Privacy-preserving aggregation of Time-series data
First Claim
1. A method for sharing sensitive data with a data aggregator, the method comprising:
- determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero;
selecting, at a client computer, a set of data values associated with the local user;
encrypting individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value; and
sending the set of encrypted data values to the data aggregator;
wherein the set of data values includes a time series, wherein the private key is determined prior to encrypting the individual data values in the time series, wherein the aggregate value includes a summation of the individual values associated with the set of users; and
wherein encrypting an individual data value xi,t for a user i and time period t involves computing an expression;
ci,t=gxi,t·
H(t)ski wherein ci,t is an encrypted value associated with user i and time period t, wherein g is a generator, wherein ski is a private key associated with user i, and wherein H(t) is a hash function.
7 Assignments
0 Petitions
Accused Products
Abstract
A private stream aggregation (PSA) system contributes a user'"'"'s data to a data aggregator without compromising the user'"'"'s privacy. The system can begin by determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero. The system also selects a set of data values associated with the local user. Then, the system encrypts individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value. The system also sends the set of encrypted data values to the data aggregator.
-
Citations
18 Claims
-
1. A method for sharing sensitive data with a data aggregator, the method comprising:
-
determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero; selecting, at a client computer, a set of data values associated with the local user; encrypting individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value; and sending the set of encrypted data values to the data aggregator; wherein the set of data values includes a time series, wherein the private key is determined prior to encrypting the individual data values in the time series, wherein the aggregate value includes a summation of the individual values associated with the set of users; and wherein encrypting an individual data value xi,t for a user i and time period t involves computing an expression;
ci,t=gxi,t ·
H(t)ski wherein ci,t is an encrypted value associated with user i and time period t, wherein g is a generator, wherein ski is a private key associated with user i, and wherein H(t) is a hash function. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for sharing sensitive data with a data aggregator, the method comprising:
-
determining a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero; selecting a set of data values associated with the local user; encrypting individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value; and sending the set of encrypted data values to the data aggregator; wherein the set of data values includes a time series, wherein the private key is determined prior to encrypting the individual data values in the time series, and wherein the aggregate value includes a product of the individual values associated with the set of users; and wherein encrypting an individual data value xi,t for a user i and time period t involves computing an expression;
ci,t=xi,t·
H(t)ski wherein ci,t is the encrypted value associated with user i and time period t, wherein ski is a private key associated with user i, and wherein H(t) is a hash function. - View Dependent Claims (8, 9, 10, 15, 16)
-
-
11. An apparatus for sharing sensitive data with a data aggregator, the method comprising:
-
a setup mechanism configured to determine a private key for a local user in a set of users, wherein the sum of the private keys associated with the set of users and the data aggregator is equal to zero; an encrypt mechanism configured to; select a set of data values associated with the local user; and encrypt individual data values in the set based in part on the private key to produce a set of encrypted data values, thereby allowing the data aggregator to decrypt an aggregate value across the set of users without decrypting individual data values associated with the set of users, and without interacting with the set of users while decrypting the aggregate value; and a communication mechanism configured to send the set of encrypted data values to the data aggregator; wherein the set of data values includes a time series, wherein the private key is determined prior to encrypting the individual data values in the time series, and wherein the aggregate value includes a summation of the individual values associated with the set of users; and wherein while encrypting an individual data value xi,t for a user i and time period t, the encrypt mechanism is further configured to compute an expression;
ci,t=gxi,t ·
H(t)ski wherein ci,t is an encrypted value associated with user i and time period t, wherein g is a generator, wherein ski is a private key associated with user i, and wherein H(t) is a hash function. - View Dependent Claims (12, 13, 14, 17, 18)
-
Specification