dpm 2013 privacy preserving multi party reconciliation
play

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the - PowerPoint PPT Presentation

May 23, 2023 •42 likes •212 views

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

  1. DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security, RWTH Aachen University 1 Department of Computer Science, Stevens Institute of Technology 2 12.09.2013 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 1/15

  2. DPM 2013 Overview Introduction 1 Fair and Privacy-Preserving Reconciliation on Ordered Sets 2 Protocol for Minimum of Ranks Secure in the Malicious Model Evaluation 3 Conclusion 4 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 2/15

  3. DPM 2013 Fair and Privacy-Preserving Reconciliation Borda Count Vo � ng Candidate Points Peter 3 2 Michael 1 Alice Candidate Points Michael 3 2 Peter 1 Alice Candidate Points Michael 3 Alice 2 Peter 1 Result Points Michael 8 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 3/15

  4. DPM 2013 Fair and Privacy-Preserving Reconciliation on Ordered Sets Definition (MPROS) • Secure multi-party computation protocol between n parties • Input: Candidate Points Candidate Points • Ordered sets S 1 , ..., S n of size k drawn from a Peter Peter 3 3 common domain D Michael Michael 2 2 • Ranking rank S ( x i ) = k − i + 1 , x i ∈ S 1 1 Alice Alice • Fairness: MR SR Candidate Points Candidate Points Candidate Points Candidate Points f MR ( x ) = min { rank S 1 ( x ) , ..., rank S n ( x )} Michael Michael 3 2 Michael Michael 8 3 Peter Peter 2 1 Peter Peter 6 2 f SR ( x ) = rank S 1 ( x ) + ... + rank S n ( x ) 1 1 4 1 Alice Alice Alice Alice • Output: MR SR Candidate Result Points Candidate Result Points X = arg max f ( x ) t = x ∈( S 1 ∩ ... ∩ S n ) f ( x ) max Michael Michael 2 Michael Michael 8 x ∈( S 1 ∩ ... ∩ S n ) Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 4/15

  5. DPM 2013 Preliminaries Basics • Additively homomorphic cryptosystem (Threshold Paillier cryptosystem) • Compute the encrypted sum of two plaintexts given only the related ciphertexts • Privacy-preserving multiset operations (Kissner et al. 1 ) j = 1 ( x − s i , j ) • Represent multiset S i = { s i , 1 , ..., s i , k } as polynomial f i ( x ) = ∏ k • Computation on encrypted polynomials, semi-honest adversary model 1 L. Kissner and D. X. Song: Privacy-Preserving Set Operations , In CRYPTO , LNCS, 2005 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 5/15

  6. DPM 2013 Preliminaries Basics • Additively homomorphic cryptosystem (Threshold Paillier cryptosystem) • Compute the encrypted sum of two plaintexts given only the related ciphertexts • Privacy-preserving multiset operations (Kissner et al. 1 ) j = 1 ( x − s i , j ) • Represent multiset S i = { s i , 1 , ..., s i , k } as polynomial f i ( x ) = ∏ k • Computation on encrypted polynomials, semi-honest adversary model Privacy-Preserving Set Operations • Let ϕ , γ denote enc. polys, g an unenc. poly, and s , r , F i random unenc. polys ϕ × h s + h γ × h r { a , b 2 , c } ∩ { b , c 3 } = { b , c } • Multiset intersection: — ϕ × h g { a , b 2 , c } ∪ { b , c 3 } = { a , b 3 , c 4 } • Multiset union: — i = 0 γ ( i ) × h F i × h r i t Rd 1 ({ a , b 2 , c }) = { b } ∑ ˜ • Multiset reduction: — 1 L. Kissner and D. X. Song: Privacy-Preserving Set Operations , In CRYPTO , LNCS, 2005 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 5/15

  7. DPM 2013 MPROS Secure in the Semi-Honest Model Reminder Definition Fairness: f MR ( x ) = min { rank S 1 ( x ) , ..., rank S n ( x )} f SR ( x ) = rank S 1 ( x ) + ... + rank S n ( x ) Output: X = f ( x ) t = x ∈( S 1 ∩ ... ∩ S n ) f ( x ) arg max max x ∈( S 1 ∩ ... ∩ S n ) MPROS Functions 2 i = 1 { s i 1 , . . . , s il } ⋂ n • Minimum of ranks: with round 1 ≤ l ≤ k and S i = { s i 1 > ... > s ik } Rd t ( renc ( S 1 ) ∪ ... ∪ renc ( S n ) ) ∩ ( S 1 ∩ ... ∩ S n ) • Sum of ranks: with renc ( S i ) = { s rank i ( s ) ∣ s ∈ S i } and t = nk − 1 , ..., n − 1 2 G. Neugebauer, L. Brutschy, U. Meyer, S. Wetzel: Design and Implementation of Privacy-Preserving Reconciliation Protocols , 6th ACM International Workshop on Privacy and Anonymity in the Information Society, EDBT/ICDT 2013, Genoa, Italy, March 2013 Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 6/15

  8. DPM 2013 How to Achieve Security in the Malicious Model Security Model • Semi-honest adversary: insider attacker that tries to infer as much (secret) information as possible, but follows the prescribed actions of the protocol • Malicious adversary: insider attacker that can almost arbitrarily deviate from the protocol except refusal to participate, manipulation of its own input, and protocol abortion Observations • MPROS is based on privacy-preserving intersections, unions, and reductions of multisets that encode the ordered input sets of the n parties • Privacy-preserving multiset operations are based on homomorphic additions and scalar multiplications → Use ZKPK’s to prove correctness of computations involving encryptions of • secret input sets • chosen random polynomials • intermediate computation results Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 7/15

  9. DPM 2013 Verifiable Set Operations Zero-Knowledge Proofs of Knowledge • We use ZKPK’s based on a threshold version of the Paillier cryptosystem • Previous work • Interactive Proof of Plaintext Knowledge • Interactive Proof of Correct Multiplication • Proof of a Subset Relation Using Verifiable Shuffles • Proof of Correct Threshold Decryption • Novel work • Non-Interactive Proof of Plaintext Knowledge and Correct Multiplication • Proof of a Homomorphic Linear Equation Polynomial Operations • Proof of Correct Multiplication of Polynomials • Proof of Arbitrary Linear Expressions of Polynomials → Enables verifiable set intersection, union, and reduction operations Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 8/15

  10. DPM 2013 Protocol Comparison (MR) - Semi-honest model (SHM) vs Malicious model (MM) Same setting: P 1 , ..., P n , ordered sets ( S i , < i ) chosen from a common domain D , pre-distributed keys, secure channels 1. Input Encryption SHM Each party P i encrypts and broadcasts its highest ranked input ϕ i , 1 = E ( x − d i , 1 ) MM Each party P i 1. Computes an encrypted shuffle ( δ i , 1 , ..., δ i , k , ... ) of the domain D 2. Broadcasts the shuffle and a correctness proof Π SHUFFLE , i Each party P i for j ∈ { 1 , .., n } 1. If j ≠ i , verifies Π SHUFFLE , j 2. Chooses random polynomial r i , j , 1 of degree 1 3. Computes and commits to ρ i , j , 1 = E 1 ( r i , j , 1 ) Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 9/15

  11. DPM 2013 Protocol Comparison (MR) - Semi-honest model (SHM) vs Malicious model (MM) 2. Set Intersection (Initially t = k − 1) SHM Each party P i 1. Chooses random polynomials r i , j of degree k − t n 2. Calculates and broadcasts γ i = ˜ j = 0 ( ϕ j , k − t × h r i , j ) ∑ n 3. Calculates π = ˜ ∑ l = 1 γ i MM Each party P i 1. Opens the commitment to ρ i , j , k − t n 2. Computes and broadcasts γ i = [ ˜ j = 0 ( ϕ j , k − t ∗ h r i , j , k − t )] r ∑ 3. Broadcasts a proof Π INTERSECT , i that γ i is correctly computed Each party P i 1. For j ∈ { 1 , .., n } ∖ { i } verifies Π INTERSECT , j 2. Calculates π = ∑ n i = 1 γ i Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 10/15

  12. DPM 2013 Protocol Comparison (MR) - Semi-honest model (SHM) vs Malicious model (MM) 2. Set Intersection (Initially t = k − 1) SHM Each party P i 1. Chooses random polynomials r i , j of degree k − t n 2. Calculates and broadcasts γ i = ˜ j = 0 ( ϕ j , k − t × h r i , j ) ∑ n 3. Calculates π = ˜ ∑ l = 1 γ i MM Each party P i 1. Opens the commitment to ρ i , j , k − t n 2. Computes and broadcasts γ i = [ ˜ j = 0 ( ϕ j , k − t ∗ h r i , j , k − t )] r ∑ 3. Broadcasts a proof Π INTERSECT , i that γ i is correctly computed Each party P i 1. For j ∈ { 1 , .., n } ∖ { i } verifies Π INTERSECT , j 2. Calculates π = ∑ n i = 1 γ i 3. Decryption SHM All parties together perform a threshold decryption of π MM All parties perform a malicious model threshold decryption of π Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 10/15

  13. DPM 2013 Protocol Analysis Correctness • We compute the same function as the semi-honest variants • Assuming that the ZKPK’s are difficult to forge, each party is forced to perform the correct computations → Correctness results in the semi-honest model also apply to our malicious model variant Security / Privacy • All parties only learn the optimal solution and the minimum of ranks value • Security proof based on the simulation paradigm given in our paper Georg Neugebauer: Privacy-Preserving Reconciliation Protocols 11/15

Recommend

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation

Privacy Preserving Data Mining Moheeb Rajab Agenda Overview and Terminology Motivation Active Research Areas Secure Multi-party Computation (SMC) Randomization approach Limitations Summary and Insights Overview

716 views • 53 slides
Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo

Privacy Preservation through Secure Multi-party Computation: Towards Implementation Paolo Palmieri , Olivier Pereira UCL Crypto Group Universit e Catholique de Louvain (Belgium) Provable Privacy Workshop July 2012 UCL Crypto Group

660 views • 34 slides
Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point

Easily programmable secure multi-party computation on integers, strings and floating point numbers Dan Bogdanov Sharemind project lead dan@cyber.ee https://sharemind.cyber.ee/ sharemind a machine for fast privacy-preserving computations

643 views • 42 slides
BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith

BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith

BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith Suresh CrIS Lab, IISc https://www.csa.iisc.ac.in/~cris Outline q Secure Multi-party Computation (MPC) q MPC for small number of parties (3PC) q Our

2.46k views • 53 slides
Privacy Preserving Multi-target Tracking Anton Milan Stefan Roth Konrad Schindler

Privacy Preserving Multi-target Tracking Anton Milan Stefan Roth Konrad Schindler

Privacy Preserving Multi-target Tracking Anton Milan Stefan Roth Konrad Schindler Mineichi Kudo Visual People Tracking Applications and Benefits CCTV: Increased safety Automated video analysis Crowd motion estimation

635 views • 37 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
Privacy Preserving Distributed ID3 Algorithm Nan Meng University of Hong Kong

Privacy Preserving Distributed ID3 Algorithm Nan Meng University of Hong Kong

Privacy Preserving Distributed ID3 Algorithm Nan Meng University of Hong Kong u3003637@connect.hku.hk April 29, 2016 Nan Meng (Imaging Systems Laboratory) Two-party Jointly Decision Tree April 29, 2016 1 / 29 Overview Introduction

514 views • 29 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of

Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of

Introduction ASPIR Multi-Authorizer ASPIR Conclusion Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of Computer Science, McGill University 1 / 25 Introduction ASPIR Multi-Authorizer ASPIR

325 views • 30 slides
THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM EXPOSURE Presented By LAURA J. COE INTRODUCTION Why Privacy Law Issues Matter During 2017, over 1,500 data breaches resulted in:

586 views • 57 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides
PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis

PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis

PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis Raisaro, Urs Hengartner, Adam Molyneaux and Jean-Pierre Hubaux SEPTEMBER 2013 Raw data (short reads) Sequencing Samples machine SAM file 3 billion

555 views • 26 slides
Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer

Multi Party Computation: From Theory to Practice Nigel P . Smart Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB. January 8, 2013 Nigel P . Smart Multi Party

604 views • 28 slides
Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My experience with biometrics and privacy Academic background on privacy Gradiants goal: transfer of knowledge to industry We bring state of

193 views • 6 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph Geumlek,* Max Welling, + Kamalika Chaudhuri* + University of Amsterdam *University of California, San Diego Overview Bayesian Privacy-preserving

878 views • 75 slides
Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann , Christopher Piosecny University of Hamburg (Germany) 1 Agenda Missing Privacy in DNS Characteristics of DNS Traffic

559 views • 24 slides

More recommend