Repeatable Oblivious Shuffling of Large Outsourced Data Blocks - PowerPoint PPT Presentation

Repeatable Oblivious Shuffling of Large Outsourced Data Blocks Zhilin Zhang + , Ke Wang, Weipeng Lin, Ada Wai-Chee Fu, Raymond Chi-Wing Wong + Simon Fraser University, Amazon

Outsourcing in the Cloud 2019 Public cloud services market >$206.2 B Source: Gartner’s annual forecast of worldwide public cloud service revenue 1/16

Sensitive data must be encrypted before putting on the cloud server 2/16

Secure Computation Outsourcing Encrypted Data Computational Task Result Trusted client Semi-trusted Server 3/16

Encryption is Insufficient Input: [a], [b] Task: if a>b: a=2, b=1 branch 1 else: branch 2 a=1, b=2 Oblivious algorithm : make the control flow be independent of the input data • oblivious transfer/ sorting/ shuffling , etc. 4/16

Problem Oblivious Shuffling (OS) A shuffling of n encrypted data blocks [B] = ([B 1 ], · · · , [B n ]) according to a permutation 𝜌 is oblivious if the server is unable to infer 𝜌 . which is which Untrackable 5/16

Application Mixing server user 1 user 1 user 2 user 2 Max=3 user 3 user 3 private data access private data integration/sharing coin mixing in cryptocurrency (hide access pattern) (hide data source) (hide owner anonymity) 6/16

State of the Art All existing OS methods rely on the movement of outsourced data to the client. download for shuffling download for peel-off heavy communication for shuffling large-sized blocks 7/16

Repeatable Oblivious Shuffle Definition An oblivious shuffle of [B] = ([B 1 ], · · · , [B n ]) is repeatable if it is performed by the server without increasing encryption layers. E( 𝜌 ) 8/16

Preliminaries Homomorphic matrix multiplication 𝑁 $ ⊙ 𝑁 & = 𝑁 $ ( 𝑁 & Matrix based data shuffling 𝐶 ( 𝜌 = 𝐶 $ , 𝐶 & ( 0 1 0 ⇒ 𝐶 & , 𝐶 $ 1 9/16

Main Idea Key Requirements • repeatability: server side shuffling, no increase in encryption layers • obliviousness: shuffling must be oblivious H= 𝜌 𝐶 ⨀𝜌 → 𝐶 ( 𝜌 split the information of 𝜌 into plaintext H and some ciphertext [H A ] 10/16

Formalization ← 𝑆𝑃𝑇 𝜌 0 , 𝐶 0 − $ 𝐶 0 data before shuffling data after shuffling permutation = 𝐶 ( 𝜌 0 − $ ( 𝜌 (0) 𝐶 0 − $ = 𝐶 ( 𝜌 0 − $ 𝐶 0 matrix server side shuffling single hide 𝜌 0 layer encryption 11/16

Construction 1. pick 𝜌 0 0 2. compute 𝐼 0 and 𝐼 8 0 𝐼 0 and 𝐼 8 3. compute the shuffling result by ⨀ 0 × 𝜌 0:$ ( 𝜌 (0) × 𝜌 0:$ 𝐼 0 = 𝐼 8 B B coefficient matrix data blocks 12/16

Analysis unknown known Correctness ⨀ 0 𝐼 0 = 𝜌 0:$ 𝐼 8 𝜌 0:$ ( 𝜌 (0) Obliviousness ⨀ 𝐼 0 0 = 𝜌 0:$ ( 𝜌 (0) 𝜌 0:$ 𝐼 8 13/16

Experimental Settings Algorithm Description Server-side shuffling without Our approach ROS increasing encryption layer Client-side shuffling ClientShuffle (download data for every shuffling) LayeredShuffle ( 𝑚 = 2 ) Service-side shuffling with Baseline increasing encryption layers (download data for peeling off extra LayeredShuffle ( 𝑚 = 10 ) layers after every 𝑚 shuffles) 14/16

Effect of Block Size 𝑛 Shuffle cost w.r.t. block size m (MB) (n = 4, ClientShuffle has no server computation and thus not reported) 15/16

Effect of Block Number 𝑜 Shuffle cost w.r.t. block number n (m=10 MB, ClientShuffle has no server computation and not reported) 16/16

Q and A ?