Privacy-Preserving Aggregation of Time-Series Data with Public Verifiability from Simple Assumptions
نویسنده
چکیده
Aggregator oblivious encryption was proposed by Shi et al. (NDSS 2011), where an aggregator can compute an aggregated sum of data and is unable to learn anything else (aggregator obliviousness). Since the aggregator does not learn individual data that may reveal users’ habits and behaviors, several applications, such as privacy-preserving smart metering, have been considered. In this paper, we propose aggregator oblivious encryption schemes with public verifiability where the aggregator is required to generate a proof of an aggregated sum and anyone can verify whether the aggregated sum has been correctly computed by the aggregator. Though Leontiadis et al. (CANS 2015) considered the verifiability, their scheme requires an interactive complexity assumption to provide the unforgeability of the proof. Our schemes are proven to be unforgeable under a static and simple assumption (a variant of the Computational Diffie-Hellman assumption). Moreover, our schemes inherit the tightness of the reduction of the Benhamouda et al. scheme (ACM TISSEC 2016) for proving aggregator obliviousness. This tight reduction allows us to employ elliptic curves of a smaller order and leads to efficient implementation.
منابع مشابه
Dynamic Provable Data Possession Protocols with Public Verifiability and Data Privacy
Cloud storage services have become accessible and used by everyone. Nevertheless, stored data are dependable on the behavior of the cloud servers, and losses and damages often occur. One solution is to regularly audit the cloud servers in order to check the integrity of the stored data. The Dynamic Provable Data Possession scheme with Public Verifiability and Data Privacy presented in ACISP’15 ...
متن کاملEfficient Privacy-Preserving Stream Aggregation in Mobile Sensing with Low Aggregation Error
Aggregate statistics computed from time-series data contributed by individual mobile nodes can be very useful for many mobile sensing applications. Since the data from individual node may be privacy-sensitive, the aggregator should only learn the desired statistics without compromising the privacy of each node. To provide strong privacy guarantee, existing approaches add noise to each node’s da...
متن کاملPrivacy-Preserving Verifiability - A Case for an Electronic Exam Protocol
We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal to the verifier about the protocol’s execution more than it needs to know to run the test. Our definition of privacy-preserving verifiability is general and applies to cryptographic protocols as well as human security protocols; however, i...
متن کاملAn Efficient Sealed-bid Auction Protocol with Bid Privacy and Bidder Privacy
In this paper, a sealed-bid auction protocol which mainly focuses on security issues: bid privacy, bidder anonymity and fairness problem is presented. The new proposal is motivated by the conflict between bidder anonymity and DOS (denial-of-service) attack from insider. It utilizes an efficient LPN-based authentication method to accomplish lightweight authentication. In order to share the deter...
متن کاملPrivacy-Preserving Aggregation of Time-Series Data
We consider how an untrusted data aggregator can learn desired statistics over multiple participants’ data, without compromising each individual’s privacy. We propose a construction that allows a group of participants to periodically upload encrypted values to a data aggregator, such that the aggregator is able to compute the sum of all participants’ values in every time period, but is unable t...
متن کامل