privacy preserving shortest path computa6on
play

Privacy-Preserving Shortest Path Computa6on David J. Wu, Joe - PowerPoint PPT Presentation

Privacy-Preserving Shortest Path Computa6on David J. Wu, Joe Zimmerman, Jrmy Planul, and John C. Mitchell Stanford University Naviga6on desired des@na@on current posi@on Naviga6on: A Solved Problem? direc@ons to the Catamaran Resort


  1. Privacy-Preserving Shortest Path Computa6on David J. Wu, Joe Zimmerman, Jérémy Planul, and John C. Mitchell Stanford University

  2. Naviga6on desired des@na@on current posi@on

  3. Naviga6on: A Solved Problem? direc@ons to the Catamaran Resort Issue : cloud learns where you are and where you are going!

  4. “Trivial” Solu6on Give me the en@re map!

  5. “Trivial” Solu6on Give me the en@re map! Cons: • rou@ng informa@on constantly changing • map provider doesn’t Pros: lots of privacy (for the client) want to give away map for “free”

  6. Private Shortest Paths San Diego Airport to Catamaran Resort protocol Client Privacy: server does not Server Privacy: client only learns learn source or des@na@on route from source to des@na@on

  7. Private Shortest Paths Model: assume client knows topology of the network (e.g., road network from OpenStreetMap) Weights on edges (e.g., travel @mes) are hidden Client Privacy: Server does not learn client’s source 𝑡 or des@na@on 𝑢 Server Privacy: Client only learns 𝑡 → 𝑢 shortest path and nothing about weights of other edges not in shortest path

  8. Straw Man Solu6on Suppose road network has 𝑜 nodes Construct 𝑜 × 𝑜 database: [█​𝑠↓ 11 &​𝑠↓ 12 & ⋯ &​𝑠↓ 1 𝑜 @​𝑠↓ 21 &​𝑠↓ 22 & ⋯ &​𝑠↓ 2 𝑜 @ ⋮ & ⋮ & ⋱ & ⋮ @​𝑠↓𝑜 1 &​𝑠↓𝑜 2 & ⋯ &​𝑠↓𝑜𝑜 ] record ​𝑠↓𝑡𝑢 : shortest path Shortest Path Protocol : from node 𝑡 to node 𝑢 privately retrieve record ​ (e.g., 𝑡 → ​𝑤↓ 1 → ​𝑤↓ 2 → 𝑢 ) 𝑠↓𝑡𝑢 from database

  9. Symmetric Private Informa6on Retrieval (SPIR) record 𝑗 ??? SPIR protocol cloud database Client Privacy: server does Server Privacy: client only not learn 𝑗 learns record 𝑗

  10. Finding Structure Straw man solu@on requires SPIR on databases with ​𝒐↑ 𝒐↑ 𝟑 records – quadra@c in number of nodes in the graph – rather imprac@cal! Observa8on 1: Nodes in road networks tend to have low (constant) degree

  11. Finding Structure Typically, an intersec@on has up to four neighbors (for the four cardinal direc@ons) For each node in the network, associate each neighbor with a direc@on (unique index)

  12. Finding Structure Next-hop rou@ng matrix for graph with 𝑜 nodes: [█​𝑠↓ 11 &​𝑠↓ 12 & ⋯ &​𝑠↓ 1 𝑜 @​𝑠↓ 21 &​𝑠↓ 22 & ⋯ &​𝑠↓ 2 𝑜 @ ⋮ & ⋮ & ⋱ & ⋮ @​𝑠↓𝑜 1 &​𝑠↓𝑜 2 & ⋯ &​𝑠↓𝑜𝑜 ] ​𝑠↓𝑡𝑢 : index of neighbor to take shortest path protocol: on first hop on shortest path itera@vely retrieve the next hop from node 𝑡 to node 𝑢 in shortest path

  13. Finding Structure Rou@ng from 0 to 4: 1. Query ​𝑠↓ 04 : North 2 3 4 2. Query ​𝑠↓ 14 : North 3. Query ​𝑠↓ 24 : East 4. Query ​𝑠↓ 34 : East 1 0 But same problem as before: SPIR on database with ​𝑜↑ 2 elements

  14. Finding Structure Observa8on 2: Road networks have geometric structure Nodes above hyperplane: first hop is north or east Nodes below hyperplane: first hop is south or west

  15. Finding Structure If each node has four neighbors, can specify neighbors with two bits: 1 st bit: encode direc@on • along NW/SE axis 2 nd bit: encode direc@on • along NE/SW axis

  16. A Compressible Structure Let ​𝑁↑( NE ) and ​𝑁↑ (NW) be next-hop matrices along NE and NW axis (entries in ​𝑁↑ (NE) and ​𝑁↑( NW ) are bits) Objec8ve : for 𝑗 ∈ { NE,NW } , find matrices ​𝐵↑(𝑗) , ​𝐶↑(𝑗) such that ​𝑁↑(𝑗) =sign (​𝐵↑(𝑗) ⋅ ​(​𝐶↑(𝑗) )↑𝑈 )

  17. A Compressible Structure Objec8ve : for 𝑗 ∈ { NE,NW } , find matrices ​𝐵↑(𝑗) , ​𝐶↑(𝑗) such that ​𝑁↑(𝑗) =sign (​𝐵↑(𝑗) ⋅ ​(​𝐶↑(𝑗) )↑𝑈 ) ​𝐶↓𝑢 : ​𝑢↑ th row of Compu@ng next-hop “des@na@on matrix” ​𝐶↑𝑈 reduces to compu@ng inner products Index of row in 𝐵 only ​𝑁↓𝑡𝑢 : direc@on depend on source , index of from 𝑡 on 𝑡 → 𝑢 row in 𝐶 only depend on shortest path ​𝐵↓𝑡 : ​𝑡↑ th row of des(na(on “source matrix” 𝐵 𝑁

  18. A Compressible Structure 7000 Size of Representa@on (KB) 6000 5000 4000 Over 10x 3000 compression! 2000 1000 0 0 1000 2000 3000 4000 5000 6000 7000 8000 Nodes in Graph Original Representa@on Compressed Representa@on

  19. An Itera6ve Shortest-Path Protocol To learn next-hop on 𝑡 → 𝑢 shortest path: 1. Use SPIR to obtain ​𝑡↑ th row of ​𝐵↑( NE ) and ​𝐵↑( NW ) 2. Use SPIR to obtain ​𝑢↑ th row of ​𝐶↑( NE ) and ​𝐶↑( NW ) 3. Compute ​𝑁↓𝑡𝑢↑( NE ) =sign ⟨​𝐵↓𝑡↑( NE ) , ​𝐶↓𝑢↑( NE ) ⟩ and ​𝑁↓𝑡𝑢↑( NW ) =sign ⟨​𝐵↓𝑡↑( NW ) , ​𝐶↓𝑢↑( NW ) ⟩ Problem : rows and columns SPIR queries on databases of 𝐵 , 𝐶 reveal more informa@on with 𝒐 records than desired

  20. Affine Encodings and Arithme6c Circuits Goal: Reveal inner product without revealing vectors Idea: Use a “garbled” arithme@c circuit (affine encodings) [AIK14] • Encodings reveal output of computa@on (inner product) and nothing more Solu8on: SPIR on arithme@c circuit encodings

  21. An Itera6ve Shortest-Path Protocol To learn next-hop on 𝑡 → 𝑢 shortest path: 1. Use SPIR to obtain encodings of ​𝑡↑ th row of ​𝐵↑( NE ) and ​𝐵↑( NW ) 2. Use SPIR to obtain encodings of ​𝑢↑ th row of ​𝐶↑( NE ) and ​𝐶↑( NW ) 3. Evaluate inner products ⟨​𝐵↓𝑡↑( NE ) , ​𝐶↓𝑢↑( NE ) ⟩ and ⟨​𝐵↓𝑡↑( NW ) , ​𝐶↓𝑢↑( NW ) ⟩ 4. Compute ​𝑁↓𝑡𝑢↑( NE ) and ​𝑁↓𝑡𝑢↑( NW ) (signs of inner products) Affine encodings hide source and des@na@on matrices, but inner products reveal too much informa@on

  22. Thresholding via Garbled Circuits Goal: Reveal only the sign of the inner product Solu8on: Blind inner product and evaluate the sign func@on using a garbled circuit [Yao86, BHR12] • Instead of ⟨𝑦 , 𝑧⟩ , compute 𝛽⟨𝑦 , 𝑧⟩ + 𝛾 for random 𝛽 , 𝛾 ∈ ​ 𝔾 ↓𝑞 • Use garbled circuit to unblind and compu@ng the sign

  23. An Itera6ve Shortest-Path Protocol To learn next-hop on 𝑡 → 𝑢 shortest path: 1. Use SPIR to obtain encodings of ​𝑡↑ th row of ​𝐵↑( NE ) and ​𝐵↑( NW ) 2. Use SPIR to obtain encodings of ​𝑢↑ th row of ​𝐶↑( NE ) and ​𝐶↑( NW ) 3. Evaluate to obtain blinded inner products ​𝑨↑( NE ) and ​𝑨↑( NW ) 4. Use garbled circuit to compute ​𝑁↓𝑡𝑢↑( NE ) and ​𝑁↓𝑡𝑢↑( NW ) See paper for protec@on Semi-honest secure! against malicious par@es

  24. Benchmarks Preprocessed city maps from OpenStreetMap

  25. Online Benchmarks Number of City Time per Round (s) Bandwidth (KB) Nodes 1.44±0.16 San Francisco 1830 88.24 1.64±0.13 Washington D.C. 2490 90.00 2.91±0.19 Dallas 4993 95.02 4.75±0.22 Los Angeles 7010 100.54 Timing and bandwidth for each round of the online protocol (with protec@on against malicious clients)

  26. End-to-End Benchmarks Total Online Number of City Online Time Bandwidth Rounds (s) (MB) San Francisco 97 140.39 8.38 Washington 120 197.48 10.57 D.C. Dallas 126 371.44 11.72 Los Angeles 165 784.34 16.23 End-to-end performance of private shortest paths protocol (aper padding number of rounds to maximum length of shortest path for each network)

  27. Conclusions Problem: privacy-preserving naviga@on Rou@ng informa@on for road networks are compressible! • Op@miza@on-based compression technique achieves over 10x compression of next-hop matrices Compressed rou@ng matrix lends itself to itera@ve shortest-path protocol • Compu@ng the shortest path reduces to compu@ng sign of inner product • Leverage combina@on of arithme@c circuits + Boolean circuits

  28. Ques6ons?

Recommend


More recommend