skip to main content
research-article

Accountable Private Set Cardinality for Distributed Measurement

Published:21 July 2022Publication History
Skip Abstract Section

Abstract

We introduce cryptographic protocols for securely and efficiently computing the cardinality of set union and set intersection. Our private set-cardinality protocols (PSC) are designed for the setting in which a large set of parties in a distributed system makes observations, and a small set of parties with more resources and higher reliability aggregates the observations. PSC allows for secure and useful statistics gathering in privacy-preserving distributed systems. For example, it allows operators of anonymity networks such as Tor to securely answer the questions: How many unique users are using the network? and How many hidden services are being accessed?

We prove the correctness and security of PSC in the Universal Composability framework against an active adversary that compromises all but one of the aggregating parties. Although successful output cannot be guaranteed in this setting, PSC either succeeds or terminates with an abort, and we furthermore make the adversary accountable for causing an abort by blaming at least one malicious party. We also show that PSC prevents adaptive corruption of the data parties from revealing past observations, which prevents them from being victims of targeted compromise, and we ensure safe measurements by making outputs differentially private.

We present a proof-of-concept implementation of PSC and use it to demonstrate that PSC operates with low computational overhead and reasonable bandwidth. It can count tens of thousands of unique observations from tens to hundreds of data-collecting parties while completing within hours. PSC is thus suitable for daily measurements in a distributed system.

REFERENCES

  1. [1] Asharov Gilad and Lindell Yehuda. 2017. A full proof of the BGW protocol for perfectly secure multiparty computation. Journal of Cryptology 30, 1 (2017).Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. [2] Baum Carsten, Orsini Emmanuela, and Scholl Peter. 2016. Efficient secure multiparty computation with identifiable abort. In Theory of Cryptography Conference (TCC’16).Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. [3] Baum Carsten, Orsini Emmanuela, Scholl Peter, and Soria-Vazquez Eduardo. 2020. Efficient constant-round MPC with identifiable abort and public verifiability. In Annual International Cryptology Conference (Crypto’20).Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. [4] Bayer Stephanie and Groth Jens. 2012. Efficient zero-knowledge argument for correctness of a shuffle. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt).Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. [5] Bellare Mihir and Rogaway Phillip. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security (CCS’93).Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. [6] Benaloh Josh. 1994. Dense probabilistic encryption. In Workshop on Selected Areas of Cryptography (SAC’94).Google ScholarGoogle Scholar
  7. [7] Blum Avrim, Ligett Katrina, and Roth Aaron. 2013. A learning theory approach to noninteractive database privacy. Journal of the ACM (JACM’13) 60, 2 (2013).Google ScholarGoogle Scholar
  8. [8] Brandt Felix. 2005. Efficient cryptographic protocol design based on distributed El Gamal encryption. In International Conference on Information Security and Cryptology (ICISC’05).Google ScholarGoogle Scholar
  9. [9] Bünz Benedikt, Bootle Jonathan, Boneh Dan, Poelstra Andrew, Wuille Pieter, and Maxwell Greg. 2018. Bulletproofs: Short proofs for confidential transactions and more. In IEEE Symposium on Security and Privacy (S&P’18).Google ScholarGoogle Scholar
  10. [10] Camenisch Jan, Drijvers Manu, and Dubovitskaya Maria. 2017. Practical UC-secure delegatable credentials with attributes and their application to blockchain. In ACM Conference on Computer and Communications Security (CCS’17).Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. [11] Canetti Ran. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Foundations of Computer Science (FOCS’01).Google ScholarGoogle Scholar
  12. [12] Canetti Ran, Lindell Yehuda, Ostrovsky Rafail, and Sahai Amit. 2002. Universally composable two-party and multi-party secure computation. In Symposium on Theory of Computing (STOC’02).Google ScholarGoogle Scholar
  13. [13] Choi Seung Geol, Dachman-Soled Dana, Kulkarni Mukul, and Yerukhimovich Arkady. 2020. Differentially-private multi-party sketching for large-scale statistics. Proceedings on Privacy Enhancing Technologies 3 (2020).Google ScholarGoogle Scholar
  14. [14] Damgård Ivan. 2010. On \( \Sigma \)-protocols. Lecture Notes on Cryptologic Protocol Theory, v.2.Google ScholarGoogle Scholar
  15. [15] Damgård Ivan, Pastro Valerio, Smart Nigel, and Zakarias Sarah. 2012. Multiparty computation from somewhat homomorphic encryption. In Annual International Cryptology Conference (Crypto).Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. [16] Cristofaro Emiliano De, Gasti Paolo, and Tsudik Gene. 2012. Fast and private computation of cardinality of set intersection and union. In International Conference on Cryptology and Network Security (CANS’12).Google ScholarGoogle ScholarCross RefCross Ref
  17. [17] Kok Daniël de. 2020. Go Par package for parallel for-loops. https://github.com/danieldk/par.Google ScholarGoogle Scholar
  18. [18] Dingledine Roger, Mathewson Nick, and Syverson Paul. 2004. Tor: The second-generation onion router. In USENIX Security Symposium (USENIX’04).Google ScholarGoogle Scholar
  19. [19] Dolev Danny and Strong H. Raymond. 1983. Authenticated algorithms for Byzantine agreement. SIAM J. Comput. 12, 4 (1983).Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. [20] Durand Marianne and Flajolet Philippe. 2003. Loglog counting of large cardinalities. In European Symposium on Algorithms (ESA’03).Google ScholarGoogle Scholar
  21. [21] Dwork Cynthia, Kenthapadi Krishnaram, McSherry Frank, Mironov Ilya, and Naor Moni. 2006. Our data, ourselves: Privacy via distributed noise generation. In Advances in Cryptology (Eurocrypt’06).Google ScholarGoogle Scholar
  22. [22] Dwork Cynthia, McSherry Frank, Nissim Kobbi, and Smith Adam. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference (TCC’06).Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. [23] Dwork Cynthia, Roth Aaron, et al. 2014. The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science 9, 3–4 (2014).Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. [24] Egert Rolf, Fischlin Marc, Gens David, Jacob Sven, Senker Matthias, and Tillmanns Jörn. 2015. Privately computing set-union and set-intersection cardinality via Bloom filters. In Australasian Conference on Information Security and Privacy.Google ScholarGoogle ScholarCross RefCross Ref
  25. [25] Elahi Tariq, Danezis George, and Goldberg Ian. 2014. PrivEx: Private collection of traffic statistics for anonymous communication networks. In ACM Conference on Computer and Communications Security (CCS’14).Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. [26] Fenske Ellis, Mani Akshaya, Johnson Aaron, and Sherr Micah. 2017. Distributed measurement with private set-union cardinality. In ACM Conference on Computer and Communications Security (CCS’17). ACM.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. [27] Fiat Amos and Shamir Adi. 1987. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology (CRYPTO’86).Google ScholarGoogle Scholar
  28. [28] Freedman Michael J., Nissim Kobbi, and Pinkas Benny. 2004. Efficient private matching and set intersection. In Advances in Cryptology (Eurocrypt’04).Google ScholarGoogle Scholar
  29. [29] Furukawa Jun, Miyauchi Hiroshi, Mori Kengo, Obana Satoshi, and Sako Kazue. 2003. An implementation of a universally verifiable electronic voting scheme based on shuffling. In Financial Cryptography (FC’02).Google ScholarGoogle Scholar
  30. [30] Goldreich O.. 2001. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press.Google ScholarGoogle ScholarCross RefCross Ref
  31. [31] Goldreich Oded, Micali Silvio, and Wigderson Avi. 1987. How to play ANY mental game. In ACM Symposium on Theory of Computing (STOC’87).Google ScholarGoogle Scholar
  32. [32] Goldreich Oded and Oren Yair. 1994. Definitions and properties of zero-knowledge proof systems. Journal of Cryptology 7, 1 (1994).Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. [33] Groth Jens. 2003. A verifiable secret shuffle of homomorphic encryptions. In Theory and Practice in Public Key Cryptography (PKC’03).Google ScholarGoogle Scholar
  34. [34] Groth Jens, Ostrovsky Rafail, and Sahai Amit. 2006. Perfect non-interactive zero knowledge for NP. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’06).Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. [35] Hazay Carmit, Mikkelsen Gert Læssøe, Rabin Tal, Toft Tomas, and Nicolosi Angelo Agatino. 2012. Efficient RSA key generation and threshold Paillier in the two-party setting. In Topics in Cryptology – CT-RSA.Google ScholarGoogle Scholar
  36. [36] Hazay Carmit and Nissim Kobbi. 2012. Efficient set operations in the presence of malicious adversaries. Journal of Cryptology 25, 3 (2012).Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. [37] Inan Ali, Kantarcioglu Murat, Ghinita Gabriel, and Bertino Elisa. 2010. Private record matching using differential privacy. In International Conference on Extending Database Technology.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. [38] Ishai Yuval, Ostrovsky Rafail, and Zikas Vassilis. 2014. Secure multi-party computation with identifiable abort. In Annual Cryptology Conference (CRYPTO’14).Google ScholarGoogle ScholarCross RefCross Ref
  39. [39] Jansen Rob and Johnson Aaron. 2016. Safely measuring Tor. In ACM Conference on Computer and Communications Security (CCS’16).Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. [40] Kasiviswanathan Shiva P. and Smith Adam. 2014. On the ‘semantics’ of differential privacy: A Bayesian formulation. Journal of Privacy and Confidentiality 6, 1 (2014).Google ScholarGoogle ScholarCross RefCross Ref
  41. [41] Katz Jonathan, Maurer Ueli, Tackmann Björn, and Zikas Vassilis. 2013. Universally composable synchronous computation. In Theory of Cryptography Conference (TCC’13).Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. [42] Kiayias Aggelos, Zhou Hong-Sheng, and Zikas Vassilis. 2016. Fair and robust multi-party computation using a global transaction ledger. In Advances in Cryptology (EUROCRYPT’16).Google ScholarGoogle Scholar
  43. [43] Kissner Lea and Song Dawn. 2005. Privacy-preserving set operations. In Annual International Cryptology Conference (Crypto’05).Google ScholarGoogle ScholarCross RefCross Ref
  44. [44] kyber. 2020. kyber: DEDIS Advanced Crypto Library for Go. https://godoc.org/go.dedis.ch/kyber.Google ScholarGoogle Scholar
  45. [45] Larraia Enrique, Orsini Emmanuela, and Smart Nigel P.. 2014. Dishonest majority multi-party computation for binary circuits. In Annual International Cryptology Conference (Crypto’14).Google ScholarGoogle ScholarCross RefCross Ref
  46. [46] Lindell Yehida. 2005. Secure multiparty computation for privacy preserving data mining. In Encyclopedia of Data Warehousing and Mining. 10051009.Google ScholarGoogle ScholarCross RefCross Ref
  47. [47] Lindell Yehuda. 2015. An efficient transform from sigma protocols to NIZK with a CRS and non-programmable random oracle. In Theory of Cryptography (TCC’15).Google ScholarGoogle Scholar
  48. [48] Lindell Yehuda, Pinkas Benny, Smart Nigel P., and Yanai Avishay. 2015. Efficient constant round multi-party computation combining BMR and SPDZ. In Annual Cryptology Conference (Crypto’15).Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. [49] Mani Akshaya and Sherr M.. 2017. Histor\( \epsilon \): Differentially private and robust statistics collection for Tor. In Network and Distributed System Security Symposium (NDSS’17).Google ScholarGoogle Scholar
  50. [50] McCoy Damon, Bauer Kevin, Grunwald Dirk, Kohno Tadayoshi, and Sicker Douglas. 2008. Shining light in dark places: Understanding the Tor network. In Privacy Enhancing Technologies Symposium (PETS’08).Google ScholarGoogle Scholar
  51. [51] McSherry Frank and Talwar Kunal. 2007. Mechanism design via differential privacy. In Foundations of Computer Science (FOCS’07).Google ScholarGoogle Scholar
  52. [52] Melis Luca, Danezis George, and Cristofaro Emiliano De. 2016. Efficient private statistics with succinct sketches. In Network and Distributed System Security Symposium (NDSS’16).Google ScholarGoogle Scholar
  53. [53] Neff C. Andrew. 2001. A verifiable secret shuffle and its application to e-voting. In ACM Conference on Computer and Communications Security (CCS’01).Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. [54] Nguyen Lan, Safavi-Naini Rei, and Kurosawa Kaoru. 2004. Verifiable shuffles: A formal model and a Paillier-based efficient construction with provable security. In Applied Cryptography and Network Security (ACNS’04).Google ScholarGoogle ScholarCross RefCross Ref
  55. [55] Nissim Kobbi, Raskhodnikova Sofya, and Smith Adam. 2007. Smooth sensitivity and sampling in private data analysis. In Symposium on Theory of Computing (STOC’07).Google ScholarGoogle Scholar
  56. [56] Partridge Craig and Allman Mark. 2016. Ethical considerations in network measurement papers. Commun. ACM 59, 10 (2016).Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. [57] Pettai Martin and Laud Peeter. 2015. Combining differential privacy and secure multiparty computation. In Annual Computer Security Applications Conference (ACSAC’15).Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. [58] Goldreich Shai Halevi, Ran Canetti, and Oded. 2004. The random oracle methodology, revisited. Journal of the ACM (JACM’04) 51, 4 (2004).Google ScholarGoogle Scholar
  59. [59] Schnorr Claus-Peter. 1991. Efficient signature generation by smart cards. Journal of Cryptology 4, 3 (1991).Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. [60] Soghoian Christopher. 2011. Enforced community standards for research on users of the Tor anonymity network. In Workshop on Ethics in Computer Security Research (WECSR’11).Google ScholarGoogle Scholar
  61. [61] Stanojevic Rade, Nabeel Mohamed, and Yu Ting. 2017. Distributed cardinality estimation of set operations with differential privacy. In IEEE Symposium on Privacy-Aware Computing (PAC’17).Google ScholarGoogle Scholar
  62. [62] Stoica Ion, Morris Robert, Karger David, Kaashoek M. Frans, and Balakrishnan Hari. 2001. Chord: A scalable peer-to-peer lookup service for internet applications. In Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’01).Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. [63] Struik Rene. 2021. Alternative Elliptic Curve Representations. Internet-Draft draft-ietf-lwig-curve-representations-20. Internet Engineering Task Force. Work in Progress.Google ScholarGoogle Scholar
  64. [64] Tor Metrics. 2020. https://metrics.torproject.org/.Google ScholarGoogle Scholar
  65. [65] Vaidya Jaideep and Clifton Chris. 2005. Secure set intersection cardinality with application to association rule mining. Journal of Computer Security 13, 4 (2005).Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. [66] Varda Kenton. 2008. Protocol Buffers: Google’s Data Interchange Format. https://opensource.googleblog.com/2008/07/protocol-buffers-googles-data.html.Google ScholarGoogle Scholar
  67. [67] Wails Ryan, Johnson Aaron, Starin Daniel, Yerukhimovich Arkady, and Gordon S. Dov. 2019. Stormy: Statistics in Tor by measuring securely. ACM Conference on Computer and Communications Security (CCS’19).Google ScholarGoogle Scholar
  68. [68] Wang Xiao, Ranellucci Samuel, and Katz Jonathan. 2017. Global-scale secure multiparty computation. In ACM Conference on Computer and Communications Security (CCS’17).Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. [69] Wikström Douglas. 2005. A sender verifiable mix-net and a new proof of a shuffle. In International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’05).Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Accountable Private Set Cardinality for Distributed Measurement

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Privacy and Security
        ACM Transactions on Privacy and Security  Volume 25, Issue 4
        November 2022
        330 pages
        ISSN:2471-2566
        EISSN:2471-2574
        DOI:10.1145/3544004
        Issue’s Table of Contents

        Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 21 July 2022
        • Online AM: 27 April 2022
        • Accepted: 1 July 2021
        • Received: 1 February 2021
        Published in tops Volume 25, Issue 4

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Full Text

      View this article in Full Text.

      View Full Text

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!