Post-quantum secure private stream aggregation
First Claim
1. A method for operating an aggregator in a private stream aggregation (PSA) system comprising:
- receiving, with a network interface in the aggregator, a plurality of encrypted messages from a plurality of clients, each client in the plurality of clients transmitting one encrypted message in the plurality of encrypted messages, each encrypted message corresponding to a vector in a learning with errors (LWE) public key;
adding, with a processor in the aggregator, the plurality of encrypted messages to generate an aggregate data set corresponding to a sum of the plurality of encrypted messages;
extracting, with the processor, a summation of a plurality of error vectors in the plurality of encrypted messages from the aggregate data set using a predetermined matrix stored in a memory of the aggregator corresponding to a portion of the LWE public key in each encrypted message and a predetermined secret key stored in the memory, the predetermined secret key corresponding to a sum of a plurality of secret keys used by the plurality of clients to generate the plurality of encrypted messages;
multiplying, with the processor, a predetermined gadget matrix stored in the memory with the summation of the plurality of error vectors to generate a summation of encrypted data contained in the plurality of encrypted messages;
decrypting, with the processor, the summation of the encrypted data contained in the plurality of encrypted messages using a private key stored in the memory of the aggregator to generate a plaintext sum of noisy data generated by the plurality of clients; and
generating, with the processor, an output of the plaintext sum of noisy data that preserves differential privacy of each client in the plurality of clients.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for operating an aggregator in a private stream aggregation (PSA) system has been developed. The method includes receiving a plurality of encrypted messages from a plurality of clients, each encrypted message corresponding to a vector in a learning with errors (LWE) public key, adding, the plurality of encrypted messages to generate an aggregate data set, extracting a summation of a plurality of error vectors in the plurality of encrypted messages from the aggregate data set, decrypting the summation of the encrypted data contained in the plurality of encrypted messages using a private key stored in the memory of the aggregator to generate a plaintext sum of noisy data generated by the plurality of clients, and generating, with the processor, an output of the plaintext sum of noisy data that preserves differential privacy of each client in the plurality of clients.
-
Citations
20 Claims
-
1. A method for operating an aggregator in a private stream aggregation (PSA) system comprising:
-
receiving, with a network interface in the aggregator, a plurality of encrypted messages from a plurality of clients, each client in the plurality of clients transmitting one encrypted message in the plurality of encrypted messages, each encrypted message corresponding to a vector in a learning with errors (LWE) public key; adding, with a processor in the aggregator, the plurality of encrypted messages to generate an aggregate data set corresponding to a sum of the plurality of encrypted messages; extracting, with the processor, a summation of a plurality of error vectors in the plurality of encrypted messages from the aggregate data set using a predetermined matrix stored in a memory of the aggregator corresponding to a portion of the LWE public key in each encrypted message and a predetermined secret key stored in the memory, the predetermined secret key corresponding to a sum of a plurality of secret keys used by the plurality of clients to generate the plurality of encrypted messages; multiplying, with the processor, a predetermined gadget matrix stored in the memory with the summation of the plurality of error vectors to generate a summation of encrypted data contained in the plurality of encrypted messages; decrypting, with the processor, the summation of the encrypted data contained in the plurality of encrypted messages using a private key stored in the memory of the aggregator to generate a plaintext sum of noisy data generated by the plurality of clients; and generating, with the processor, an output of the plaintext sum of noisy data that preserves differential privacy of each client in the plurality of clients. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for operating a first client in a private stream aggregation (PSA) system comprising:
-
encrypting, with a processor in the first client, noisy plaintext data using a first public key stored in a memory of the first client to generate an encrypted data vector; sampling, with the processor in the first client, the encrypted data vector to generate an error vector with a Gaussian distribution based on the encrypted data vector; generating, with the processor in the first client, a vector of a learning with errors (LWE) public key using a predetermined matrix stored in the memory of the first client, a predetermined secret key stored in the memory of the first client, and the error vector, the LWE public key being different than the first public key; and transmitting, with a network interface in the first client, a first encrypted message including the vector of the LWE public key to an aggregator. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An aggregator in a private stream aggregation (PSA) system comprising:
-
a network interface configured to receive encrypted messages from a data network; a memory configured to store; a predetermined matrix corresponding to a portion of a learning with errors (LWE) public key; a predetermined gadget matrix; a predetermined secret key; and a private key; and a processor operatively connected to the network interface and the memory, the processor being configured to; receive a plurality of encrypted messages from a plurality of clients with the network interface, each client in the plurality of clients transmitting one encrypted message in the plurality of encrypted messages, each encrypted message corresponding to a vector in an LWE public key; add the plurality of encrypted messages to generate an aggregate data set corresponding to a sum of the plurality of encrypted messages; extract a summation of a plurality of error vectors in the plurality of encrypted messages from the aggregate data set using the predetermined matrix stored in the memory corresponding to a portion of the LWE public key in each encrypted message, and the predetermined secret key stored in the memory, the predetermined secret key corresponding to a sum of a plurality of secret keys used by the plurality of clients to generate the plurality of encrypted messages; multiply the predetermined gadget matrix stored in the memory with the summation of the plurality of error vectors to generate a summation of encrypted data contained in the plurality of encrypted messages; decrypt the summation of the encrypted data contained in the plurality of encrypted messages using the private key stored in the memory to generate a plaintext sum of noisy data generated by the plurality of clients; and generate an output of the plaintext sum of noisy data that preserves differential privacy of each client in the plurality of clients. - View Dependent Claims (18, 19, 20)
-
Specification