Private Aggregation from Fewer Anonymous Messages

Consider the setup where $n$ parties are each given a number $x_i \in \mathbb{F}_q$ and the goal is to compute the sum $\sum_i x_i$ in a secure fashion and with as little communication as possible. We study this problem in the anonymized model of Ishai et al. (FOCS 2006) where each party may broadcast anonymous messages on an insecure channel. We present a new analysis of the one-round "split and mix" protocol of Ishai et al. In order to achieve the same security parameter, our analysis reduces the required number of messages by a $\Theta(\log n)$ multiplicative factor. We complement our positive result with lower bounds showing that the dependence of the number of messages on the domain size, the number of parties, and the security parameter is essentially tight. Using a reduction of Balle et al. (2019), our improved analysis of the protocol of Ishai et al. yields, in the same model, an $\left(\varepsilon, \delta\right)$-differentially private protocol for aggregation that, for any constant $\varepsilon > 0$ and any $\delta = \frac{1}{\mathrm{poly}(n)}$, incurs only a constant error and requires only a constant number of messages per party. Previously, such a protocol was known only for $\Omega(\log n)$ messages per party.Comment: 31 pages; 1 tabl

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

A Multi-User, Single-Authentication Protocol for Smart Grid Architectures

open access articleIn a smart grid system, the utility server collects data from various smart grid devices. These data play an important role in the energy distribution and balancing between the energy providers and energy consumers. However, these data are prone to tampering attacks by an attacker, while traversing from the smart grid devices to the utility servers, which may result in energy disruption or imbalance. Thus, an authentication is mandatory to efficiently authenticate the devices and the utility servers and avoid tampering attacks. To this end, a group authentication algorithm is proposed for preserving demand–response security in a smart grid. The proposed mechanism also provides a fine-grained access control feature where the utility server can only access a limited number of smart grid devices. The initial authentication between the utility server and smart grid device in a group involves a single public key operation, while the subsequent authentications with the same device or other devices in the same group do not need a public key operation. This reduces the overall computation and communication overheads and takes less time to successfully establish a secret session key, which is used to exchange sensitive information over an unsecured wireless channel. The resilience of the proposed algorithm is tested against various attacks using formal and informal security analysis

Pure-DP Aggregation in the Shuffle Model: Error-Optimal and Communication-Efficient

We obtain a new protocol for binary counting in the $\varepsilon$-shuffle-DP model with error $O(1/\varepsilon)$ and expected communication $\tilde{O}\left(\frac{\log n}{\varepsilon}\right)$ messages per user. Previous protocols incur either an error of $O(1/\varepsilon^{1.5})$ with $O_\varepsilon(\log{n})$ messages per user (Ghazi et al., ITC 2020) or an error of $O(1/\varepsilon)$ with $O_\varepsilon(n^{2.5})$ messages per user (Cheu and Yan, TPDP 2022). Using the new protocol, we obtained improved $\varepsilon$-shuffle-DP protocols for real summation and histograms

Prochlo: Strong Privacy for Analytics in the Crowd

The large-scale monitoring of computer users' software activities has become commonplace, e.g., for application telemetry, error reporting, or demographic profiling. This paper describes a principled systems architecture---Encode, Shuffle, Analyze (ESA)---for performing such monitoring with high utility while also protecting user privacy. The ESA design, and its Prochlo implementation, are informed by our practical experiences with an existing, large deployment of privacy-preserving software monitoring. (cont.; see the paper

Enhancing the Digital Backchannel Backstage on the Basis of a Formative User Study

Contemporary higher education with its large audiences suffers from passivity of students. Enhancing the classroom with a digital backchannel can contribute to establishing and fostering active participation of and collaboration among students in the lecture. Therefore, we conceived the digital backchannel Backstage specifically tailored for the use in large classes. At an early phase of development we tested its core functionalities in a small-scale user study. The aim of the study was to gain first impressions of its adoption, and also to form a basis for further steps in the conception of Backstage. Regarding adoption we particularly focused on how Backstage influences the participants' questioning behavior, a salient aspect in learning. We observed that during the study much more questions were uttered on Backstage than being asked without backchannel support. Regarding the further development of Backstage we capitalized on the participants' usability feedback. The key of the refinement is the integration of presentation slides in Backstage, which leads to an interesting reconsideration of the user interactions of Backstage