16 research outputs found
What Storage Access Privacy is Achievable with Small Overhead?
Oblivious RAM (ORAM) and private information retrieval (PIR) are classic
cryptographic primitives used to hide the access pattern to data whose storage
has been outsourced to an untrusted server. Unfortunately, both primitives
require considerable overhead compared to plaintext access. For large-scale
storage infrastructure with highly frequent access requests, the degradation in
response time and the exorbitant increase in resource costs incurred by either
ORAM or PIR prevent their usage. In an ideal scenario, a privacy-preserving
storage protocols with small overhead would be implemented for these heavily
trafficked storage systems to avoid negatively impacting either performance
and/or costs. In this work, we study the problem of the best $\mathit{storage\
access\ privacy}\mathit{small\ overhead}\mathit{differential\ privacy\ access}\mathit{oblivious\ access}\epsilon = \Omega(\log n)\epsilon = \Theta(\log n)O(1)\epsilon = \Theta(\log n)O(\log\log n)$
overhead. This construction uses a new oblivious, two-choice hashing scheme
that may be of independent interest.Comment: To appear at PODS'1
Zero Knowledge Arguments for Verifiable Sampling
International audienceIn privacy-preserving machine learning, it is less obvious to verify correct behavior of participants because they are not supposed to reveal their inputs in cleartext to other participants. It is hence important to make federated machine learning robust against data poisoning and related attacks. While input data can be related to a distributed ledger (blockchain), a less studied input is formed by the random sampling parties perform. In this paper, we describe strategies based on zero knowledge proofs to allow parties to prove they perform sampling (and other computations) correctly. We sketch a number of alternative ways to implement our idea and provide some preliminary experimental results
Differentially Private Secure Multiplication: Hiding Information in the Rubble of Noise
We consider the problem of private distributed multi-party multiplication. It
is well-established that Shamir secret-sharing coding strategies can enable
perfect information-theoretic privacy in distributed computation via the
celebrated algorithm of Ben Or, Goldwasser and Wigderson (the "BGW algorithm").
However, perfect privacy and accuracy require an honest majority, that is, compute nodes are required to ensure privacy against any
colluding adversarial nodes. By allowing for some controlled amount of
information leakage and approximate multiplication instead of exact
multiplication, we study coding schemes for the setting where the number of
honest nodes can be a minority, that is We develop a tight
characterization privacy-accuracy trade-off for cases where by
measuring information leakage using {differential} privacy instead of perfect
privacy, and using the mean squared error metric for accuracy. A novel
technical aspect is an intricately layered noise distribution that merges ideas
from differential privacy and Shamir secret-sharing at different layers.Comment: Extended version of papers presented in IEEE ISIT 2022, IEEE ISIT
2023 and TPDP 202
Distributed Differentially Private Averaging with Improved Utility and Robustness to Malicious Parties
Learning from data owned by several parties, as in federated learning, raises
challenges regarding the privacy guarantees provided to participants and the
correctness of the computation in the presence of malicious parties. We tackle
these challenges in the context of distributed averaging, an essential building
block of distributed and federated learning. Our first contribution is a novel
distributed differentially private protocol which naturally scales with the
number of parties. The key idea underlying our protocol is to exchange
correlated Gaussian noise along the edges of a network graph, complemented by
independent noise added by each party. We analyze the differential privacy
guarantees of our protocol and the impact of the graph topology, showing that
we can match the accuracy of the trusted curator model even when each party
communicates with only a logarithmic number of other parties chosen at random.
This is in contrast with protocols in the local model of privacy (with lower
accuracy) or based on secure aggregation (where all pairs of users need to
exchange messages). Our second contribution is to enable users to prove the
correctness of their computations without compromising the efficiency and
privacy guarantees of the protocol. Our construction relies on standard
cryptographic primitives like commitment schemes and zero knowledge proofs.Comment: 39 page