Results 1  10
of
166
Privacypreserving set operations
 in Advances in Cryptology  CRYPTO 2005, LNCS
, 2005
"... In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no part ..."
Abstract

Cited by 161 (0 self)
 Add to MetaCart
(Show Context)
In many important applications, a collection of mutually distrustful parties must perform private computation over multisets. Each party’s input to the function is his private input multiset. In order to protect these private sets, the players perform privacypreserving computation; that is, no party learns more information about other parties ’ private input sets than what can be deduced from the result. In this paper, we propose efficient techniques for privacypreserving operations on multisets. By employing the mathematical properties of polynomials, we build a framework of efficient, secure, and composable multiset operations: the union, intersection, and element reduction operations. We apply these techniques to a wide range of practical problems, achieving more efficient results than those of previous work.
Mix and Match: Secure Function Evaluation via Ciphertexts (Extended Abstract)
 In Proceedings of Asiacrypt00
, 2000
"... We introduce a novel approach to general secure multiparty computation that avoids the intensive use of verifiable secret sharing characterizing nearly all previous protocols in the literature. Instead, our scheme involves manipulation of ciphertexts for which the underlying private key is shared by ..."
Abstract

Cited by 105 (5 self)
 Add to MetaCart
(Show Context)
We introduce a novel approach to general secure multiparty computation that avoids the intensive use of verifiable secret sharing characterizing nearly all previous protocols in the literature. Instead, our scheme involves manipulation of ciphertexts for which the underlying private key is shared by participants in the computation. The benefits of this protocol include a high degree of conceptual and structural simplicity, low message complexity, and substantial flexibility with respect to input and output value formats. We refer to this new approach as mix and match. While the atomic operations in mix and match are logical operations, rather than full field operations as in previous approaches, the techniques we introduce are nonetheless highly practical for computations involving intensive bitwise manipulation. One application for which mix and match is particularly well suited is that of sealedbid auctions. Thus, as another contribution in this paper, we present a practical, mixandmatchbased auction protocol that is fully private and noninteractive and may be readily adapted to a wide range of auction strategies.
Secure Multiparty Computation for PrivacyPreserving Data Mining
, 2008
"... In this paper, we survey the basic paradigms and notions of secure multiparty computation and discuss their relevance to the field of privacypreserving data mining. In addition to reviewing definitions and constructions for secure multiparty computation, we discuss the issue of efficiency and demon ..."
Abstract

Cited by 92 (0 self)
 Add to MetaCart
(Show Context)
In this paper, we survey the basic paradigms and notions of secure multiparty computation and discuss their relevance to the field of privacypreserving data mining. In addition to reviewing definitions and constructions for secure multiparty computation, we discuss the issue of efficiency and demonstrate the difficulties involved in constructing highly efficient protocols. We also present common errors that are prevalent in the literature when secure multiparty computation techniques are applied to privacypreserving data mining. Finally, we discuss the relationship between secure multiparty computation and privacypreserving data mining, and show which problems it solves and which problems it does not. 1
Differentially Private Aggregation of Distributed TimeSeries with Transformation and Encryption
"... We propose the first differentially private aggregation algorithm for distributed timeseries data that offers good practical utility without any trusted server. This addresses two important challenges in participatory datamining applications where (i) individual users wish to publish temporally co ..."
Abstract

Cited by 88 (3 self)
 Add to MetaCart
(Show Context)
We propose the first differentially private aggregation algorithm for distributed timeseries data that offers good practical utility without any trusted server. This addresses two important challenges in participatory datamining applications where (i) individual users wish to publish temporally correlated timeseries data (such as location traces, web history, personal health data), and (ii) an untrusted thirdparty aggregator wishes to run aggregate queries on the data. To ensure differential privacy for timeseries data despite the presence of temporal correlation, we propose the Fourier Perturbation Algorithm (FPAk). Standard differential privacy techniques perform poorly for timeseries data. To answer n queries, such techniques can result in a noise of Θ(n) to each query answer, making the answers practically useless if n is large. Our FPAk algorithm perturbs the Discrete Fourier Transform of the query answers. For answering n queries, FPAk improves the expected error from Θ(n) to roughly Θ(k) where k is the number of Fourier coefficients that can (approximately) reconstruct all the n query answers. Our experiments show that k ≪ n for many reallife datasets resulting in a huge errorimprovement for FPAk. To deal with the absence of a trusted central server, we propose the Distributed Laplace Perturbation Algorithm (DLPA) to add noise in a distributed way in order to guarantee differential privacy. To the best of our knowledge, DLPA is the first distributed differentially private algorithm that can scale with a large number of users: DLPA outperforms the only other distributed solution for differential privacy proposed so far, by reducing the computational load per user from O(U) to O(1) where U is the number of users. 1
Simple verifiable elections
 In Proceedings of the 2006 USENIX/ACCURATE Electronic Voting Technology Workshop
"... Much work has been done in recent decades to apply sophisticated cryptographic techniques to achieve strong endtoend verifiability in election protocols. The properties of these protocols are much stronger than in any system in general use; however, the complexity of these systems has retarded the ..."
Abstract

Cited by 57 (0 self)
 Add to MetaCart
Much work has been done in recent decades to apply sophisticated cryptographic techniques to achieve strong endtoend verifiability in election protocols. The properties of these protocols are much stronger than in any system in general use; however, the complexity of these systems has retarded their adoption. This paper describes a relatively simple but still effective approach to cryptographic elections. Although not as computationally efficient as previously proposed cryptographic approaches, the work presented herein is intended to be more accessible and therefore more suitable for comparison with other voting systems. 1
Selective private function evaluation with applications to private statistics
 In Proceedings of Twentieth ACM Symposium on Principles of Distributed Computing (PODC
, 2001
"... Motivated by the application of private statistical analysis of large databases, we consider the problem of selective private function evaluation (SPFE). In this problem, a client interacts with one or more servers holding copies of a database z = zt,...,z, in order to compute f(z~t,...,z~,,,) , fo ..."
Abstract

Cited by 56 (9 self)
 Add to MetaCart
(Show Context)
Motivated by the application of private statistical analysis of large databases, we consider the problem of selective private function evaluation (SPFE). In this problem, a client interacts with one or more servers holding copies of a database z = zt,...,z, in order to compute f(z~t,...,z~,,,) , for some function f and indices i = it,...,i, ~ chosen by the client. Ideally, the client must learn nothing more about the database than f(zit,..., zi,,~), and the servers should learn nothing. Generic solutions for this problem, based on standard techniques for secure function evaluation, incur communication complexity that is at least linear in n, making them prohibitive for large databases even when f is relatively simple and m is small. We present various approaches for constructing sublinearcommunication $PFE protocols, both for the general problem and for special cases of interest. Our solutions not only offer sublinear communication complexity, but are also practical in many scenarios. 1.
Privacypreserving decision trees over vertically partitioned data
 IN THE PROCEEDINGS OF THE 19TH ANNUAL IFIP WG 11.3 WORKING CONFERENCE ON DATA AND APPLICATIONS SECURITY
"... Privacy and security concerns can prevent sharing of data, derailing data mining projects. Distributed knowledge discovery, if done correctly, can alleviate this problem. In this paper, we tackle the problem of classification. We introduce a generalized privacy preserving variant of the ID3 algorit ..."
Abstract

Cited by 45 (2 self)
 Add to MetaCart
Privacy and security concerns can prevent sharing of data, derailing data mining projects. Distributed knowledge discovery, if done correctly, can alleviate this problem. In this paper, we tackle the problem of classification. We introduce a generalized privacy preserving variant of the ID3 algorithm for vertically partitioned data distributed over two or more parties. Along with the algorithm, we give a complete proof of security that gives a tight bound on the information revealed.
Fully Private Auctions in a constant number of rounds
, 2002
"... We present a new cryptographic auction protocol that prevents extraction of bid information despite any collusion of participants. This requirement is stronger than common assumptions in existing protocols that prohibit the collusion of certain thirdparties (e.g. distinct auctioneers) . Full privac ..."
Abstract

Cited by 40 (7 self)
 Add to MetaCart
We present a new cryptographic auction protocol that prevents extraction of bid information despite any collusion of participants. This requirement is stronger than common assumptions in existing protocols that prohibit the collusion of certain thirdparties (e.g. distinct auctioneers) . Full privacy is obtained by using homomorphic encryption (e.g. ElGamal) and distributing the private key among the set of bidders. Bidders jointly compute the auction outcome on their own without uncovering any additional information in a constant number of rounds. No auctioneers or other trusted third parties are needed to resolve the auction. Yet, robustness is assured due to public verifiability of the entire protocol. The scheme can be applied to any uniformprice (or socalled (M + 1)stprice) auction. To the best of our knowledge, there is no other cryptographic auction protocol that achieves a similar level of privacy. The selling price is only revealed to the seller and the winning bidders themselves. In addition, we propose schemes that require more rounds but are computationally much more e#cient. 1
Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption
 IN ADVANCES IN CRYPTOLOGY  CRYPTO ’03
, 2003
"... We present a new general multiparty computation protocol for the cryptographic scenario which is universally composable — in particular, it is secure against an active and adaptive adversary, corrupting any minority of the parties. The protocol is as efficient as the best known statically secure so ..."
Abstract

Cited by 37 (5 self)
 Add to MetaCart
We present a new general multiparty computation protocol for the cryptographic scenario which is universally composable — in particular, it is secure against an active and adaptive adversary, corrupting any minority of the parties. The protocol is as efficient as the best known statically secure solutions, in particular the number of bits broadcast (which dominates the complexity) is Ω(nkC), where n is the number of parties, k is a security parameter, and C is the size of a circuit doing the desired computation. Unlike previous adaptively secure protocols for the cryptographic model, our protocol does not use noncommitting encryption, instead it is based on homomorphic threshold encryption, in particular the Paillier cryptosystem.