Skip to main content
SpringerLink
Log in

Privacy-Preserving Aggregation of Time-Series Data with Public Verifiability from Simple Assumptions

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10343))

Included in the following conference series:

Abstract

Aggregator oblivious encryption was proposed by Shi et al. (NDSS 2011), where an aggregator can compute an aggregated sum of data and is unable to learn anything else (aggregator obliviousness). Since the aggregator does not learn individual data that may reveal users’ habits and behaviors, several applications, such as privacy-preserving smart metering, have been considered. In this paper, we propose aggregator oblivious encryption schemes with public verifiability where the aggregator is required to generate a proof of an aggregated sum and anyone can verify whether the aggregated sum has been correctly computed by the aggregator. Though Leontiadis et al. (CANS 2015) considered the verifiability, their scheme requires an interactive complexity assumption to provide the unforgeability of the proof. Our schemes are proven to be unforgeable under a static and simple assumption (a variant of the Computational Diffie-Hellman assumption). Moreover, our schemes inherit the tightness of the reduction of the Benhamouda et al. scheme (ACM TISSEC 2016) for proving aggregator obliviousness. This tight reduction allows us to employ elliptic curves of a smaller order and leads to efficient implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    This key-length is recommended by NIST [4] for achieving 128-bit security. To be precise, the Benhamouda et al. scheme archives 108-bit security under this key length. Thus, a slightly longer key is required to achieve 112-bit security.

  2. 2.

    Kiltz and Vahlis [28] defined the modified Decisional Bilinear Diffie-Hellman (mDBDH) assumption where given \((g,g^x,g^y,g^{y^2},g^z,Z)\) decide whether \(Z=e(g,g)^{xyz}\) or not. That is, compared to the original DBDH assumption, the element \(g^{y^2}\) is additionally given to the adversary. In our assumption, if we set \(g_1^{1/a}:=g_1^\prime \) then \((g_1^{1/a},g_1,g_1^a)\) can be seen as \( (g_1^\prime ,{g_1^\prime }^a,{g_1^\prime }^{a^2})\). That is, the element \({g^\prime _1}^{a^2}\) is added to an instance of the CDH assumption. Hence, we call the assumption mCDH.

  3. 3.

    In the definition of Leontiadis et al. [31], each user i chooses a tag value \(\mathsf{tk}_i\), and sends its encoding value to the dealer in the \(\mathsf{Setup}\) phase. The dealer computes \(\mathsf{vk}\) from all \(\mathsf{tk}_i\). Here we simply assume that \(\mathsf{vk}\) is generated by the dealer since the dealer is modeled as a trusted entity. Later, we consider the case that \(\mathsf{vk}\) is generated by users in the encryption phase.

  4. 4.

    A decryption key of the Boneh-Boyen IBE scheme is informally described as \((g^\alpha H_\mathsf{BB}(ID)^r, g^r)\) for a master key \(\alpha \) and a random r, the Boneh-Boyen hash \(H_\mathsf{BB}\). In our first construction, \(\alpha \), ID, and r are regarded as \(x_{i,t}\), t, and \(v_{i,t}\) respectively. Thus, the number of verification keys depends on \(t_\mathsf{max}\).

References

  1. Abe, M., Chase, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Constant-size structure-preserving signatures: Generic constructions and simple assumptions. J. Cryptology 29(4), 833–878 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  2. Backes, M., Fiore, D., Reischuk, R.M.: Verifiable delegation of computation on outsourced data. In: ACM CCS, pp. 863–874 (2013)

    Google Scholar 

  3. Badrinarayanan, S., Goyal, V., Jain, A., Sahai, A.: Verifiable functional encryption. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 557–587. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53890-6_19

    Chapter  Google Scholar 

  4. Barker, E.: NIST Special Publication 800–57 Part 1, Revision 4. http://dx.doi.org/10.6028/NIST.Spp.800--57pt1r4

  5. Barreto, P., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Selected Areas in Cryptography, pp. 319–331 (2005)

    Google Scholar 

  6. Barthe, G., Danezis, G., Grégoire, B., Kunz, C., Béguelin, S.Z.: Verified computational differential privacy with applications to smart metering. In: IEEE Computer Security Foundations Symposium, pp. 287–301 (2013)

    Google Scholar 

  7. Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_34

    Google Scholar 

  8. Benhamouda, F., Joye, M., Libert, B.: A new framework for privacy-preserving aggregation of time-series data. ACM Trans. Inf. Syst. Secur. 18(3), 10 (2016)

    Article  Google Scholar 

  9. Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_14

    Chapter  Google Scholar 

  10. Boyen, X.: The Uber-assumption family. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 39–56. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85538-5_3

    Chapter  Google Scholar 

  11. Chan, T.H., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Financial Cryptography, pp. 200–214 (2012)

    Google Scholar 

  12. Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997). doi:10.1007/3-540-69053-0_9

    Google Scholar 

  13. Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). doi:10.1007/3-540-46035-7_4

    Chapter  Google Scholar 

  14. Cui, Y., Fujisaki, E., Hanaoka, G., Imai, H., Zhang, R.: Formal security treatments for IBE-to-signature transformation: relations among security notions. IEICE Trans. 92–A(1), 53–66 (2009)

    Article  Google Scholar 

  15. Danezis, G., Fournet, C., Kohlweiss, M., Béguelin, S.Z.: Smart meter aggregation via secret-sharing. In: ACM Workshop on Smart Energy Grid Security, pp. 75–80 (2013)

    Google Scholar 

  16. Fan, C., Huang, S., Lai, Y.: Privacy-enhanced data aggregation scheme against internal attackers in smart grid. IEEE Trans. Industr. Inf. 10(1), 666–675 (2014)

    Article  Google Scholar 

  17. Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: ACM CCS, pp. 844–855 (2014)

    Google Scholar 

  18. Garcia, F.D., Jacobs, B.: Privacy-friendly energy-metering via homomorphic encryption. In: Security and Trust Management, pp. 226–238 (2010)

    Google Scholar 

  19. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)

    Google Scholar 

  20. Goldwasser, S., et al.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55220-5_32

    Chapter  Google Scholar 

  21. Green, M., Hohenberger, S.: Practical adaptive oblivious transfer from simple assumptions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 347–363. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19571-6_21

    Chapter  Google Scholar 

  22. Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6_38

    Chapter  Google Scholar 

  23. Hofheinz, D., Jager, T.: Verifiable random functions from standard assumptions. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 336–362. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49096-9_14

    Chapter  Google Scholar 

  24. Jager, T.: Verifiable random functions from weaker assumptions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 121–143. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46497-7_5

    Chapter  Google Scholar 

  25. Jawurek, M., Johns, M., Kerschbaum, F.: Plug-in privacy for smart metering billing. In: Privacy Enhancing Technologies, pp. 192–210 (2011)

    Google Scholar 

  26. Jawurek, M., Kerschbaum, F.: Fault-tolerant privacy-preserving statistics. In: Privacy Enhancing Technologies, pp. 221–238 (2012)

    Google Scholar 

  27. Joye, M., Libert, B.: A scalable scheme for privacy-preserving aggregation of time-series data. In: Financial Cryptography, pp. 111–125 (2013)

    Google Scholar 

  28. Kiltz, E., Vahlis, Y.: CCA2 secure IBE: standard model efficiency through authenticated symmetric encryption. In: CT-RSA, pp. 221–238 (2008)

    Google Scholar 

  29. Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53018-4_20

    Chapter  Google Scholar 

  30. Leontiadis, I., Elkhiyaoui, K., Molva, R.: Private and dynamic time-series data aggregation with trust relaxation. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 305–320. Springer, Cham (2014). doi:10.1007/978-3-319-12280-9_20

    Google Scholar 

  31. Leontiadis, I., Elkhiyaoui, K., Önen, M., Molva, R.: PUDA - privacy and unforgeability for data aggregation. In: CANS, pp. 3–18 (2015)

    Google Scholar 

  32. Li, Q., Cao, G.: Efficient privacy-preserving stream aggregation in mobile sensing with low aggregation error. In: Privacy Enhancing Technologies, pp. 60–81 (2013)

    Google Scholar 

  33. Libert, B., Mouhartem, F., Peters, T., Yung, M.: Practical “signatures with efficient protocols” from simple assumptions. In: AsiaCCS, pp. 511–522 (2016)

    Google Scholar 

  34. Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48000-7_15

    Chapter  Google Scholar 

  35. Lu, R., Liang, X., Li, X., Lin, X., Shen, X.: EPPA: an efficient and privacy-preserving aggregation scheme for secure smart grid communications. IEEE Trans. Parallel Distrib. Syst. 23(9), 1621–1631 (2012)

    Article  Google Scholar 

  36. Menezes, A., Sarkar, P., Singh, S.: Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography. IACR Cryptology ePrint Archive 2016:1102 (2016)

    Google Scholar 

  37. Micali, S., Reyzin, L.: Improving the exact security of digital signature schemes. J. Cryptology 15(1), 1–18 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  38. Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_6

    Chapter  Google Scholar 

  39. Ohara, K., Sakai, Y., Yoshida, F., Iwamoto, M., Ohta, K.: Privacy-preserving smart metering with verifiability for both billing and energy management. In: ASIAPKC, pp. 23–32 (2014)

    Google Scholar 

  40. Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14623-7_11

    Chapter  Google Scholar 

  41. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_16

    Google Scholar 

  42. Rastogi, V., Nath, S.: Differentially private aggregation of distributed time-series with transformation and encryption. In: ACM SIGMOD, pp. 735–746 (2010)

    Google Scholar 

  43. Rial, A., Danezis, G.: Privacy-preserving smart metering. In: WPES, pp. 49–60 (2011)

    Google Scholar 

  44. Shi, E., Chan, T.H., Rieffel, E.G., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: NDSS (2011)

    Google Scholar 

  45. Takashima, K.: Expressive attribute-based encryption with constant-size ciphertexts from the decisional linear assumption. In: Abdalla, M., Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 298–317. Springer, Cham (2014). doi:10.1007/978-3-319-10879-7_17

    Google Scholar 

  46. Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03356-8_36

    Chapter  Google Scholar 

Download references

Acknowledgement

The author would like to thank Dr. Miyako Ohkubo for her invaluable comments against the bulletin board assumption, and thank Dr. Takuya Hayashi for his invaluable suggestions against elliptic curve parameters.

Author information

Authors and Affiliations

  1. National Institute of Information and Communications Technology (NICT), Tokyo, Japan

    Keita Emura

Authors
  1. Keita Emura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Keita Emura .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Josef Pieprzyk

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Suriadi Suriadi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Emura, K. (2017). Privacy-Preserving Aggregation of Time-Series Data with Public Verifiability from Simple Assumptions. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10343. Springer, Cham. https://doi.org/10.1007/978-3-319-59870-3_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59870-3_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59869-7

  • Online ISBN: 978-3-319-59870-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation