Efficient Private Matching for Private Databases

Private matching (PM) is a key cryptographic primitive in secure computation that allows several parties to jointly compute some functions depending on their private inputs. Indeed, this primitive has many practical applications. For instance, in online advertising, two companies may wish to find their common customers for a joint marketing campaign. In this scenario, privacy is of utmost importance and it is imperative to ensure that neither company can learn more than their own data and the results of the match. In recent years, secure computation in general and PM in particular has attracted considerable attention from the research community, partly due to the rise of Big Data along with the ever-increasing privacy concerns. This thesis describes three secure private set intersection (PSI) protocols, one private set union (PSU) construction, and one pattern matching scheme. PM can be considered as a main building block in all these protocols. To securely compute the intersection of two sets of size $2^{20}$ our proposed protocols require only 3 seconds which is $4\times$ faster than the previous best protocol. In the multi-party setting, we provide the first implementation that takes only 72 seconds to compute PSI for 5 parties with data-sets of $2^{20}$ items each. For private set union (PSU), our protocol improves prior work by a factor up to $7,600 \times$ for large instances. In addition, our wild-card pattern matching (WPM) protocol shows over two orders of magnitude faster than the state-of-the-art scheme

Quantum-based Distributed Algorithms for Edge Node Placement and Workload Allocation

Edge computing is a promising technology that offers a superior user experience and enables various innovative Internet of Things applications. In this paper, we present a mixed-integer linear programming (MILP) model for optimal edge server placement and workload allocation, which is known to be NP-hard. To this end, we explore the possibility of addressing this computationally challenging problem using quantum computing. However, existing quantum solvers are limited to solving unconstrained binary programming problems. To overcome this obstacle, we propose a hybrid quantum-classical solution that decomposes the original problem into a quadratic unconstrained binary optimization (QUBO) problem and a linear program (LP) subproblem. The QUBO problem can be solved by a quantum solver, while the LP subproblem can be solved using traditional LP solvers. Our numerical experiments demonstrate the practicality of leveraging quantum supremacy to solve complex optimization problems in edge computing

Compact and Malicious Private Set Intersection for Small Sets

We describe a protocol for two-party private set intersection (PSI) based on Diffie-Hellman key agreement. The protocol is proven secure against malicious parties, in the ideal permutation + random oracle model. For small sets (500 items or fewer), our protocol requires the least time and communication of any known PSI protocol, even ones that are only semi-honest secure and ones that are not based on Diffie-Hellman. It is one of the few significant improvements to the 20-year old classical Diffie-Hellman PSI protocol of Huberman, Franklin, and Hogg (ACM Elec. Commerce 1999). Our protocol is actually a generic transformation that constructs PSI from a class of key agreement protocols. This transformation is inspired by a technique of Cho, Dachman-Soled, and Jarecki (CT-RSA 2016), which we streamline and optimize in several important ways to achieve our superior efficiency

Optimal Workload Allocation for Distributed Edge Clouds With Renewable Energy and Battery Storage

This paper studies an optimal workload allocation problem for a network of renewable energy-powered edge clouds that serve users located across various geographical areas. Specifically, each edge cloud is furnished with both an on-site renewable energy generation unit and a battery storage unit. Due to the discrepancy in electricity pricing and the diverse temporal-spatial characteristics of renewable energy generation, how to optimally allocate workload to different edge clouds to minimize the total operating cost while maximizing renewable energy utilization is a crucial and challenging problem. To this end, we introduce and formulate an optimization-based framework designed for Edge Service Providers (ESPs) with the overarching goal of simultaneously reducing energy costs and environmental impacts through the integration of renewable energy sources and battery storage systems, all while maintaining essential quality-of-service standards. Numerical results demonstrate the effectiveness of the proposed model and solution in maintaining service quality as well as reducing operational costs and emissions. Furthermore, the impacts of renewable energy generation and battery storage on optimal system operations are rigorously analyzed

Simple, Fast Malicious Multiparty Private Set Intersection

We address the problem of multiparty private set intersection against a malicious adversary. First, we show that when one can assume no collusion amongst corrupted parties then there exists an extremely efficient protocol given only symmetric-key primitives. Second, we present a protocol secure against an adversary corrupting any strict subset of the parties. Our protocol is based on the recently introduced primitives: oblivious programmable PRF (OPPRF) and oblivious key-value store (OKVS). Our protocols follow the client-server model where each party is either a client or a server. However, in contrast to previous works where the client has to engage in an expensive interactive cryptographic protocol, our clients need only send a single key to each server and a single message to a {\em pivot} party (where message size is in the order of the set size). Our experiments show that the client\u27s load improves by up to $10 \times$ (compared to both semi-honest and malicious settings) and that factor increases with the number of parties. We implemented our protocol and conducted an extensive experiment over both LAN and WAN and up to 32 parties with up to $2^{20}$ items each. We provide a comparison of the performance of our protocol and the state-of-the-art for both the semi-honest setting (by Chandran et al.) and the malicious setting (by Ben Efraim et al. and Garimella et al.)

Multiparty Private Set Intersection Cardinality and Its Applications

We describe a new paradigm for multi-party private set intersection cardinality (\psica) that allows $n$ parties to compute the intersection size of their datasets without revealing any additional information. We explore a variety of instantiations of this paradigm. Our protocols avoid computationally expensive public-key operations and are secure in the presence of a semi-honest adversary. We demonstrate the practicality of our \psica\ with an implementation. For $n=16$ parties with data-sets of $2^{20}$ items each, our server-aided variant takes 71 seconds. Interestingly, in the server-less setting, the same task takes only 7 seconds. To the best of our knowledge, this is the first `special purpose\u27 implementation of a multi-party \psica\ from symmetric-key techniques (i.e., an implementation that does not rely on a generic underlying MPC). We study two interesting applications -- heatmap computation and associated rule learning (ARL) -- that can be computed securely using a dot-product as a building block. We analyse the performance of securely computing heatmap and ARL using our protocol and compare that to the state-of-the-art

Practical Privacy-Preserving K-means Clustering

Clustering is a common technique for data analysis, which aims to partition data into similar groups. When the data comes from different sources, it is highly desirable to maintain the privacy of each database. In this work, we study a popular clustering algorithm (K-means) and adapt it to the privacy-preserving context. Specifically, to construct our privacy-preserving clustering algorithm, we first propose an efficient batched Euclidean squared distance computation protocol in the adaptive amortizing setting, when one needs to compute the distance from the same point to other points. This protocol can also serve as a key building block in many real-world applications such as Bio-metric Identification. Furthermore, we construct a customized garbled circuit for computing the minimum value among shared values. We implement and evaluate our protocols to demonstrate their practicality and show that they are able to train datasets that are much larger and faster than in the previous work. The numerical results also show that the proposed protocol achieve almost the same accuracy compared to a K-means plain-text clustering algorithm

Efficient Batched Oblivious PRF with Applications to Private Set Intersection

We describe a lightweight protocol for oblivious evaluation of a pseudorandom function (OPRF) in the presence of semi-honest adversaries. In an OPRF protocol a receiver has an input $r$; the sender gets output $s$ and the receiver gets output $F(s,r)$, where $F$ is a pseudorandom function and $s$ is a random seed. Our protocol uses a novel adaptation of 1-out-of-2 OT-extension protocols, and is particularly efficient when used to generate a large batch of OPRF instances. The cost to realize $m$ OPRF instances is roughly the cost to realize $3.5 m$ instances of standard 1-out-of-2 OTs (using state-of-the-art OT extension). We explore in detail our protocol\u27s application to semi-honest secure private set intersection (PSI). The fastest state-of-the-art PSI protocol (Pinkas et al., Usenix 2015) is based on efficient OT extension. We observe that our OPRF can be used to remove their PSI protocol\u27s dependence on the bit-length of the parties\u27 items. We implemented both PSI protocol variants and found ours to be 3.1--3.6$\times$ faster than Pinkas et al.\ for PSI of 128-bit strings and sufficiently large sets. Concretely, ours requires only 3.8 seconds to securely compute the intersection of $2^{20}$-size sets, regardless of the bitlength of the items. For very large sets, our protocol is only $4.3\times$ slower than the {\em insecure} na\ ıve hashing approach for PSI