Practical and Provably Secure Distributed Aggregation: Verifiable Additive Homomorphic Secret Sharing

Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results are correct and, thus, an output that can be publicly verified is required. However, important security and privacy challenges are raised, since clients may hold sensitive information. In this paper, we propose an approach, called verifiable additive homomorphic secret sharing (VAHSS), to achieve practical and provably secure aggregation of data, while allowing for the clients to protect their secret data and providing public verifiability i.e., everyone should be able to verify the correctness of the computed result. We propose three VAHSS constructions by combining an additive homomorphic secret sharing (HSS) scheme, for computing the sum of the clients\u27 secret inputs, and three different methods for achieving public verifiability, namely: (i) homomorphic collision-resistant hash functions; (ii) linear homomorphic signatures; as well as (iii) a threshold RSA signature scheme. In all three constructions, we provide a detailed correctness, security, and verifiability analysis and detailed experimental evaluations. Our results demonstrate the efficiency of our proposed constructions, especially from the client side

Secure and Privacy-Preserving Cloud-Assisted Computing

Smart devices such as smartphones, wearables, and smart appliances collect significant amounts of data and transmit them over the network forming the Internet of Things (IoT). Many applications in our daily lives (e.g., health, smart grid, traffic monitoring) involve IoT devices that often have low computational capabilities. Subsequently, powerful cloud servers are employed to process the data collected from these devices. Nevertheless, security and privacy concerns arise in cloud-assisted computing settings. Collected data can be sensitive, and it is essential to protect their confidentiality. Additionally, outsourcing computations to untrusted cloud servers creates the need to ensure that servers perform the computations as requested and that any misbehavior can be detected, safeguarding security. Cryptographic primitives and protocols are the foundation to design secure and privacy-preserving solutions that address these challenges. This thesis focuses on providing privacy and security guarantees when outsourcing heavy computations on sensitive data to untrusted cloud servers. More concretely, this work: (a) \ua0provides solutions for outsourcing the secure computation of the sum and the product functions in the multi-server, multi-client setting, protecting the sensitive data of the data owners, even against potentially untrusted cloud servers; (b) \ua0provides integrity guarantees for the proposed protocols, by enabling anyone to verify the correctness of the computed function values. More precisely, the employed servers or the clients (depending on the proposed solution) provide specific values which are the proofs that the computed results are correct; (c) \ua0designs decentralized settings, where multiple cloud servers are employed to perform the requested computations as opposed to relying on a single server that might fail or lose connection; (d) \ua0suggests ways to protect individual privacy and provide integrity. More pre- cisely, we propose a verifiable differentially private solution that provides verifiability and avoids any leakage of information regardless of the participa- tion of some individual’s sensitive data in the computation or not

Verifiable homomorphic secret sharing

In this paper, we explore the multi-server (i.e., multiple servers are employed to perform computations) and multi-client (i.e., multiple clients outsource joint computations on their joint inputs) scenario that avoids single points of failure and provides higher security and privacy guarantees. More precisely, we introduce the notion of verifiable homomorphic secret sharing (VHSS) for multi-input, that allows n clients to outsource joint computations on their joint inputs to m servers without requiring any communication between the clients or the servers; while providing the verifiable capability to any user to confirm that the final output (rather than each share) is correct. Our contributions are two-fold: (i) we provide a detailed example for casting Shamir’s secret sharing scheme over a finite field F as an n-client, m-server, t-secure perfectly secure, additive HSS scheme for the function f that sums n field elements, and (ii) we propose an instantiation of an n-client, m-server, t-secure computationally secure, multiplicative VHSS scheme for the function f that multiplies n elements under the hardness assumption of the fixed inversion problem in bilinear maps

Outsourcing Computations to a Cloud That You Don\u27t Trust

In many application scenarios, data need to be collected, stored and processed. Often sensitive data are collected from IoT devices, which are constrained regarding their resources, and, thus, remote, untrusted cloud servers are required to perform the computations. However, cloud computing raises many security and privacy concerns since cloud providers cannot be fully trustworthy. Data owners want their sensitive information to remain private and expect confidentiality guarantees; while users want to utilize the computations\u27 results and desire correctness guarantees. Furthermore, in some cases, standard cryptographic primitives are not sufficient to ensure that there is no leakage of information. In this work, we focus on the problem of outsourcing joint computations from joint sensitive inputs to multiple untrusted servers, while at the same time achieving public verifiability (i.e., everyone can verify the correctness of the computed result). Additionally, we investigate how to avoid any leakage of information by providing differential privacy guarantees on the outsourced computation. More precisely, we introduce the notion of verifiable homomorphic secret sharing (VHSS) which allows multiple clients to outsource joint computations on multiple servers providing also the capability to verify the correctness of the computed result. We propose a concrete instantiation of VHSS for the function that computes the product of n secret inputs. Besides, we suggest three instantiations of computing the sum of n secret inputs by employing homomorphic collision-resistant hash functions, linearly homomorphic signatures, and a threshold signature scheme, respectively. Moreover, we design a protocol that provides both differential privacy and verifiable computation guarantees for outsourced computations