Differentially private data aggregation with optimal utility

Computing aggregate statistics about user data is of vital importance for a variety of services and systems, but this practice has been shown to seriously undermine the privacy of users. Differential privacy has proved to be an effective tool to sanitize queries over a database, and various cryptographic protocols have been recently proposed to enforce differential privacy in a distributed setting, e.g., statical queries on sensitive data stored on the user's side. The widespread deployment of differential privacy techniques in real-life settings is, however, undermined by several limitations that existing constructions suffer from: they support only a limited class of queries, they pose a trade-off between privacy and utility of the query result, they are affected by the answer pollution problem, or they are inefficient. This paper presents PrivaDA, a novel design architecture for distributed differential privacy that leverages recent advances in secure multiparty computations on fixed and floating point arithmetics to overcome the previously mentioned limitations. In particular, PrivaDA supports a variety of perturbation mechanisms (e.g., the Laplace, discrete Laplace, and exponential mechanisms) and it constitutes the first generic technique to generate noise in a fully distributed manner while maintaining the optimal utility. Furthermore, PrivaDA does not suffer from the answer pollution problem. We demonstrate the efficiency of PrivaDA with a performance evaluation, and its expressiveness and flexibility by illustrating several application scenarios such as privacy-preserving web analytics.

[1]  Matteo Maffei,et al.  Differential Privacy by Typing in Security Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[2]  Ilya Mironov,et al.  On significance of the least significant bits for differential privacy , 2012, CCS.

[3]  George Danezis,et al.  Verified Computational Differential Privacy with Applications to Smart Metering , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[4]  Feng-Hao Liu,et al.  Efficient Secure Two-Party Exponentiation , 2011, CT-RSA.

[5]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[6]  Claude Castelluccia,et al.  I Have a DREAM! (DiffeRentially privatE smArt Metering) , 2011, Information Hiding.

[7]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[8]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[9]  Andreas Haeberlen,et al.  Differential Privacy Under Fire , 2011, USENIX Security Symposium.

[10]  Paul Francis,et al.  Non-tracking web analytics , 2012, CCS.

[11]  Paul Francis,et al.  Towards Statistical Queries over Distributed Private User Data , 2012, NSDI.

[12]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[13]  Boris Schling The Boost C++ Libraries , 2011 .

[14]  D. Owen Handbook of Mathematical Functions with Formulas , 1965 .

[15]  Tim Roughgarden,et al.  Universally utility-maximizing privacy mechanisms , 2008, STOC '09.

[16]  Johannes Gehrke,et al.  Towards Privacy for Social Networks: A Zero-Knowledge Based Definition of Privacy , 2011, TCC.

[17]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[18]  Vaidy S. Sunderam,et al.  Secure multiparty aggregation with differential privacy: a comparative study , 2013, EDBT '13.

[19]  Prashant J. Shenoy,et al.  Private memoirs of a smart meter , 2010, BuildSys '10.

[20]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[21]  Milton Abramowitz,et al.  Handbook of Mathematical Functions with Formulas, Graphs, and Mathematical Tables , 1964 .

[22]  Haixu Tang,et al.  Learning your identity and disease from research papers: information leaks in genome wide association study , 2009, CCS.

[23]  Tomasz J. Kozubowski,et al.  A discrete analogue of the Laplace distribution , 2006 .

[24]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[25]  L. Devroye Non-Uniform Random Variate Generation , 1986 .

[26]  Benny Pinkas,et al.  FairplayMP: a system for secure multi-party computation , 2008, CCS.

[27]  Gene Tsudik,et al.  Secure spread: an integrated architecture for secure group communication , 2005, IEEE Transactions on Dependable and Secure Computing.

[28]  George Danezis,et al.  Differentially Private Billing with Rebates , 2011 .

[29]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[30]  Dale Miller,et al.  Preserving differential privacy under finite-precision semantics , 2013, Theor. Comput. Sci..

[31]  Yihua Zhang,et al.  Secure Computation on Floating Point Numbers , 2013, NDSS.

[32]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[33]  George Danezis,et al.  PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks , 2014, CCS.

[34]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[35]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[36]  Octavian Catrina,et al.  Secure Computation with Fixed-Point Numbers , 2010, Financial Cryptography.

[37]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[38]  Florian Kerschbaum,et al.  Fault-Tolerant Privacy-Preserving Statistics , 2012, Privacy Enhancing Technologies.

[39]  Paul Francis,et al.  SplitX: high-performance private analytics , 2013, SIGCOMM.

[40]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[41]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[42]  Raghav Bhaskar,et al.  Noiseless Database Privacy , 2011, ASIACRYPT.

[43]  Sandeep Koranne,et al.  Boost C++ Libraries , 2011 .

[44]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[45]  Yuval Ishai,et al.  Share Conversion, Pseudorandom Secret-Sharing and Applications to Secure Computation , 2005, TCC.

[46]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[47]  Benjamin C. M. Fung,et al.  Secure Distributed Framework for Achieving ε-Differential Privacy , 2012, Privacy Enhancing Technologies.

[48]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[49]  Steven Myers,et al.  ANONIZE: A Large-Scale Anonymous Survey System , 2014, 2014 IEEE Symposium on Security and Privacy.

[50]  Elaine Shi,et al.  Privacy-Preserving Stream Aggregation with Fault Tolerance , 2012, Financial Cryptography.

[51]  Aniket Kate,et al.  Computational Verifiable Secret Sharing Revisited , 2011, ASIACRYPT.

[52]  Omer Reingold,et al.  Computational Differential Privacy , 2009, CRYPTO.