Practical Private Computation of Vector Addition-Based Functions Yitao Duan and John Canny Computer Science Division University of California, Berkeley.

Slides:

Advertisements

Similar presentations

Polylogarithmic Private Approximations and Efficient Matching

Advertisements

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

1 An Efficient Strong Key-Insulated Signature Scheme and Its Application 5 th European PKI Workshop June 16-17, 2008 NTNU, Trondheim, Norway Go Ohtake.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

Strong Error Detection for Control Units Against Advanced Attackers Kahraman Daglar Akdemir Advisor: Berk Sunar Electrical and Computer Engineering MOTIVATION.

P4P: A Practical Framework for Privacy- Preserving Distributed Computation Yitao Duan (Advisor Prof. John Canny) Berkeley.

Zero Knowledge Proofs By Subha Rajagopalan Jaisheela Kandagal.

Cryptography Basic (cont)

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

How to Share a Secret Amos Beimel. Secret Sharing [Shamir79,Blakley79,ItoSaitoNishizeki87] ? bad.

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Scalable Secure Bidirectional Group Communication Yitao Duan and John Canny Berkeley Institute of Design Computer Science.

Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.

Computing Sketches of Matrices Efficiently & (Privacy Preserving) Data Mining Petros Drineas Rensselaer Polytechnic Institute (joint.

Privacy Preserving Data Mining Yehuda Lindell & Benny Pinkas.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.

Practical Private Computation and Zero- Knowledge Tools for Privacy-Preserving Distributed Data Mining Yitao Duan and John Canny

RSA Question 2 Bob thinks that p and q are primes but p isn’t. Then, Bob thinks ©Bob:=(p-1)(q-1) = Á(n). Is this true ? Bob chooses a random e (1 < e

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.

(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi

Data mining and machine learning A brief introduction.

Optimistic Mixing for Exit-Polls Philippe Golle, Stanford Sheng Zhong, Yale Dan Boneh, Stanford Markus Jakobsson, RSA Labs Ari Juels, RSA Labs.

September 20 th, 2006 U-Prove crypto overview Copyright © 2006, Quebec Inc. Proprietary and Confidential.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Tools for Privacy Preserving Distributed Data Mining

© UCL Crypto group oct.-15 On the Perfect Encryption Assumption in the Study of Security Protocols O. Pereira and J.-J. Quisquater UCL Crypto Group

Modern Cryptographic Topics

Cryptography Lecture 2 Arpita Patra. Summary of Last Class  Introduction  Secure Communication in Symmetric Key setting >> SKE is the required primitive.

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

Lecture 2: Introduction to Cryptography

University of Massachusetts Amherst · Department of Computer Science Square Root Law for Communication with Low Probability of Detection on AWGN Channels.

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.

Exam 1 Review CS461/ECE422 Fall Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.

Optimizing Robustness while Generating Shared Secret Safe Primes Emil Ong and John Kubiatowicz University of California, Berkeley.

Faster Implementation of Modular Exponentiation in JavaScript

SybilGuard: Defending Against Sybil Attacks via Social Networks.

Almost Entirely Correct Mixing With Applications to Voting Philippe Golle Dan Boneh Stanford University.

Private Information Retrieval Based on the talk by Yuval Ishai, Eyal Kushilevitz, Tal Malkin.

Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena.

SSH/SSL Attacks not on tests, just for fun. SSH/SSL Should Be Secure Cryptographic operations are secure SSL uses certificates to authenticate servers.

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Secret Sharing Schemes: A Short Survey Secret Sharing 2.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

MPC and Verifiable Computation on Committed Data

Modern symmetric-key Encryption

Cryptographic protocols 2014, Lecture 2 assumptions and reductions

Introduction to security goals and usage of cryptographic algorithms

Efficient Public-Key Distance Bounding

Yitao Duan (Advisor Prof. John Canny) Berkeley Institute of Design

An Improved Novel Key Management Protocol for RFID Systems

Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS

Helen: Maliciously Secure Coopetitive Learning for Linear Models

Cryptography Lecture 18.

How to Use Charm Crypto Lib

Presentation transcript:

Practical Private Computation of Vector Addition-Based Functions Yitao Duan and John Canny Computer Science Division University of California, Berkeley PODC 2007, August 12, Portland OR

Overview A method for performing privacy preserving distributed computation of many algorithms that is practical and secure in a realistic threat model at large scale Provably strong (information-theoretic) privacy Efficient ZKP to deal with cheating users

Model A few collaborating data miners mining data from n users Each user has an m-dimensional vector Realistic scale: m, n large (10 3 – 10 6 ) Threat: data miners are passive, users are allowed to cheat arbitrarily Challenge: standard cryptographic tools not feasible at this scale

Our Results Private computation based on secret sharing using addition only steps Private addition is much simpler than multiplication The main computation is in small field (32 or 64 bits) – private computation has the same cost as regular arithmetic A lot of (nonlinear) algorithms can be done with addition: Regression, Classification, Bayes net, Link analysis, SVD, EM. An extremely efficient ZKP that the L2 norm of user vector is bounded by L (Only O(logm) large field operations)

An Efficient Proof of Honesty The server asks for N random projections of the user’s vector, the user proves the square sum of them is small. Projections are done in small field. The only large field operations are N encryptions and boundedness ZKP O(log m) public key crypto operations (instead of O(m)) to prove that the L-2 norm of an m-dim vector is smaller than L.

Acceptance/rejection probabilities (a) Linear and (b) log plots of probability of user input acceptance as a function of |d|/L for N = 50. (b) also includes probability of rejection. In each case, the steepest (jagged curve) is the single-value vector (case 3), the middle curve is Zipf vector (case 2) and the shallow curve is uniform vector (case 1)

Performance (a) Verifier and (b) prover times in seconds with N = 50, where (from top to bottom) L has 40, 20, or 10 bits. The x-axis is the vector length m.

More Info Code available for download, soon. Thank you!