Repeatable Oblivious Shuffling of Large Outsourced Data Blocks - - PowerPoint PPT Presentation

▶

Sep 14, 2022 686 likes •884 views

Repeatable Oblivious Shuffling of Large Outsourced Data Blocks Zhilin Zhang + , Ke Wang, Weipeng Lin, Ada Wai-Chee Fu, Raymond Chi-Wing Wong + Simon Fraser University, Amazon Outsourcing in the Cloud 2019 Public cloud services market >$206.2

SLIDE 1

Repeatable Oblivious Shuffling of Large Outsourced Data Blocks

Zhilin Zhang+, Ke Wang, Weipeng Lin, Ada Wai-Chee Fu, Raymond Chi-Wing Wong

+Simon Fraser University, Amazon

SLIDE 2

Outsourcing in the Cloud

2019 Public cloud services market >$206.2 B

1/16

Source: Gartner’s annual forecast of worldwide public cloud service revenue

SLIDE 3

2/16

Sensitive data must be encrypted before putting on the cloud server

SLIDE 4

Secure Computation Outsourcing

3/16

Semi-trusted Server Trusted client Encrypted Data Result Computational Task

SLIDE 5

Encryption is Insufficient

Input: [a], [b]

if a>b: branch 1 else: branch 2

Oblivious algorithm: make the control flow be independent of the input data

blivious transfer/ sorting/ shuffling, etc.

4/16

a=2, b=1 a=1, b=2

Task:

SLIDE 6

Problem

Oblivious Shuffling (OS) A shuffling of n encrypted data blocks [B] = ([B1], · · · , [Bn]) according to a permutation 𝜌 is oblivious if the server is unable to infer 𝜌.

Untrackable which is which

5/16

SLIDE 7

Application

6/16

private data access (hide access pattern) private data integration/sharing (hide data source) Max=3 coin mixing in cryptocurrency (hide owner anonymity) user 3 user 2 user 1

Mixing server

user 3 user 2 user 1

SLIDE 8

State of the Art

All existing OS methods rely on the movement of

utsourced data to the client.

download for shuffling download for peel-off

heavy communication for shuffling large-sized blocks

7/16

SLIDE 9

Repeatable Oblivious Shuffle

Definition An oblivious shuffle of [B] = ([B1], · · · , [Bn]) is repeatable if it is performed by the server without increasing encryption layers.

E(𝜌)

8/16

SLIDE 10

Preliminaries

Homomorphic matrix multiplication Matrix based data shuffling 𝑁$ ⊙ 𝑁& = 𝑁$ ( 𝑁& 𝐶 ( 𝜌 = 𝐶$, 𝐶& ( 0 1 1 0 ⇒ 𝐶&, 𝐶$

9/16

SLIDE 11

Main Idea

Key Requirements

repeatability: server side shuffling, no increase in

encryption layers

bliviousness: shuffling must be oblivious

H= 𝜌 𝐶 ⨀𝜌 → 𝐶 ( 𝜌

split the information of 𝜌 into plaintext H and some ciphertext [HA]

10/16

SLIDE 12

Formalization

𝐶 0 ← 𝑆𝑃𝑇 𝜌 0 , 𝐶 0−$

data before shuffling data after shuffling permutation matrix 𝐶 0−$ = 𝐶 ( 𝜌0−$ 𝐶 0 = 𝐶 ( 𝜌0−$ ( 𝜌(0) server side shuffling hide 𝜌 0

single layer encryption

11/16

SLIDE 13

Construction

1. pick 𝜌 0

𝐼 0 and 𝐼8

2. compute 𝐼 0 and 𝐼8

data blocks coefficient matrix

12/16

3. compute the shuffling result by

⨀ = ×

×

𝜌0:$

𝐼 0

𝜌0:$ ( 𝜌(0)

𝐼8

SLIDE 14

Analysis

Correctness Obliviousness

13/16

⨀ =

𝐼 0

𝜌0:$

known unknown

𝜌0:$ ( 𝜌(0)

𝐼8

⨀ =

𝜌0:$

𝐼 0

𝜌0:$ ( 𝜌(0)

𝐼8

SLIDE 15

Experimental Settings

Algorithm Description Our approach ROS Server-side shuffling without increasing encryption layer Baseline ClientShuffle Client-side shuffling (download data for every shuffling) LayeredShuffle (𝑚 = 2) Service-side shuffling with increasing encryption layers (download data for peeling off extra layers after every 𝑚 shuffles) LayeredShuffle (𝑚 = 10)

14/16

SLIDE 16

Effect of Block Size 𝑛

15/16

Shuffle cost w.r.t. block size m (MB) (n = 4, ClientShuffle has no server computation and thus not reported)

SLIDE 17

Effect of Block Number 𝑜

16/16

Shuffle cost w.r.t. block number n (m=10 MB, ClientShuffle has no server computation and not reported)

SLIDE 18

Q and A?