Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Computation of Surveys Joan Feigenbaum Benny Pinkas Raphael S. Ryger Felipe Saint Jean Workshop on Secure Multiparty Protocols (SMP 2004)

Published byRuby Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Computation of Surveys Joan Feigenbaum Benny Pinkas Raphael S. Ryger Felipe Saint Jean Workshop on Secure Multiparty Protocols (SMP 2004)"— Presentation transcript:

1 Secure Computation of Surveys Joan Feigenbaum Benny Pinkas Raphael S. Ryger Felipe Saint Jean Workshop on Secure Multiparty Protocols (SMP 2004)

2 Surveys and other Naturally Centralized Multiparty Computations ● Consider – Sealed-bid auctions – Elections – Referenda – Surveys ● Each participant weighs the hoped-for payoffs against any revelation penalty (“loss of privacy”) and is concerned that the computation be fault-free and honest. ● The implementor, in control of the central computation, must configure auxiliary payoffs and privacy assurances to encourage (honest) participation.

3 CRA Taulbee Survey: Computer Science Faculty Salaries ● Computer science departments in four tiers, 12 + 12 + 12 + all the rest ● Academic faculty in four ranks: full, associate, and assistant professors, and non-tenure-track teaching faculty ● Intention: Convey salary distribution statistics per tier-rank to the community at large without revealing department-specific information.

4 CRA Taulbee Survey: The Current Computation ● Inputs, per department and faculty rank: – Minimum – Maximum – Median – Mean ● Outputs, per tier and faculty rank: – Minimum, maximum, mean of department minima – Minimum, maximum, mean of department maxima – Median of department means (not weighted) – Mean (weighted mean of department means)

5 CRA Taulbee Survey: The Problem ● CRA wishes to provide fuller statistics than the meager data currently collected can support. ● The current level of data collection already compromises department-specific information. Asking for submission of full faculty-salary information greatly raises the threshold for trust in CRA's intentions and its security competence. Furthermore, detailed disclosure, even if anonymized, may be explicitly prohibited by the school. ● Hence, there is a danger of significant non- participation in the Taulbee Survey.

6 Communication Pattern: General Secure Function Evaluation

7 Communication Pattern: Surveys (Insecure, Natural Computation), or SFE “Ideal Model” (Trusted Party)

8 Communication Pattern: M-for-N-Party Secure Function Evaluation

9 Real-World Human-Input Network Computation ● Opportunistic participation: Input is provided if/when humans, computers, and networking are available and operative. The exact participation is not predictable. ● The “function” being computed, then, is not known until the input-collection phase is closed, at which point the participants are generally no longer available for interaction. ● Solution: Two major modular phases, – secure collection of (“N”) inputs into M-node hub – M-party secure function evaluation ● The entire process to be supervised by a control node.

10 CRA Taulbee Survey: Secure Input Collection Participant Control Register

11 CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID

12 CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID Compute 1 Compute 2 Session ID, Data Shares Session ID, Data Shares

13 CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID Compute 1 Compute 2 Session ID, Data Shares Session ID, Data Shares Session ID, # Data Points Session ID, # Data Points

14 CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID Acknowledgment Compute 1 Compute 2 Session ID, Data Shares Session ID, Data Shares Session ID, # Data Points Session ID, # Data Points

15 CRA Taulbee Survey: Securely evaluate what function(s)? ● The implemented prototype supports secure computation of salary distribution statistics in each tier-rank. ● Exactly the same approach is applicable to the secure computation of distribution statistics for the departmental rank aggregates – minima, maxima, medians, and means – for each rank, for each tier. ● The approach strives to compute as little as possible securely, a minimal secure computation feeding a postprocessing phase that computes the statistics CRA wishes to publish.

16 CRA Taulbee Survey: The Proposed Computation (1) ● Secure input collection (control aside): – Salary and rank data entry by department head – Per rank, in JavaScript, computation of XOR shares of the individual salaries for the two (M = 2) computation servers – Per rank, HTTPS transmission of XOR shares to their respective computation servers CRA closes the input-collection phase, and then...

17 CRA Taulbee Survey: The Proposed Computation (2) ● Per tier and rank, construction of a Boolean circuit to – reconstruct inputs by XOR-ing their shares – sort the inputs in an odd-even sorting network ● Secure computation, per tier and rank: – Fairplay implementation of the Yao two-party SFE protocol for the constructed circuit and the collected input shares – output is a sorted list of all salaries in the tier-rank ● Postprocessing, per tier and rank: – arbitrary, insecure computation on the sorted, cross-departmental salary list

18 Open Questions ● Input “sanity checking” in a privacy-preserving system lacking strong natural incentives for truthfulness and accuracy: – data-entry error trapping – detection/deterrence of intentional, possibly gross misrepresentation by participants ● Traditional SFE considerations regarding maliciousness, as they arise in the M-for-N-party protocol setting ● Economy of the core (symmetric) SFE protocols ● Economy of the Boolean circuits and of their generation. ● The legal difficulty: uncharted territory.

Download ppt "Secure Computation of Surveys Joan Feigenbaum Benny Pinkas Raphael S. Ryger Felipe Saint Jean Workshop on Secure Multiparty Protocols (SMP 2004)"

Similar presentations

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Promotion and Tenure Workshop for MUSM Faculty A Faculty Development Opportunity Mercer University School of Medicine 2012.

Promotion and Tenure Workshop for MUSM Faculty A Faculty Development Opportunity Mercer University School of Medicine 2012.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto
Oblivious Branching Program Evaluation

Oblivious Branching Program Evaluation
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.

Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.
Privacy Preserving Auctions and Mechanism Design Moni Naor Benny Pinkas Reuben Sumner Presented by: Raffi Margaliot.

Privacy Preserving Auctions and Mechanism Design Moni Naor Benny Pinkas Reuben Sumner Presented by: Raffi Margaliot.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.

1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
Www.mobilevce.com © 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
Facilitators: Janet Lange and Bob Munn

Facilitators: Janet Lange and Bob Munn
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
1 Progress on the PORTIA Project JOAN FEIGENBAUM March 21, 2005; Rutgers.

1 Progress on the PORTIA Project JOAN FEIGENBAUM March 21, 2005; Rutgers.
Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.

Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.
Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.

Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.

Similar presentations

Ads by Google