Fault-Tolerant Privacy-Preserving Statistics
First Claim
1. A method in a first system for performing a computation that is representative of applying a function ƒ
- on a plurality of plaintext data, the method comprising;
receiving a plurality of ciphertext data from a plurality of data producers, the ciphertext data being obtained respectively from the plaintext data using an encryption algorithm of a homomorphic cryptographic system;
producing a computed value from the ciphertext data using a function ƒ
h that is derived from the function ƒ
using a relationship defined by the homomorphic cryptographic system;
sending the computed value to a second system separate from the first system; and
receiving from the second system an extracted value that is based on the computed value, the extracted value representative of a computed result produced by applying the function ƒ
on the plurality of plaintext data.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a protocol for a fault-tolerant, private distributed aggregation model that allows a data consumer to calculate unbounded statistics (weighted sums) over homomorphically encrypted sensitive data items from data producers. The data consumer can choose to calculate over an arbitrary subset of all available data items, thus providing fault tolerance; i.e., failing data producers do not prevent the statistics calculation. A key-managing authority ensures differential privacy before responding to the data consumer'"'"'s decryption request for the homomorphically encrypted statistics result, thus preservation the data'"'"'s producer'"'"'s privacy. Security against malicious data consumers is provided along with aggregator obliviousness, differential privacy in a unidirectional communication model between data producers and data consumers.
-
Citations
20 Claims
-
1. A method in a first system for performing a computation that is representative of applying a function ƒ
- on a plurality of plaintext data, the method comprising;
receiving a plurality of ciphertext data from a plurality of data producers, the ciphertext data being obtained respectively from the plaintext data using an encryption algorithm of a homomorphic cryptographic system; producing a computed value from the ciphertext data using a function ƒ
h that is derived from the function ƒ
using a relationship defined by the homomorphic cryptographic system;sending the computed value to a second system separate from the first system; and receiving from the second system an extracted value that is based on the computed value, the extracted value representative of a computed result produced by applying the function ƒ
on the plurality of plaintext data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- on a plurality of plaintext data, the method comprising;
-
9. A system comprising:
-
a central processing unit; and a data storage device having stored thereon computer executable program code, wherein when the central processing unit executes the computer executable program code, the central processing unit; receives a plurality of ciphertext data from a plurality of data producers, the ciphertext data being obtained respectively from the plaintext data using an encryption algorithm of a homomorphic cryptographic system; produces a computed value from the ciphertext data using a function ƒ
h that is derived from the function ƒ
using a relationship defined by the homomorphic cryptographic system;sends the computed value to a decryption system separate from the system; and receives from the decryption system an extracted value that is based on the computed value, the extracted value representative of a computed result produced by applying the function f on the plurality of plaintext data. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium having stored thereon computer executable program code, which when executed by a computer system causes the system to perform steps of:
-
receiving a plurality of ciphertext data from a plurality of data producers, the ciphertext data being obtained respectively from the plaintext data using an encryption algorithm of a homomorphic cryptographic system; producing a computed value from the ciphertext data using a function ƒ
h that is derived from the function ƒ
using a relationship defined by the homomorphic cryptographic system;sending the computed value to a second system separate from the first system; and receiving from the second system an extracted value that is based on the computed value, the extracted value representative of a computed result produced by applying the function ƒ
on the plurality of plaintext data. - View Dependent Claims (17, 18, 19, 20)
-
Specification