prio private robust and efficient computation of
play

Prio: Private, Robust, and Efficient Computation of Aggregate - PowerPoint PPT Presentation

Dec 28, 2022 •134 likes •1.92k views

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and Dan Boneh Stanford University NSDI 2017 Today: Non-private aggregation StressTracker Blood pressure Twitter usage Today: Non-private

  1. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + …

  2. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + …

  3. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1

  4. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1 Servers learn the 
 sum of client values and learn nothing else .

  5. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1 Servers learn the 
 sum of client values and learn nothing else .

  6. Private sums: 
 Server A Server B Server C A “straw-man” scheme S A S B S C S A + S B + S C = 15 + -10 + … S A + S B + S C = 1 + 0 + … + 1 Learn that three phones Servers learn the 
 are on the Bay Bridge— sum of client values don’t know which three and learn nothing else .

  7. Computing private sums

  8. Computing private sums Exact correctness: If everyone follows the protocol, servers compute the sum of all x i s. Privacy: Any proper subset of the servers learns nothing but the sum of the x i s. Efficiency: Follows by inspection.

  9. Computing private sums Exact correctness: If everyone follows the protocol, servers compute the sum of all x i s. Privacy: Any proper subset of the servers learns nothing but the sum of the x i s. Efficiency: Follows by inspection. Robustness: ???

  10. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 F x

  11. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 x is supposed to be F a 0/1 value x

  12. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 F x

  13. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3

  14. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 An evil client needn’t follow the rules!

  15. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 + + = 21 An evil client needn’t 10 4 7 follow the rules!

  16. Private sums: 
 Server A Server B Server C A “straw-man” scheme 15-10 -12+7 -2+3 10 4 7

  17. Private sums: 
 Server A Server B Server C A “straw-man” scheme garbage garbage garbage F

  18. Private sums: 
 Server A Server B Server C A “straw-man” scheme garbage garbage garbage A single bad client can undetectably F corrupt the sum Users have incentives to cheat Typical defenses 
 (NIZKs) are costly

  19. Outline • Background: The private aggregation problem • A straw-man solution for private sums • Providing robustness with SNIPs • Evaluation • Encodings for complex aggregates

  20. Outline • Background: The private aggregation problem • A straw-man solution for private sums • Providing robustness with SNIPs • Evaluation • Encodings for complex aggregates

  21. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x = 1

  22. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x = 1

  23. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 + ( ) + ( ) = 1 -12 -2 x = 1

  24. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 -12 -2 x = 1

  25. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 -12 -2 x = 1

  26. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 15 -12 -2 The servers want to ensure that their x = 1 shares sum to 0 or 1 
 …without learning x.

  27. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c More generally, servers x = 1 hold shares of the client’s private value x • hold an arbitrary public predicate Valid( · ) 
 • – expressed as an arithmetic circuit want to test if “Valid(x)” holds, without leaking x •

  28. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c More generally, servers x = 1 hold shares of the client’s private value x • hold an arbitrary public predicate Valid( · ) 
 • – expressed as an arithmetic circuit want to test if “Valid(x)” holds, without leaking x For our running example: 
 • Valid(x) = “x ∈ {0,1}”

  29. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c More generally, servers x = 1 hold shares of the client’s private value x • hold an arbitrary public predicate Valid( · ) 
 • – expressed as an arithmetic circuit want to test if “Valid(x)” holds, without leaking x •

  30. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c x = 1

  31. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c π a x = 1

  32. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c π a π b x = 1

  33. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 x a x b x c π a π b x = 1 π c

  34. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  35. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  36. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 Servers gossip π a , x a π b , x b x c π c , x = 1

  37. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  38. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Ok. 0 0 0 π a , x a π b , x b x c π c , x = 1

  39. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Ok. Ok. 0 0 0 π a , x a π b , x b x c π c , x = 1

  40. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Ok. Ok. Ok. 0 0 0 π a , x a π b , x b x c π c , x = 1

  41. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  42. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) x a x b x c x = 1

  43. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  44. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Fail 0 0 0 π a , x a π b , x b x c π c , x = 1

  45. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Fail Fail 0 0 0 π a , x a π b , x b x c π c , x = 1

  46. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) Fail Fail Fail 0 0 0 π a , x a π b , x b x c π c , x = 1

  47. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 π a , x a π b , x b x c π c , x = 1

  48. Server A Server B Server C Contribution 1 
 Secret-shared 
 non-interactive 
 proofs (SNIPs) 0 0 0 X X X x a x b x c x = 1 • Prio servers detect and reject malformed client submissions • In this example, each client can influence the aggregate statistic by +/- 1, at most

  49. Server A Server B Server C How SNIPs work 0 0 0 x a x b x c The servers want to ensure that 
 x = 1 Valid(x) = Valid(x a +x b +x c ) = 1 
 …without learning x.

  50. Server A Server B Server C How SNIPs work x a x b x c

  51. Server A Server B Server C How SNIPs work x a x b x c Could run secure multiparty computation to check that Valid(x) = 1. 
 [GMW87], [BGW88]

  52. Server A Server B Server C How SNIPs work x a x b x c Could run secure multiparty computation to check that Valid(x) = 1. 
 [GMW87], [BGW88]

Recommend

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and

Prio: Private, Robust, and Efficient Computation of Aggregate Statistics Henry Corrigan-Gibbs and Dan Boneh Stanford University Appeared at NSDI 2017 Today: Non-private aggregation StressTracker Blood pressure Twitter usage Today:

1.92k views • 163 slides
A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D.

A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D.

A Storage-efficient and Robust Private Information Retrieval Scheme allowing few servers D. Augot, Franc oise Levy-dit-Vehel, Abudllatif Shikfa INRIA, ENSTA, Alcatel-Lucent D. Augot GT-BAC T el ecom, December 11, 2014 - 1/27 Outline

654 views • 31 slides
WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of

WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of

GSTAR: Storage Aware Routing Protocol for Efficient and Robust Services Nehal Somani, Abhishek Chanda, Samuel Nelson, Dipankar Raychaudhuri WINLAB Rutgers University Routing in MobilityFirst: Objectives Efficient and robust support of mobility

783 views • 20 slides
STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF

STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF

STICK IT OUT OR EVEN IT OUT? Towards a robust multi-period efficient frontier HISTORY OF PORTFOLIO SELECTION 1952, Markowitz: Efficient frontier for one-off investments 1956, Kelly: Optimize expected terminal wealth for repeated games 1991,

583 views • 10 slides
The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence

The need for effective, efficient and robust communications is critical. Data is at the essence of what we do collection, evaluation, sharing these are all core to decision making whether it is part of the bridge team, the ashore side

352 views • 14 slides
Efficient Computation of Extensions for Dynamic Abstract Argumentation Frameworks: An Incremental

Efficient Computation of Extensions for Dynamic Abstract Argumentation Frameworks: An Incremental

Introduction Incremental Computation Experiments Conclusions and future work Efficient Computation of Extensions for Dynamic Abstract Argumentation Frameworks: An Incremental Approach Gianvincenzo Alfano, Sergio Greco, Francesco Parisi {

541 views • 29 slides
Efficient Private File Retrieval by Combining ORAM and PIR

Efficient Private File Retrieval by Combining ORAM and PIR

Efficient Private File Retrieval by Combining ORAM and PIR Travis Mayberry Erik-Oliver Blass Agnes Chan 1 Hiding Access Pa>erns Oblivious RAM Private Informa6on

529 views • 25 slides
Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia

Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia

Robust and Energy Efficient MAC/PHY Strategies of Wi-Fi Sunghyun Choi, Ph.D., FIEEE Multimedia & Wireless Networking Lab. Seoul National University, Korea http://www.mwnl.snu.ac.kr Introduction Wi-Fi has become an indispensable part of

700 views • 49 slides
The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H.

The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H.

The R -tree: An Efficient and Robust Access Method for Points and Rectangles N. Beckmann H. P. Kriegel R. Schneider B. Seeger Praktische Informatik, Universitaet Bremen February 23, 2013 Presented by Zhitao Gong Beckmann et al.

262 views • 22 slides
Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic

Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic

Robust and Efficient Methods of Inference for Non-Probability Samples: Application to Naturalistic Driving Data Ali Rafei 1 , Michael R. Elliott 1 , Carol A.C. Flannagan 2 1 Michigan Program in Survey Methodology 2 University of Michigan

932 views • 66 slides
Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of

Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of

Robust and Efficient Fitting of Claim Severity Distributions Vytaras Brazauskas a,b University of Wisconsin-Milwaukee 44th Actuarial Research Conference Madison, WI, July 30August 1, 2009 a In collaboration with Jones and Zitikis (University

895 views • 73 slides
Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable; user friendly; well documented; . . . but first of all, CORRECT dont forget though: also, executable. . . Correctness

202 views • 19 slides
A predictive multi-modal imaging marker for designing efficient and robust AD clinical trials

A predictive multi-modal imaging marker for designing efficient and robust AD clinical trials

A predictive multi-modal imaging marker for designing efficient and robust AD clinical trials Vikas Singh , Ozioma Okonkwo Sterling C. Johnson , Vamsi K. Ithapu Computer Sciences Biostatistics and Medical Informatics

793 views • 54 slides
Making Polynomials Robust to Noise Alexander Sherstov U C L A Noise in computation 2 Noise in

Making Polynomials Robust to Noise Alexander Sherstov U C L A Noise in computation 2 Noise in

Making Polynomials Robust to Noise Alexander Sherstov U C L A Noise in computation 2 Noise in computation human error 2 Noise in computation human error malicious third party 2 Noise in computation human randomness error malicious

1.94k views • 124 slides
Highly Efficient Gradient Computation for Highly Efficient Gradient Computation for Density-

Highly Efficient Gradient Computation for Highly Efficient Gradient Computation for Density-

Highly Efficient Gradient Computation for Highly Efficient Gradient Computation for Density- -Constrained Analytical Placement Methods Constrained Analytical Placement Methods Density Jason Cong and Guojie Luo Jason Cong and Guojie Luo UCLA

492 views • 22 slides
Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan

Techniques for Efficient Secure Computation Based on Yaos Protocol Yehuda Lindell Bar-Ilan University, Israel PKC 2013 Yehuda Lindell Techniques for Efficient Secure Computation 28/2/2013 1 / 39 Secure Computation Background A set of

689 views • 39 slides
Quantum Computation Leonard J. Schulman Caltech Quantum Computation: what it is, what it

Quantum Computation Leonard J. Schulman Caltech Quantum Computation: what it is, what it

Quantum Computation Leonard J. Schulman Caltech Quantum Computation: what it is, what it isnt. Quantum mechanical effects enable efficient solution of classically intractable problems To appreciate this, well review two great lessons of

445 views • 28 slides
Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks Italo Dacosta and Patrick Traynor Performance, Scalability and Security Finding the right balance between performance /scalability

517 views • 24 slides
Efficient all-against-all protein similarity matrix computation using OpenCL Genome-oriented

Efficient all-against-all protein similarity matrix computation using OpenCL Genome-oriented

Efficient all-against-all protein similarity matrix computation using OpenCL Genome-oriented bioinformatics lab - WS2013/2014 Uli Khler & Anton Smirnov LMU & TUM Helmholtz-Zentrum Mnchen Supervisor: Mathias Walter February 24th,

360 views • 21 slides
Flexible, Efficient Abstractions for High Performance Computation on Current and Emerging

Flexible, Efficient Abstractions for High Performance Computation on Current and Emerging

Institute for CLEAN AND SECURE ENERGY THE UNIVERSITY OF UTAH TM Flexible, Efficient Abstractions for High Performance Computation on Current and Emerging Architectures J AMES C. S UTHERLAND Associate Professor - Chemical Engineering M ATT M

141 views • 10 slides
Entropic Affinities: Properties and Efficient Numerical Computation Max Vladymyrov and Miguel

Entropic Affinities: Properties and Efficient Numerical Computation Max Vladymyrov and Miguel

Entropic Affinities: Properties and Efficient Numerical Computation Max Vladymyrov and Miguel Carreira-Perpin Electrical Engineering and Computer Science University of California, Merced http://eecs.ucmerced.edu June 18, 2013 Summary

515 views • 26 slides
Integrating Color Image Segmentation and User Labeling for Efficient and Robust Graphics

Integrating Color Image Segmentation and User Labeling for Efficient and Robust Graphics

Integrating Color Image Segmentation and User Labeling for Efficient and Robust Graphics Recognition from Historical Maps Summary: the integration of a Color Image Segmentation (CIS) step with an interactive road-layer extraction process that

444 views • 6 slides
A Robust and Efficient Parallel SVD Solver Based on Restarted Lanczos Bidiagonalization Jose E.

A Robust and Efficient Parallel SVD Solver Based on Restarted Lanczos Bidiagonalization Jose E.

Overview of SLEPc Restarted Lanczos Bidiagonalization Evaluation A Robust and Efficient Parallel SVD Solver Based on Restarted Lanczos Bidiagonalization Jose E. Roman Universidad Polit ecnica de Valencia, Spain (joint work with V.

829 views • 60 slides
A Robust and Efficient Parallel SVD Solver Based on Restarted Lanczos Bidiagonalization Jose E.

A Robust and Efficient Parallel SVD Solver Based on Restarted Lanczos Bidiagonalization Jose E.

Overview of SLEPc Restarted Lanczos Bidiagonalization Evaluation A Robust and Efficient Parallel SVD Solver Based on Restarted Lanczos Bidiagonalization Jose E. Roman Universidad Polit ecnica de Valencia, Spain (joint work with V.

337 views • 33 slides

More recommend