DOCSLIB.ORG

Private-Key Fully Homomorphic Encryption for Private Classification of Medical Data

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Private-Key Fully Homomorphic Encryption for Private Classification of Medical Data City University of New York (CUNY) CUNY Academic Works All Dissertations, Theses, and Capstone Projects Dissertations, Theses, and Capstone Projects 9-2018 Private-Key Fully Homomorphic Encryption for Private Classification of Medical Data Alexander N. Wood The Graduate Center, City University of New York How does access to this work benefit ou?y Let us know! More information about this work at: https://academicworks.cuny.edu/gc_etds/2888 Discover additional works at: https://academicworks.cuny.edu This work is made publicly available by the City University of New York (CUNY). Contact: [email protected] Private-Key Fully Homomorphic Encryption for Private Classification of Medical Data by Alexander Nicolas Wood A dissertation submitted to the Graduate Faculty in Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy, The City University of New York 2018 ii c 2018 Alexander Nicolas Wood All Rights Reserved iii Private-Key Fully Homomorphic Encryption for Private Classification of Medical Data by Alexander Nicolas Wood This manuscript has been read and accepted by the Graduate Faculty in Computer Science in satisfaction of the dissertation requirement for the degree of Doctor of Philosophy. Date Delaram Kahrobaei Chair of Examining Committee Date Robert M. Haralick Executive Officer Supervisory Committee: Robert M. Haralick Delaram Kahrobaei Ali Mostashari Kayvan Najarian Vladimir Shpilrain The City University of New York iv Abstract Private-Key Fully Homomorphic Encryption for Private Classification of Medical Data by Alexander Nicolas Wood Advisor: Professor Delaram Kahrobaei A wealth of medical data is inaccessible to researchers and clinicians due to privacy restrictions such as HIPAA. Clinicians would benefit from access to predictive models for diagnosis, such as classification of tumors as malignant or benign, without compromising patients’ privacy. In addition, the medical institutions and companies who own these medical information systems wish to keep their models private when used by outside parties. Fully homomorphic encryption (FHE) enables practical polynomial computation over encrypted data. This dissertation begins with coverage of speed and security improvements to existing private-key fully homomorphic encryption methods. Next this dissertation presents a protocol for third-party private search using private-key FHE. Finally, fully homomorphic protocols for polynomial machine learning algorithms are presented using privacy-preserving Naive Bayes and Decision Tree classifiers. These protocols allow clients to privately classify their data points without direct access to the learned model. Experiments using these classifiers are run using publicly available medical data sets. These protocols are applied to the task of privacy-preserving classification of real-world medical data. Results show that private-key fully homomorphic encryption is able to provide fast and accurate results for privacy-preserving medical classification. Acknowledgments This work would not have been possible without the financial support of the Office of Naval Research, the CUNY Computer Science Fellowship, the CUNY Mathematics Fellowship, the CUNY Summer Fellowship, and the Hunter College University Fellowship. I am indebted to Dr. Delaram Kahrobaei, Professor of Computer Science at The Graduate Center, CUNY, and the chairperson of my committee. Her guidance and expertise were fundamental to my success and taught me the importance of bridging theory and practice. I am forever grateful for the research opportunities she offered and the mentoring she provided. Furthermore, I would like to thank each of the members of the committee for their in- valuable feedback and unwavering support. Professor Kayvan Najarian has been a dedicated mentor throughout the research process. I am indebted to him for his confidence in my abil- ity as a researcher as well as for hosting me at the University of Michigan. I am grateful and indebted to Professor Vladimir Shpilrain for generously sharing his mathematical insights and expertise. Furthermore, I would like to thank Professor Robert Haralick for providing crucial feedback and comments, which led to a great deal of improvements in my final dis- sertation. I am grateful for the support of Dr. Ali Mostashari, an industry collaborator and committee member whose generous advice helped shape my research. Moreover, I would like to thank Jonathan Gryak for his advice and support through the years and his generous feedback which led to improvements in my dissertation. Last but not least, I would like to thank my family and friends who have offered invaluable support during v vi pursuit of this project. I would like to thank Professor Katia Perea, whose kind and patient friendship made this work possible. Finally, I would like to thank George and Roberta Tabb for always believing in me, for their unconditional love and support, and for their assistance in proofing and editing. Contents 1 Introduction 1 1.1 Contribution . .3 2 Terminology 5 2.1 Machine Learning . .5 2.1.1 Performance Measures . .6 2.2 Privacy-Preserving Classification . .8 2.2.1 Model . .9 2.3 Parallelization via SIMD . 10 2.4 Fully Homomorphic Encryption . 11 2.4.1 Private-Key Fully Homomorphic Encryption . 12 2.4.2 Leveled, Somewhat, and Partially Homomorphic Encryption . 14 2.4.3 Notation . 14 3 Background 15 3.1 Differential Privacy . 16 3.2 Privacy-preserving Classification . 17 3.2.1 ML Confidential . 17 3.2.2 The Simple Encrypted Arithmetic Library (SEAL) . 20 vii CONTENTS viii 3.2.3 SEAL for Classification via Neural Networks . 21 3.2.4 Other Cryptographic Methods . 22 3.3 Fully Homomorphic Encryption Schemes . 25 3.4 The First FHE Schemes . 26 3.4.1 Gentry’s Fully Homomorphic Encryption . 26 3.5 Second-Generation FHE and Beyond . 29 3.5.1 The Learning With Errors Problem . 30 3.5.2 The Brakerski-Gentry-Vaikuntanathan (BGV) Scheme . 32 3.5.3 HElib . 34 3.5.4 Yet Another Somewhat Homomorphic Encryption Scheme (YASHE) . 34 3.5.5 Fan-Vercauteren (FV) Encryption . 36 3.5.6 Third-Generation Public-Key FHE: Recent Developments . 38 3.6 Gribov-Kahrobaei-Shpilrain (GKS) Encryption . 38 3.7 Encoding Data for Fully Homomorphic Computation . 40 3.7.1 Fully Homomorphic Encoding in SEAL . 41 3.7.2 Fully homomorphic encoding in GKS . 43 3.8 Conclusions . 43 4 Implementation of the Gribov-Kahrobaei-Shpilrain (GKS) Scheme 45 4.1 Fully Homomorphic Encoding of Real-World Values in GKS . 46 4.2 Parallelization via SIMD . 47 4.3 Generating the Triangular Basis Transformation . 52 4.3.1 Algorithms for Triangular Basis Implementation . 53 4.4 Homomorphic Evaluation . 58 4.5 Computational Complexity . 60 4.6 Generating Encryptions of Zero . 60 CONTENTS ix 4.7 Experimental Performance . 61 4.7.1 Performance Comparison . 64 4.8 Conclusion . 66 5 Privacy-Preserving Naive Bayes Classification 67 5.1 Naive Bayes Classification . 69 5.2 Proposed Method for Fully Homomorphic Naive Bayes Classification . 71 5.2.1 Privacy-Preserving Argmax Protocol . 73 5.3 Security . 77 5.4 Implementation . 78 5.5 Evaluation . 78 5.6 Discussion . 80 5.6.1 Computational Bottlenecks . 81 5.6.2 Comparison to Other Classifiers . 82 5.7 Conclusions . 83 6 Third Party Private Search via Fully Homomorphic Encryption 84 6.1 Introduction . 84 6.2 Model . 87 6.3 Building Blocks . 89 6.3.1 Secure Modular Reduction (SMR) . 89 6.4 Third Party Private Search (TPPS) Protocol . 90 6.5 TPPS Over Encrypted Data . 91 6.6 Correctness . 93 6.7 Security . 93 6.8 Implementation . 94 6.8.1 Secure Modular Reduction . 94 CONTENTS x 6.8.2 Fully Homomorphic Encryption . 96 6.9 Minimization of Prediction Error . 97 6.10 Large Database Extension . 99 6.10.1 Unencrypted Model . 99 6.10.2 Encrypted Model . 101 6.11 Evaluation . 101 6.12 Discussion . 103 6.12.1 Computational Bottlenecks . 103 6.12.2 Comparison . 104 6.13 Conclusions . 106 7 Privacy-Preserving Decision Tree Classification 108 7.1 Introduction . 108 7.2 Classification and Regression Tree (CART) . 109 7.2.1 Growing Classification Trees . 110 7.2.2 Classification of New Data Points . 113 7.3 Methodologies . 113 7.3.1 Randomizing Trees . 113 7.3.2 Complete Tree Randomization . 115 7.3.3 Oblivious Transfer . 116 7.4 Tree Representation and Decision Tree Classification . 118 7.5 Private Decision Tree Classification Protocol . 120 7.5.1 Private Node Evaluation . 122 7.6 Security . 123 7.7 Implementation . 124 7.7.1 Tree Randomization . 124 CONTENTS xi 7.7.2 Oblivious Transfer . 125 7.8 Evaluation . 126 7.9 Discussion . 127 7.9.1 Computational Bottlenecks . 127 7.9.2 Comparison . 128 7.10 Conclusion . 129 8 Conclusions 130 8.1 Future Work . ..
Load more

Recommended publications
  • Fundamentals of Fully Homomorphic Encryption – a Survey
    Electronic Colloquium on Computational Complexity, Report No. 125 (2018) Fundamentals of Fully Homomorphic Encryption { A Survey Zvika Brakerski∗ Abstract A homomorphic encryption scheme is one that allows computing on encrypted data without decrypting it first. In fully homomorphic encryption it is possible to apply any efficiently com- putable function to encrypted data. We provide a survey on the origins, definitions, properties, constructions and uses of fully homomorphic encryption. 1 Homomorphic Encryption: Good, Bad or Ugly? In the seminal RSA cryptosystem [RSA78], the public key consists of a product of two primes ∗ N = p · q as well as an integer e, and the message space is the set of elements in ZN . Encrypting a message m involved simply raising it to the power e and taking the result modulo N, i.e. c = me (mod N). For the purpose of the current discussion we ignore the decryption process. It is not hard to see that the product of two ciphertexts c1 and c2 encrypting messages m1 and m2 allows e to compute the value c1 · c2 (mod N) = (m1m2) (mod N), i.e. to compute an encryption of m1 · m2 without knowledge of the secret private key. Rabin's cryptosystem [Rab79] exhibited similar behavior, where a product of ciphertexts corresponded to an encryption of their respective plaintexts. This behavior can be expressed in formal terms by saying that the ciphertext space and the plaintext space are homomorphic (multiplicative) groups. The decryption process defines the homomorphism by mapping a ciphertext to its image plaintext. Rivest, Adleman and Dertouzos [RAD78] realized the potential advantage of this property.
    [Show full text]
  • Lecture Notes in Computer Science 6223 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan Van Leeuwen
    Lecture Notes in Computer Science 6223 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Germany Madhu Sudan Microsoft Research, Cambridge, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany Tal Rabin (Ed.) Advances in Cryptology – CRYPTO 2010 30th Annual Cryptology Conference Santa Barbara, CA, USA, August 15-19, 2010 Proceedings 13 Volume Editor Tal Rabin IBM T.J.Watson Research Center Hawthorne, NY, USA E-mail: [email protected] Library of Congress Control Number: 2010931385 CR Subject Classification (1998): E.3, G.2.1, F.2.1-2, D.4.6, K.6.5, C.2, J.1 LNCS Sublibrary: SL 4 – Security and Cryptology ISSN 0302-9743 ISBN-10 3-642-14622-8 Springer Berlin Heidelberg New York ISBN-13 978-3-642-14622-0 Springer Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks.
    [Show full text]
  • Indistinguishability Obfuscation from Functional Encryption
    Indistinguishability Obfuscation from Functional Encryption The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation Bitansky, Nir, and Vinod Vaikuntanathan. "Indistinguishability Obfuscation from Functional Encryption." 2015 IEEE 56th Annual Symposium on Foundations of Computer Science (FOCS), 17-20 October 2015, Berkeley, CA, 2015, pp. 171–90. As Published http://dx.doi.org/10.1109/FOCS.2015.20 Publisher Institute of Electrical and Electronics Engineers (IEEE) Version Original manuscript Citable link http://hdl.handle.net/1721.1/113077 Terms of Use Creative Commons Attribution-Noncommercial-Share Alike Detailed Terms http://creativecommons.org/licenses/by-nc-sa/4.0/ Indistinguishability Obfuscation from Functional Encryption∗ Nir Bitanskyy Vinod Vaikuntanathanz Abstract Indistinguishability obfuscation (IO) is a tremendous notion, powerful enough to give rise to almost any known cryptographic object. Prior candidate IO constructions were based on specific assumptions on algebraic objects called multi-linear graded encodings. We present a generic construction of indistinguishability obfuscation from public-key functional encryption with succinct encryption circuits and subexponential security. This shows the equivalence of indistinguishability obfuscation and public-key functional en- cryption, a primitive that has so far seemed to be much weaker, lacking the power and the staggering range of applications of indistinguishability obfuscation. Our main construction can be based on functional encryption schemes that support a single function key, and where the encryption circuit grows sub-linearly in the circuit-size of the function. We further show that sublinear succinctness in circuit-size for single-key schemes can be traded with sublinear succinctness in the number of keys (also known as the collusion-size) for multi-key schemes.
    [Show full text]
  • Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics
    This is a repository copy of Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics. White Rose Research Online URL for this paper: https://eprints.whiterose.ac.uk/151333/ Version: Accepted Version Article: Kahrobaei, Delaram orcid.org/0000-0001-5467-7832, Wood, Alexander and Najarian, Kayvan (2020) Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics. ACM Comput. Surv.. ISSN 0360-0300 Reuse Items deposited in White Rose Research Online are protected by copyright, with all rights reserved unless indicated otherwise. They may be downloaded and/or printed for private study, or other acts as permitted by national copyright laws. The publisher or other rights holders may allow further reproduction and re-use of the full text version. This is indicated by the licence information on the White Rose Research Online record for the item. Takedown If you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing [email protected] including the URL of the record and the reason for the withdrawal request. [email protected] https://eprints.whiterose.ac.uk/ Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics ALEXANDER WOOD∗, University of Michigan, United States KAYVAN NAJARIAN, University of Michigan, United States DELARAM KAHROBAEI, University of York, United Kingdom Machine learning and statistical techniques are powerful tools for analyzing large amounts of medical and genomic data. On the other hand, ethical concerns and privacy regulations prevent free sharing of this data. Encryption techniques such as fully homomorphic encryption (FHE) enable evaluation over encrypted data. Using FHE, machine learning models such as deep learning, decision trees, and naive Bayes have been implemented for privacy-preserving applications using medical data.
    [Show full text]
  • Short Signatures from Weaker Assumptions
    Short Signatures From Weaker Assumptions Dennis Hofheinz1, Tibor Jager2, and Eike Kiltz2 1 Institut f¨urKryptographie und Sicherheit, Karlsruhe Institute of Technology, Germany. [email protected] 2 Horst-G¨ortzInstitute for IT Security, Ruhr-University Bochum, Germany. ftibor.jager,[email protected] Abstract. We provide constructions of (m; 1)-programmable hash functions (PHFs) for m ≥ 2. Mim- icking certain programmability properties of random oracles, PHFs can, e.g., be plugged into the generic constructions by Hofheinz and Kiltz (J. Cryptol. 2011) to yield digital signature schemes from the strong RSA and strong q-Diffie-Hellman assumptions. As another application of PHFs, we propose new and efficient constructions of digital signature schemes from weaker assumptions, i.e., from the (standard, non-strong) RSA and the (standard, non-strong) q-Diffie-Hellman assumptions. The resulting signature schemes offer interesting tradeoffs between efficiency/signature length and the size of the public-keys. For example, our q-Diffie-Hellman signatures can be as short as 200 bits; the signing algorithm of our Strong RSA signature scheme can be as efficient as the one in RSA full domain hash; compared to previous constructions, our RSA signatures are shorter (by a factor of roughly 2) and we obtain a considerable efficiency improvement (by an even larger factor). All our constructions are in the standard model, i.e., without random oracles. Keywords: digital signatures, RSA assumption, q-DH assumption, programmable hash functions. 1 Introduction Digital Signatures are one of the most fundamental cryptographic primitives. They are used as a building block in numerous high-level cryptographic protocols.
    [Show full text]
  • Setup-Free Secure Search on Encrypted Data: Faster and Post-Processing Free
    Proceedings on Privacy Enhancing Technologies ; 2019 (3):87–107 Adi Akavia*, Craig Gentry, Shai Halevi, and Max Leibovich Setup-Free Secure Search on Encrypted Data: Faster and Post-Processing Free Abstract: We present a novel secure search protocol Keywords: Secure search, Fully homomorphic encryp- on data and queries encrypted with Fully Homomor- tion, Randomized algorithms, Universal hash functions phic Encryption (FHE). Our protocol enables organiza- DOI 10.2478/popets-2019-0038 tions (client) to (1) securely upload an unsorted data Received 2018-11-30; revised 2019-03-15; accepted 2019-03-16. array x = (x[1], . , x[n]) to an untrusted honest-but- curious sever, where data may be uploaded over time 1 Introduction and from multiple data-sources; and (2) securely is- Following the rapid advancement and widespread avail- sue repeated search queries q for retrieving the first ability of cloud computing it is a common practice ∗ ∗ element (i , x[i ]) satisfying an agreed matching crite- to outsource data storage and computations to cloud ∗ rion i = min {i ∈ [n] | IsMatch(x[i], q) = 1}, as well as providers. Placing cleartext (i.e unencrypted) data on fetching the next matching elements with further inter- the cloud compromises data security. To regain data action. For security, the client encrypts the data and privacy one could encrypt the data prior to upload- queries with FHE prior to uploading, and the server ing to the cloud. However, if using standard encryp- processes the ciphertexts to produce the result cipher- tion (e.g. AES), this solution nullifies the benefits of text for the client to decrypt.
    [Show full text]
  • K-Anonymously Private Search Over Encrypted Data
    k-Anonymously Private Search over Encrypted Data Shiyu Ji, Kun Wan {shiyu, kun}@cs.ucsb.edu Abstract In this paper we compare the performance of various homomorphic encryption methods on a private search scheme that can achieve k-anonymity privacy. To make our benchmarking fair, we use open sourced cryptographic libraries which are written by experts and well scrutinized. We find that Goldwasser-Micali encryption achieves good enough performance for practical use, whereas fully homomorphic encryptions are much slower than partial ones like Goldwasser-Micali and Paillier. 1 Introduction How to securely and privately search over encrypted dataset has been popular in research community for the past decade [27, 28, 32, 33, 11, 10, 1]. A private search scheme should allow the client to have access to one of the posting lists in the inverted index, while the server hosting the index cannot tell which posting is accessed by the client. Also for privacy concern, the client should not know any other posting except the legally requested one. To address this problem, one possible way is to leverage Homomorphic Encryption [21, 22, 37, 38, 19, 4, 5]. Recently there is some debate over the question whether such a homomorphic encryption based private search scheme can be practically used [40, 36, 1]. We note that it is important which encryption method is used, since the involved operations may be very different, e.g., there are many modular exponential operations in Paillier [37, 38], while Goldwasser-Micali only requires quadratic exponentiation; some lattice based HEs (e.g. [6, 4]) require noise management techniques such as bootstrapping [16], re- linearization [6] and approximate eigenvector [20], which need more time.
    [Show full text]
  • Techniques for Computing on Encrypted Data in a Practical System*
    Techniques for computing on encrypted data in a practical system* Raluca Ada Popa September 2014 In this document, we survey various techniques for computing on encrypted data that might be useful when designing a practical security system. These tools or methods provide an interesting spectrum over three coordinates: functionality, security, and performance. Unfortunately, none of these tools alone suffices to enable running the systems we have today over encrypted data. They typically fail to achieve a desired goal with respect to at least one of these three coordinates. Nevertheless, understanding the tradeoffs these tools provide in functionality, security, and performance, coupled with an understanding of the targeted system, has enabled building systems that are practical for a class of applications and provide a meaningful level of security. Some examples of such systems are [PRZB11, PSV+14, ABE+13, AEK+13, TKMZ13, TLMM13, KGM+14, SSSE14, TSCS13, HHCW12, KKM+13]. Hence, below we describe each tool or method from a functionality, security and performance standpoint, describing the tradeoff it strikes in this space, and the settings in which it might be practical. Since our focus is this tradeoff, we keep the cryptographic presentation of each tool informal, and instead reference outside formal presentations. We divide these tools and methods in two categories: tools that leak (virtually) nothing about the data and tools that reveal a well-defined function of the data. Many times, the information revealed in the second category helps improve performance drastically. 2 1 Tools with no leakage ◇ 1.1 Fully homomorphic encryption Functionality. FHE [Gen09] is a public-key encryption scheme [Gol04].
    [Show full text]
  • Security and Privacy on Blockchain 1:3 Scientists and Engineers to Uncover Suitable Blockchain Models and Techniques for Many Domain Specific Application Scenarios
    1 Security and Privacy on Blockchain RUI ZHANG and RUI XUE, State Key Laboratory of Information Security, Institute of Information Engi- neering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China LING LIU, School of Computer Science, Georgia Institute of Technology, USA, USA Blockchain offers an innovative approach to storing information, executing transactions, performing func- tions, and establishing trust in an open environment. Many consider blockchain as a technology breakthrough for cryptography and cybersecurity, with use cases ranging from globally deployed cryptocurrency systems like Bitcoin, to smart contracts, smart grids over the Internet of Things, and so forth. Although blockchain has received growing interests in both academia and industry in the recent years, the security and privacy of blockchains continue to be at the center of the debate when deploying blockchain in different applications. This paper presents a comprehensive overview of the security and privacy of blockchain. To facilitate the discussion, we first introduce the notion of blockchains and its utility in the context of Bitcoin like online transactions. Then we describe the basic security properties that are supported as the essential requirements and building blocks for Bitcoin like cryptocurrency systems, followed by presenting the additional security and privacy properties that are desired in many blockchain applications. Finally, we review the security and privacy techniques for achieving these security properties in blockchain-based systems, including represen- tative consensus algorithms, hash chained storage, mixing protocols, anonymous signatures, non-interactive zero-knowledge proof, and so forth. We conjecture that this survey can help readers to gain an in-depth understanding of the security and privacy of blockchain with respect to concept, attributes, techniques and systems.
    [Show full text]
  • Practical Secure Two-Party Computation
    Practical Secure Two-Party Computation: Techniques, Tools, and Applications David Evans (PI), Aaron Mackey, abhi shelat (University of Virginia) Michael Hicks, Jonathan Katz (University of Maryland); Steven Myers (Indiana University) Project Summary Many compelling applications involve computations that require sensitive data from two or more individuals. As an example, consider the myriad genetics applications soon to be within reach of individuals as the cost of personal genome sequencing rapidly plummets. An individual may wish to compare her genome with the genomes of different groups of participants in a study to determine which treatment is likely to be most effective for her. Such comparisons could have tremendous value, but are infeasible because of the privacy concerns both for the individual and study participants. What is needed is a way to compute the output of the comparison without exposing either party’s private inputs. Theoretical solutions to this problem, known as secure multi-party computation, have been known for several decades, including a general solution developed by Andrew Yao based on garbled circuits. Because of its extensive memory use and computational cost, however, the garbled circuits approach has traditionally been considered more of a theoretical curiosity than a practical mechanism for building privacy-preserving applications. Recent developments in cryptographic techniques and new implementation approaches are beginning to change this, however, and admit the possibility of scalable, practical secure computation. Building on this work, we propose to develop techniques and tools to enable practical secure two-party computations and to evaluate these tools by building several scalable privacy-preserving applications. We will develop methods for avoiding the memory bottleneck associated with garbled circuit evaluation by aggressively pipelining circuit generation and evaluation.
    [Show full text]
  • Online-Offline Functional Encryption for Bounded Collusions
    Online-Offline Functional Encryption for Bounded Collusions Shweta Agrawal∗ Alon Roseny Abstract We give a new construction of bounded key functional encryption. Our scheme is well suited for optimization in an online-offline model that allows for preparation in an offline phase, where a majority of the computation is done before the data becomes available. This is followed by an efficient online phase, which is performed when the data becomes known. Such a model has been considered in the context of Attribute-Based Encryption by Hohenberger and Waters (PKC'14). The online component of our scheme significantly outperforms the best previously known construction of bounded key functional encryption by Gorbunov, Vaikuntanathan and Wee (CRYPTO'12), and in fact quasi-linearly depends only on the message size in contrast to the GVW12 ciphertext, which additionally grows as O(q4) for q queries. Security of our scheme is based on the Ring LWE assumption, which is comparable to the assumption underlying the GVW scheme and is well-established compared to those underlying known constructions of unbounded key functional encryption (based on multilinear maps and/or obfuscation). To prove security of our scheme, we introduce a new proof technique, which we call noisy functional encryption. Arguing security via this technique requires the encryptor to artificially add noise to the decryption equation, providing an intriguing tradeoff between correctness and security. This technique appears to be quite general and we believe it is likely to have other applications. ∗IIT Delhi, India. Email: [email protected]. Work done (in part) while visiting IDC Herzliya, supported by the ERC under the EU's Seventh Framework Programme (FP/2007-2013) ERC Grant Agreement n.
    [Show full text]
  • Arxiv:2008.10733V1 [Cs.CR] 24 Aug 2020 to Predict the Hygiene of the Restaurant and Health Risks [4]
    Precision Health Data: Requirements, Challenges and Existing Techniques for Data Security and Privacy Chandra Thapa and Seyit Camtepe CSIRO Data61, Australia fchandra.thapa, [email protected] Abstract. Precision health leverages information from various sources, including omics, lifestyle, environment, social media, medical records, and medical insurance claims to enable personalized care, prevent and predict illness, and precise treatments. It extensively uses sensing technologies (e.g., electronic health monitoring devices), computations (e.g., machine learning), and communication (e.g., interaction between the health data centers). As health data contain sensitive private information, including the identity of patient and carer and medical conditions of the patient, proper care is required at all times. Leakage of these private information affects the personal life, including bullying, high insurance premium, and loss of job due to the medical history. Thus, the security, privacy of and trust on the information are of utmost importance. Moreover, government legislation and ethics committees demand the security and privacy of healthcare data. Besides, the public, who is the data source, always expects the security, privacy, and trust of their data. Otherwise, they can avoid contributing their data to the precision health system. Consequently, as the public is the targeted beneficiary of the system, the effectiveness of precision health diminishes. Herein, in the light of precision health data security, privacy, ethical and regulatory requirements, finding the best methods and techniques for the utilization of the health data, and thus precision health is essential. In this regard, firstly, this paper explores the regulations, ethical guidelines around the world, and domain-specific needs.
    [Show full text]