Privacy-preserving data aggregation using homomorphic encryption
First Claim
Patent Images
1. A method in a device that provides data, the method comprising:
- receiving by the device from a previous device a request for device data that includes a public key and a homomorphic encryption of received data based on the public key;
combining by the device the received public key with a device public key into a combined public key;
generating by the device a homomorphic encryption of device data to be added to the request using the combined public key;
combining by the device the generated homomorphic encryption of the device data with the homomorphic encryption of the received data into a homomorphic encryption of the combined data; and
forwarding by the device to a next device the combined public key and the homomorphic encryption of the combined datawherein (G,·
) is a group and gε
G and the homographic encryption of the device data is represented by the following;
xi=gri
yi=(gs·
gsi)ri·
gmi=gris+s)·
gmi where ri is a device-specific number, gs is the received public key, gs+si is the combined public key, s and si are secrets for the received and device public keys, and mi is the device data andwherein (gr, grs·
gm) is the homomorphic encryption of the received data and where the combined homomorphic encryption of the data is represented by the following;
x′
=gr+ri
y′
=g(r+ri)(s+si)·
gm+mi where x′
is a first component and y′
is a second component of the combined homomorphic encryption represented by (x′
, y′
).
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for collecting data from devices using a homomorphic encryption of the data is provided. A collection system of a device adds contributions to homomorphically encrypted data and forwards the requests to another device. When the device receives a reply to the request, it uncombines its contribution to the homomorphic encryption of the data. The device then forwards the reply to the previous device. The initiator device ultimately removes its contribution to the encryption and identifies the data.
95 Citations
13 Claims
-
1. A method in a device that provides data, the method comprising:
-
receiving by the device from a previous device a request for device data that includes a public key and a homomorphic encryption of received data based on the public key; combining by the device the received public key with a device public key into a combined public key; generating by the device a homomorphic encryption of device data to be added to the request using the combined public key; combining by the device the generated homomorphic encryption of the device data with the homomorphic encryption of the received data into a homomorphic encryption of the combined data; and forwarding by the device to a next device the combined public key and the homomorphic encryption of the combined data wherein (G,·
) is a group and gε
G and the homographic encryption of the device data is represented by the following;
xi=gri
yi=(gs·
gsi )ri ·
gmi =gri s+s)·
gmi where ri is a device-specific number, gs is the received public key, gs+s i is the combined public key, s and si are secrets for the received and device public keys, and mi is the device data andwherein (gr, grs·
gm) is the homomorphic encryption of the received data and where the combined homomorphic encryption of the data is represented by the following;
x′
=gr+ri
y′
=g(r+ri )(s+si )·
gm+mi where x′
is a first component and y′
is a second component of the combined homomorphic encryption represented by (x′
, y′
). - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of collecting information of devices of a cluster, the method comprising:
-
distributing a new public key to devices of the cluster including; receiving from a previous device a request for data that includes a public key and a homomorphic encryption of data including a first component and a second component; sending to one or more key holder devices a request for a key holder public key, the request including the first component of the homomorphic encryption of the received data; receiving from the one or more key holder devices a key holder public key derived from a key holder secret and a key holder device first component that is the first component modified to factor in the key holder public key; combining the one or more key holder public keys with the received public key into the new public key; combining the one or more key holder first components with the received first component into a new first component; providing the new public key to each device of the cluster; and providing the aggregator device of the cluster the second component of the homomorphic encryption; and for each of a plurality of devices of the cluster, sending by that device of the plurality of devices of the cluster to other devices of the cluster shares of information that that device of the plurality of devices of the cluster is to contribute; for each of a plurality of devices of the cluster, sending by that device of the plurality of devices of the cluster to the aggregator device of the cluster a homomorphic encryption of a total of the shares received from other devices of the cluster based on the new public key; and at the aggregator device, adding by the aggregator device the homomorphic encryption of the totals of the shares received from each of the plurality of devices of the cluster into a homomorphic encryption of aggregate data of the cluster. - View Dependent Claims (8, 9)
-
-
10. A method of collecting information of devices of a cluster, the method comprising:
-
distributing a new public key to devices of the cluster; for each of a plurality of devices of the cluster, sending by that device of the plurality of devices of the cluster to other devices of the cluster shares of information that that device of the plurality of devices of the cluster is to contribute; for each of a plurality of devices of the cluster, sending by that device of the plurality of devices of the cluster to an aggregator device a homomorphic encryption of a total of the shares received from other devices of the cluster based on the new public key; and at the aggregator device, adding by the aggregator device the homomorphic encryption of the totals of the shares received from each of the plurality of devices of the cluster into a homomorphic encryption of aggregate data of the cluster wherein (G,·
) is a group and gε
G and the homographic encryption of data is (gr, grs·
gm) with gr being a first component of (G,·
) and grs·
gm being a second component of (G,·
) and wherein a device of the cluster totals shares based on the new public key as represented by the following;
xj=grj
yj=grj si ·
gmj
where xj is a first component for device j and yj is a second component for device j, rj is a device-specific number, gs is the new public key, and mj is the total of the shares sent to the device j. - View Dependent Claims (11, 12)
-
-
13. A computer system configured for collecting data from devices, the system including:
-
a memory storing computer-executable instructions of; a component that receives a request for device data that includes a public key from a previous device and a homomorphic encryption of received data; a component that generates a new public key; a component that homomorphically encrypts a combination of the homomorphic encryption of the received data and device data; a component that forwards the new public key and the homomorphic encryption of the combined data to a next device; a component that receives a reply for data that includes a public key and a homomorphic encryption of collected data a component that uncombines the contribution of the device to the received public key and the homomorphic encryption of the combined data and a component that forwards the reply to the previous device; wherein the device is a cluster device of a cluster that contributes to the collected data by distributing shares of its contribution to other cluster devices and that totals the shares received from other cluster devices and forwards the totals to an aggregator device for aggregating into the total contribution of the cluster; and a processor for executing the computer-executable instructions stored in the memory.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsWang, Jiahe Helen, Huang, Qiang, Jao, David
-
Primary Examiner(s)Moazzami; Nasser
-
Assistant Examiner(s)Louie; Oscar A
-
Application NumberUS11/311,916Publication NumberTime in Patent Office1,828 DaysField of SearchNoneUS Class Current380/30CPC Class CodesH04L 9/008 involving homomorphic encry...H04L 9/30 Public key, i.e. encryption...
