Verified Computational Differential Privacy with Applications to Smart Metering

EasyCrypt is a tool-assisted framework for reasoning about probabilistic computations in the presence of adversarial code, whose main application has been the verification of security properties of cryptographic constructions in the computational model. We report on a significantly enhanced version of EasyCrypt that accommodates a richer, user-extensible language of probabilistic expressions and, more fundamentally, supports reasoning about approximate forms of program equivalence. This enhanced framework allows us to express a broader range of security properties, that notably include approximate and computational differential privacy. We illustrate the use of the framework by verifying two protocols: a two-party protocol for computing the Hamming distance between bit-vectors, yielding two-sided privacy guarantees; and a novel, efficient, and privacy-friendly distributed protocol to aggregate smart meter readings into statistics and bills.

[1]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[2]  Anne-Marie Kermarrec,et al.  Private Similarity Computation in Distributed Systems: From Cryptography to Differential Privacy , 2011, OPODIS.

[3]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[4]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[5]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[6]  Benjamin C. Pierce,et al.  Distance makes the types grow stronger: a calculus for differential privacy , 2010, ICFP '10.

[7]  Eran Omri,et al.  Distributed Private Data Analysis: On Simultaneously Solving How and What , 2008, CRYPTO.

[8]  Victor Shoup,et al.  Using Hash Functions as a Hedge against Chosen Ciphertext Attack , 2000, EUROCRYPT.

[9]  Deepak Garg,et al.  Verification of Information Flow and Access Control Policies with Dependent Types , 2011, 2011 IEEE Symposium on Security and Privacy.

[10]  Florian Kerschbaum,et al.  Plug-In Privacy for Smart Metering Billing , 2010, PETS.

[11]  Elaine Shi,et al.  Privacy-Preserving Stream Aggregation with Fault Tolerance , 2012, Financial Cryptography.

[12]  Vitaly Shmatikov,et al.  Airavat: Security and Privacy for MapReduce , 2010, NSDI.

[13]  Toniann Pitassi,et al.  The Limits of Two-Party Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[14]  Prashant J. Shenoy,et al.  Designing Privacy-Preserving Smart Meters with Low-Cost Microcontrollers , 2012, Financial Cryptography.

[15]  Aaron Roth,et al.  Differentially private combinatorial optimization , 2009, SODA '10.

[16]  Benjamin Grégoire,et al.  Probabilistic relational verification for cryptographic implementations , 2014, POPL.

[17]  Andreas Haeberlen,et al.  Linear dependent types for differential privacy , 2013, POPL.

[18]  Gu Si-yang,et al.  Privacy preserving association rule mining in vertically partitioned data , 2006 .

[19]  Yevgeniy Dodis,et al.  Differential Privacy with Imperfect Randomness , 2012, IACR Cryptol. ePrint Arch..

[20]  Michael Carl Tschantz,et al.  Formal Methods for Privacy , 2009, FM.

[21]  Omer Reingold,et al.  Computational Differential Privacy , 2009, CRYPTO.

[22]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[23]  Andreas Haeberlen,et al.  Sensitivity analysis using type-based constraints , 2013, FPCDSL '13.

[24]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[25]  Klaus Kursawe Some Ideas on Privacy Preserving Meter Aggregation , 2011 .

[26]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[27]  Gilles Barthe,et al.  Probabilistic Relational Reasoning for Differential Privacy , 2012, TOPL.

[28]  George Danezis,et al.  Differentially Private Billing with Rebates , 2011 .

[29]  George Danezis,et al.  Privacy-Friendly Aggregation for the Smart-Grid , 2011, PETS.

[30]  B. Pierce,et al.  Type-based Sensitivity Analysis , 2013 .

[31]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[32]  Joe Hurd An LCF-Style Interface between HOL and First-Order Logic , 2002, CADE.

[33]  Cynthia Dwork,et al.  Privacy-Preserving Datamining on Vertically Partitioned Databases , 2004, CRYPTO.

[34]  Sumit Gulwani,et al.  Proving programs robust , 2011, ESEC/FSE '11.

[35]  Bart Goethals,et al.  On Private Scalar Product Computation for Privacy-Preserving Data Mining , 2004, ICISC.

[36]  Jonathan Katz,et al.  Limits of Computational Differential Privacy in the Client/Server Setting , 2011, TCC.

[37]  Benjamin Grégoire,et al.  Verified Indifferentiable Hashing into Elliptic Curves , 2012, POST.

[38]  Tim Roughgarden,et al.  Universally utility-maximizing privacy mechanisms , 2008, STOC '09.

[39]  Dilsun Kirli Kaynar,et al.  Formal Verification of Differential Privacy for Interactive Systems , 2011, ArXiv.

[40]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[41]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[42]  Bart Jacobs,et al.  Privacy-Friendly Energy-Metering via Homomorphic Encryption , 2010, STM.

[43]  Lawrence C. Paulson,et al.  Translating Higher-Order Clauses to First-Order Clauses , 2007, Journal of Automated Reasoning.

[44]  George Danezis,et al.  Privacy-preserving smart metering , 2011, ISSE.

[45]  Yuxin Deng,et al.  Logical, Metric, and Algorithmic Characterisations of Probabilistic Bisimulation , 2011, ArXiv.