Private Computation with Individual and Joint Privacy Anoosheh - PowerPoint PPT Presentation

Private Computation with Individual and Joint Privacy Anoosheh Heidarzadeh (Texas A&M University) Joint with: Alex Sprintson (Texas A&M University) ISIT 2020 This material is based upon work supported by the National Science Foundation (NSF) under Grants No. 1718658 and 1642983.

Association Between Total Cholesterol and High Glucose A database of medical records stored at a server Patient 1 Patient 2 Patient 3 Patient 4 Patient 5 Patient K Total Total Total Total Total Total Cholesterol Cholesterol Cholesterol Cholesterol Cholesterol Cholesterol 210 161 185 155 198 172 … High Glucose Low Glucose High Glucose Low Glucose High Glucose High Glucose High Sodium High Sodium High Sodium Low Sodium Low Sodium Low Sodium We know (the average of) Total Cholesterol of some patients with High Glucose. We want to query the server so as to compute the average of Total Cholesterol of all patients with High Glucose; (We know which patients have High/Low Glucose or High/Low Sodium or ....) Query must not reveal to the server if averaging over patients with High Glucose or Low Glucose or High Sodium or Low Sodium or .... Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 0 / 20

Private Computation (PC) + Side Information (SI) Server 1 Server N • N servers, each storing a copy of … K i.i.d. messages X 1 , . . . , X K ∈ F q ℓ . • A user has a side information: [ A %,',(,)] # • (Uncoded SI) X S := { X i : i ∈ S } Q [%,',(,)] , for M -subset S ⊆ [ K ]; [ Q %,',(,)] A [ %,',(,)] # , • (Coded SI) Y [ S , U ] := � i ∈ S u i X i for M -subset S ⊆ [ K ], and U = { u i ∈ F q \ { 0 } : i ∈ S } . • The user has a demand: S : Side info.’s support index set U : Side info.’s coefficient set • Z [ W , V ] := � j ∈ W v j X j for M : Side info.’s support size D -subset W ⊆ [ K ] \ S , and W : Demand’s support index set V : Demand’s coefficient set V = { v j ∈ F q \ { 0 } : j ∈ W } . D : Demand’s support size Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 1 / 20

Private Computation (PC) + Side Information (SI) Goal: To design a protocol for generating { ( Q n , A n ) } n ∈ [ N ] in order to: H ( A [ N ] ) / H ( Z [ W , V ] ) min. (download cost) H ( Z [ W , V ] | A [ N ] , Q [ N ] , X S , W , V , S ) = 0 s.t. (recoverability, USI) H ( Z [ W , V ] | A [ N ] , Q [ N ] , Y [ S , U ] , W , V , S , U ) = 0 (recoverability, CSI) I ( 1 { j ∈ W } ; Q n ) = 0 ∀ j ∈ [ K ] , ∀ n ∈ [ N ] ( individual privacy ) or I ( W ; Q n ) = 0 ∀ n ∈ [ N ] ( joint privacy ) Several other privacy conditions in the literature, for instance, I ( W , V ; Q n ) = 0 ∀ n ∈ [ N ] (full privacy) in, e.g., [Sun-Jafar’17, Mirmohseni-MaddahAli’18] for the case w/o SI. Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 2 / 20

PC + SI (various settings) Single-Server: • Without SI: • Full Privacy: Must download the entire database [Sun-Jafar’17] • Individual/Joint Privacy: Less download [ This work ] • With Uncoded/Coded SI: • Individual/Joint Privacy: Even less download [ This work ] • Full Privacy: Open problem Multi-Server: • Without SI: • Full Privacy: [Sun-Jafar’17, Mirmohseni-MaddahAli’18, Obead-Kliewer’18, Chen et al.’18, ...] • Individual/Joint Privacy: Open problems • With Uncoded/Coded SI: • Individual/Joint/Full Privacy: Open problems Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 3 / 20

Model • N = 1 server, storing K i.i.d. messages X 1 , . . . , X K ∈ F q ℓ . • S = { i 1 , . . . , i M } : M indices Q [$,&,',(] A [$,&,',(] chosen randomly from [ K ]. • U = { u i 1 , . . . , u i M } : M elements chosen randomly from F q \ { 0 } . • W = { j 1 , . . . , j D } : D indices S : Side info.’s support index set chosen randomly from [ K ] \ S . U : Side info.’s coefficient set M : Side info.’s support size • V = { v j 1 , . . . , v j D } : D elements W : Demand’s support index set V : Demand’s coefficient set chosen randomly from F q \ { 0 } . D : Demand’s support size Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 4 / 20

Main Results (without side information) PC PIR PIR PC Individual Privacy Individual Privacy Joint Privacy Joint Privacy 𝑁 = 0 𝑁 = 0 𝑁 = 0 𝑁 = 0 𝐸 ≥ 1 𝐸 ≥ 1 𝐸 ≥ 1 𝐸 ≥ 1 𝐿 𝐿 𝐿 − 𝐸 + 1 𝐿 𝐸 Achievability and Converse Achievability and Converse for all 𝐸 for all 𝐸 Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 5 / 20

Main Results (with uncoded and coded side information) PC + SI PIR + SI PIR + SI PC + SI Individual Privacy Individual Privacy Joint Privacy Joint Privacy 𝑁 ≥ 1 𝑁 ≥ 1 𝑁 ≥ 1 𝑁 ≥ 1 𝐸 ≥ 1 𝐸 ≥ 1 𝐸 ≥ 1 𝐸 ≥ 1 min .𝐿 − 𝑁, 𝐸 " 𝐿 𝐸𝐿 𝑁 + 𝐸 " 0 𝑁 + 𝐸 𝐸𝐿 𝑁 + 𝐸 − 𝐸 + 1 𝐿 𝑁 + 𝐸 𝑣 ! ! 𝑌 ! ! + ⋯ + 𝑣 ! " 𝑌 ! " 𝑣 ! ! 𝑌 ! ! + ⋯ + 𝑣 ! " 𝑌 ! " 𝑌 ! " , … , 𝑌 ! # 𝑌 ! " , … , 𝑌 ! # or or 𝑌 ! ! , … , 𝑌 ! " 𝑌 ! ! , … , 𝑌 ! " Achievability and Converse Achievability for all 𝑁 and 𝐸 for all 𝑁 and 𝐸 Converse for 𝑁 < 𝐸 and 𝑁 = 𝐸 = 2 for all 𝐸 Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 6 / 20

Private Computation with Individual Privacy (IPC) (IPC-USI and IPC-CSI)

Connection to Codes with Combinatorial Constraints Lemma (A Necessary Condition for Individual Privacy) For any j ∈ [ K ] , there must exist D-subset W ∗ ⊆ [ K ] , j ∈ W ∗ , D-multiset V ∗ ⊆ F q \ { 0 } , and M-subset S ∗ ⊆ [ K ] \ W ∗ , such that H ( Z [ W ∗ , V ∗ ] | A , Q , X S ∗ ) = 0 . Thinking of scalar-linear IPC protocols, this necessary condition implies the need for a linear code C of length K such that: For any j ∈ [ K ], there is a codeword c such that (Uncoded SI) supp( c ) ∋ j and D ≤ wt( c ) ≤ M + D ; (Coded SI) supp( c ) ∋ j and wt( c ) ∈ { D , M + D } . Minimizing the download cost ≡ Minimizing the dimension of C . Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 7 / 20

Main Contributions (Private Computation with Individual Privacy) Theorem (IPC-USI and IPC-CSI) � � K Uncoded/Coded SI: Minimum Download Cost = . M + D Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 8 / 20

Main Contributions (Private Computation with Individual Privacy) Theorem (IPC-USI and IPC-CSI) � � K Uncoded/Coded SI: Minimum Download Cost = . M + D Converse: • (Uncoded/Coded SI) For all K , M , D . • By the necessary condition for individual privacy, for any valid K ( Q , A ), ∃ a set of at most K − ⌈ M + D ⌉ messages given which all other messages can be recovered from ( Q , A ). Achievability: • (Uncoded/Coded SI) For all K , M , D . • A probabilistic partitioning that allows the parts to overlap [Heidarzadeh-Kazemi-Sprintson’19]. Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 8 / 20

Generalized Modified Partition-and-Code X 1 , . . . , X 11 ∈ F q ℓ Q [$,&,',(] A [$,&,',(] K • Let K = 11 and n = ⌈ M + D ⌉ = 3. • Design a ( K , n ) q code such that for any j ∈ [ K ], ∃ a codeword with support of size M + D = 4 that contains j . M = 2 , D = 2 S = { 3 , 4 } U = { u 3 , u 4 } Y = u 3 X 3 + u 4 X 4 W = { 1 , 2 } V = { v 1 , v 2 } Z = v 1 X 1 + v 2 X 2 Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 9 / 20

Generalized Modified Partition-and-Code X 1 , . . . , X 11 ∈ F q ℓ (i) Take a 3 × 11 generator matrix of the form: X i 1 X i 2 X i 3 X i 4 X i 5 X i 6 X i 7 X i 8 X i 9 X i 10 X i 11   ∗ 1 ∗ 2 ∗ 3 ∗ 4 ◦ 5 ◦ 6 ◦ 7 ◦ 8   Q [$,&,',(] A [$,&,',(] ⋄ 1 ⋄ 9 ⋄ 10 ⋄ 11 (ii) Consider n = 3 linear combinations: ˆ X 1 = ∗ 1 X i 1 + ∗ 2 X i 2 + ∗ 3 X i 3 + ∗ 4 X i 4 M = 2 , D = 2 ˆ S = { 3 , 4 } X 2 = ◦ 5 X i 5 + ◦ 6 X i 6 + ◦ 7 X i 7 + ◦ 8 X i 8 U = { u 3 , u 4 } ˆ X 3 = ⋄ 1 X i 1 + ⋄ 9 X i 9 + ⋄ 10 X i 10 + ⋄ 11 X i 11 Y = u 3 X 3 + u 4 X 4 W = { 1 , 2 } (iii) Choose i 1 , . . . , i 11 and ∗ , ◦ , ⋄ ’s carefully to V = { v 1 , v 2 } satisfy the recoverability and privacy cond.’s. Z = v 1 X 1 + v 2 X 2 Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 10 / 20

Generalized Modified Partition-and-Code X 1 , . . . , X 11 ∈ F q ℓ (iii.1) Construct a proper random permutation: � 1 � 2 3 4 5 6 7 8 9 10 11 i 2 i 4 i 1 i 3 i 10 i 8 i 6 i 5 i 11 i 9 i 7 1 3 Q [$,&,',(] A [$,&,',(] ���� � �� �   ∗ ∗ ∗ ∗ ◦ ◦ ◦ ◦   ⋄ ⋄ ⋄ ⋄ � �� � M + D =4 M = 2 , D = 2 1. According to a prob. dist. (depending on K , M , D ), S = { 3 , 4 } choose one of the rows; U = { u 3 , u 4 } 2. According to another prob. dist. (depending on Y = u 3 X 3 + u 4 X 4 K , M , D ), assign 1 , 2 , 3 , 4 to the M + D = 4 W = { 1 , 2 } columns corresponding to the chosen row. V = { v 1 , v 2 } 3. Randomly assign 5 , . . . , 11 to the rest of columns. Z = v 1 X 1 + v 2 X 2 Anoosheh Heidarzadeh (Texas A&M) PC + Individual and Joint Privacy ISIT 2020 11 / 20