-multiset V ∗ ⊆ Fq \ {0}, and M-subset S∗ ⊆ [K] \ W ∗, such that H(Z[W ∗,V ∗]|A, Q, XS∗) = 0. Thinking of scalar-linear JPC protocols, this necessary condition implies the need for a linear code C of length K such that: For any D-subset W ∗ ⊆ [K], there is a codeword c such that (Uncoded SI) supp(c) ⊇ W ∗ and D ≤ wt(c) ≤ M + D; (Coded SI) supp(c) ⊇ W ∗ and wt(c) ∈ {D, M + D}. Minimizing the download cost ≡ Minimizing the dimension of C.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 13 / 20

Main Contributions

(Private Computation with Joint Privacy)

Theorem (JPC-USI and JPC-CSI) Uncoded/Coded SI: Minimum Download Cost ≤

• K−M−D

⌊M/D⌋+1

• + 1.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 14 / 20

Main Contributions

(Private Computation with Joint Privacy)

Theorem (JPC-USI and JPC-CSI) Uncoded/Coded SI: Minimum Download Cost ≤

• K−M−D

⌊M/D⌋+1

• + 1.

Converse:

• (Uncoded/Coded SI) For M < D and M = D = 2.
• A mix of information-theoretic and algebraic-combinatorial

arguments using the necessary condition for joint privacy. Achievability:

• (Uncoded SI) For all K, M, D;
• (Coded SI) For all K, M, D s.t. ⌊ M

D ⌋ + 1 divides K − M − D.

• A probabilistic partitioning with overlap and multiple partially

aligned blocks of interference [Heidarzadeh-Sprintson’19].

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 14 / 20

Partition-and-Code with Interference Alignment

X1, . . . , X10 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 3, D = 3 S = {4, 5, 6} U = {u4, u5, u6} Y = u4X4+u5X5+u6X6 W = {1, 2, 3} V = {v1, v2, v3} Z = v1X1 +v2X2 +v3X3

• Let K = 10 and n = ⌈ K−M−D

⌊M/D⌋+1⌉ + 1 = 3.

• Design a (K, n)q code such that for any

{j1, j2, j3} ⊂ [K], ∃ a codeword with support

• f size M + D = 6 that contains {j1, j2, j3}.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 15 / 20

Partition-and-Code with Interference Alignment

X1, . . . , X10 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 3, D = 3 S = {4, 5, 6} U = {u4, u5, u6} Y = u4X4+u5X5+u6X6 W = {1, 2, 3} V = {v1, v2, v3} Z = v1X1 +v2X2 +v3X3

(i) Take a 3 × 10 generator matrix of the form: Xi1 Xi2 Xi3 Xi4 Xi5 Xi6 Xi7 Xi8 Xi9 Xi10   ∗1 ∗2 ∗3 ∗4 ∗5 ∗6

• 1
• 2
• 3
• 4
• 7
• 8

⋄1 ⋄2 ⋄3 ⋄4 ⋄9 ⋄10   (ii) Consider n = 3 linear combinations:

ˆ X1 = ∗1Xi1 + ∗2Xi2 + ∗3Xi3 + ∗4Xi4 + ∗5Xi5 + ∗6Xi6 ˆ X2 = ◦1Xi1 + ◦2Xi2 + ◦3Xi3 + ◦4Xi4 + ◦7Xi7 + ◦8Xi8 ˆ X3 = ⋄1Xi1 + ⋄2Xi2 + ⋄3Xi3 + ⋄4Xi4 + ⋄9Xi9 + ⋄10Xi10

(iii) Choose i1, . . . , i10 and ∗, ◦, ⋄’s carefully to satisfy the recoverability and privacy cond.’s.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 16 / 20

Partition-and-Code with Interference Alignment

X1, . . . , X10 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 3, D = 3 S = {4, 5, 6} U = {u4, u5, u6} Y = u4X4+u5X5+u6X6 W = {1, 2, 3} V = {v1, v2, v3} Z = v1X1 +v2X2 +v3X3

(iii.1) Construct a proper random permutation: 1 2 3 4 5 6 7 8 9 10 i6 i1 i8 i5 i2 i7 i3 i10 i4 i9

• 1. Take m =

DK M+D = 5 blocks of size K m = 2:

B1 B2 B3 B4 B5 {? , ? | ? , ? | ? , ? | ? , ? | ? , ? }

• 2. Place 1, . . . , 10 into B1, . . . , B5 properly:

B1 B2 B3 B4 B5 {2, ? | ? , ? | ? , 1 | ? , 3 | ? , ? } {2, 5 | ? , ? | 4, 1 | 6, 3 | ? , ? } {2, 5 | 7, 9 | 4, 1 | 6, 3 | 10, 8} i1, i2 | i3, i4 | i5, i6 | i7, i8 | i9, i10

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 17 / 20

Partition-and-Code with Interference Alignment

X1, . . . , X10 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 3, D = 3 S = {4, 5, 6} U = {u4, u5, u6} Y = u4X4+u5X5+u6X6 W = {1, 2, 3} V = {v1, v2, v3} Z = v1X1 +v2X2 +v3X3

(iii.2) Complete the generator matrix using U, V :

X2 X5 X7 X9 X4 X1 X6 X3 X10 X8 2 6 4

α1,1!1,1 α1,2!1,1 α2,1!1,2 α2,2!1,2 α3,1 α3,2 α1,1!2,1 α1,2!2,1 α2,1!2,2 α2,2!2,2 α4,1 α4,2 α1,1!3,1 α1,2!3,1 α2,1!3,2 α2,2!3,2 α5,1 α5,2

3 7 5

where ωi,j’s form a Cauchy matrix (when canceling any undesired blocks, no other block is canceled), and α1,1 = v2 c1ω1,1 + c2ω2,1 , α1,2 = u5 c1ω1,1 + c2ω2,1 , α3,1 = u4 c1 , α3,2 = v1 c1 , α4,1 = u6 c2 , α4,2 = v3 c2 , and the rest of αi,j’s are chosen randomly from Fq\{0}.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 18 / 20

Partition-and-Code with Interference Alignment

X1, . . . , X10 ∈ Fqℓ

A[$,&,',(] Q[$,&,',(]

M = 3, D = 3 S = {4, 5, 6} U = {u4, u5, u6} Y = u4X4+u5X5+u6X6 W = {1, 2, 3} V = {v1, v2, v3} Z = v1X1 +v2X2 +v3X3

(iv) Query n = 3 linear combinations:

ˆ X1 = ∗1X2 + ∗2X5 + ∗3X7 + ∗4X9 + ∗5X4 + ∗6X1 ˆ X2 = ◦1X2 + ◦2X5 + ◦3X7 + ◦4X9 + ◦7X6 + ◦8X3 ˆ X3 = ⋄1X2 + ⋄2X5 + ⋄3X7 + ⋄4X9 + ⋄9X10 + ⋄10X8

(v) Eliminate X7 and X9 by linearly combining ˆ X1 and ˆ X2, and recover Z by subtracting Y ;

c1 ˆ X1 + c2 ˆ X2 = v1X1 + v2X2 + v3X3 + u4X4 + u5X5 + u6X6 = Z + Y

where c1, c2 are the values on which the coefficients of X1, X2, X3, X4, X5, X6 depend.

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 19 / 20

Summary and Open Problems

In this work:

• Problem: Private Computation (PC) + Side Information (SI).
• Two notions of privacy: Individual Privacy and Joint Privacy.
• For single-server IPC: A protocol for both uncoded and coded SI

and for all parameters with optimal download cost.

• For single-server JPC: A protocol for uncoded (or coded) SI for all

(or some) par.’s with optimal download cost for a range of par.’s.

Open Problems:

• Single-Server PC+SI with Joint Privacy? (converse/achievability)
• Single-Server PC+SI with Full Privacy?
• Multi-Server PC+SI with Ind./Joint/Full Privacy?
• Single/Multi-Server PC + Private SI with Ind./Joint/Full Privacy?

Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 20 / 20