Revisiting Private Stream Aggregation: Lattice-Based PSA

Abstract: Abstract-In this age of massive data gathering for purposes of personalization, targeted ads, etc. there is an increased need for technology that allows for data analysis in a privacy-preserving manner. Private Stream Aggregation as introduced by Shi et al. (NDSS 2011) allows for the execution of aggregation operations over privacy-critical data from multiple data sources without placing trust in the aggregator and while maintaining differential privacy guarantees. We propose a generic PSA scheme, LaPS, base… Show more

“…independent of the number of clients. Becker et al have also proposed a PSA scheme in the standard model, but without labels [9]. They roughly explain how to extend their scheme to support labels, but they provide no security proof of this extension.…”

“…Becker et al propose a generic PSA scheme [9] that can be instantiated with an additively homomorphic encryption scheme, where the addition of ciphertexts corresponds to the addition of plaintexts, with the additional property that the ciphertexts are indistinguishable from random strings. The security of their scheme relies on the Learning with Errors (LWE) assumption, or its ring variant, and is proven to be secure in the standard model.…”

“…Except for [9] all other PSA schemes, including ours, have the restriction that every client must only encrypt one message per label. However, this restriction is also reasonable from a security perspective, because even a perfectly secure PSA scheme leaks information about individual client values, if a client encrypts more than one message per label.…”

“…We give more details on this in Section 4.4. Advantages of our scheme over [9] are that our scheme has a security proof for the case that labels are used and that it is much simpler. Our scheme relies on keyhomomorphic PRFs while theirs needs an additively homomorphic public key encryption scheme with ciphertexts indistinguishable from random.…”

“…Table 2 shows the exact numbers of the average running time of our scheme and [25] for different numbers of users. Table 3 shows the running time of [23] and [9] taken from the respective papers.…”

Private Stream Aggregation with Labels in the Standard Model

“…independent of the number of clients. Becker et al have also proposed a PSA scheme in the standard model, but without labels [9]. They roughly explain how to extend their scheme to support labels, but they provide no security proof of this extension.…”

“…Becker et al propose a generic PSA scheme [9] that can be instantiated with an additively homomorphic encryption scheme, where the addition of ciphertexts corresponds to the addition of plaintexts, with the additional property that the ciphertexts are indistinguishable from random strings. The security of their scheme relies on the Learning with Errors (LWE) assumption, or its ring variant, and is proven to be secure in the standard model.…”

“…Except for [9] all other PSA schemes, including ours, have the restriction that every client must only encrypt one message per label. However, this restriction is also reasonable from a security perspective, because even a perfectly secure PSA scheme leaks information about individual client values, if a client encrypts more than one message per label.…”

“…We give more details on this in Section 4.4. Advantages of our scheme over [9] are that our scheme has a security proof for the case that labels are used and that it is much simpler. Our scheme relies on keyhomomorphic PRFs while theirs needs an additively homomorphic public key encryption scheme with ciphertexts indistinguishable from random.…”

“…Table 2 shows the exact numbers of the average running time of our scheme and [25] for different numbers of users. Table 3 shows the running time of [23] and [9] taken from the respective papers.…”

Private Stream Aggregation with Labels in the Standard Model

Cryptonite: A Framework for Flexible Time-Series Secure Aggregation with Non-interactive Fault Recovery

Cryptonomial: A Framework for Private Time-Series Polynomial Calculations