Anonymous Data Collection System with Mediators

  • Hiromi Arai
  • Keita Emura
  • Takahiro Matsuda
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9024)


Nowadays, sensitive data is treated for a constellation of purposes, e.g., establishing the presence or absence of causal association among certain diseases. Then, statistics of sensitive data needs to be computed, and a number of methods for computing such statistics with concerning privacy so far have been investigated, e.g., secure computation, differential privacy, k-anonymity, etc. On the contrary, it seems not clear how to collect sensitive data with concerning privacy in the first place. Moreover, the cost for data collection should be considered if the number of data suppliers is relatively large.

In this paper, we propose an anonymous data collection system with mediators, where no mediator knows actual data, but simultaneously mediators can check a data format whether data belongs to a certain range. Then, data with the expected format can be collected in a “secure” and “efficient” way. For constructing this system, we employ public key encryption with an additional functionality which is called restrictive public key encryption (RPKE). Finally, we estimate the performance of the proposed system in which existing concrete constructions are used and confirm it is sufficiently efficient for practical use.



We would like to thank our colleagues, especially Hiroshi Nakagawa, Takeaki Uno, Toshihiro Kamishima, Shotaro Akaho, and Junpei Kawamoto. We also would like to thank the anonymous reviewers of BalkanCryptSec 2014 for their helpful comments and suggestions.


  1. 1.
  2. 2.
    The PBC (pairing-based cryptography) library.
  3. 3.
  4. 4.
    Ashrafi, M.Z., Ng, S.K.: Collusion-resistant anonymous data collection method. In: KDD, pp. 69–78 (2009)Google Scholar
  5. 5.
    Ashrafi, M.Z., Ng, S.K.: Efficient and anonymous online data collection. In: Zhou, X., Yokota, H., Deng, K., Liu, Q. (eds.) DASFAA 2009. LNCS, vol. 5463, pp. 471–485. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  6. 6.
    Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: A revocable group signature scheme from identity-based revocation techniques: achieving constant-size revocation list. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 419–437. Springer, Heidelberg (2014). Google Scholar
  7. 7.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21, 149–177 (2008)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Golle, P.: Almost entirely correct mixing with applications to voting. In: ACM Conference on Computer and Communications Security, pp. 68–77 (2002)Google Scholar
  11. 11.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM Conference on Computer and Communications Security, pp. 168–177 (2004)Google Scholar
  12. 12.
    Brickell, J., Shmatikov, V.: Efficient anonymity-preserving data collection. In: KDD, pp. 76–85 (2006)Google Scholar
  13. 13.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  14. 14.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  15. 15.
    Furukawa, J., Imai, H.: An efficient group signature scheme from bilinear maps. IEICE Trans. 89(A(5)), 1328–1338 (2006)CrossRefGoogle Scholar
  16. 16.
    Jakobsson, M., Juels, A., Rivest, R.L.: Making mix nets robust for electronic voting by randomized partial checking. In: USENIX Security Symposium, pp. 339–353 (2002)Google Scholar
  17. 17.
    Laur, S., Willemson, J., Zhang, B.: Round-efficient oblivious database manipulation. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 262–277. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  18. 18.
    Li, N., Li, T., Venkatasubramanian, S.: \(t\)-closeness: Privacy beyond \(k\)-anonymity and \(\ell \)-diversity. In: ICDE, pp. 106–115 (2007).
  19. 19.
    Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 571–589. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  20. 20.
    Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  21. 21.
    Libert, B., Vergnaud, D.: Group signatures with verifier-local revocation and backward unlinkability in the standard model. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 498–517. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  22. 22.
    Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: \(\ell \)-diversity: privacy beyond \(k\)-anonymity. In: ICDE, p. 24 (2006).
  23. 23.
    Nakanishi, T., Fujii, H., Hira, Y., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 463–480. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  24. 24.
    Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  25. 25.
    Nakanishi, T., Funabiki, N.: A short verifier-local revocation group signature scheme with backward unlinkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 17–32. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  26. 26.
    Nakanishi, T., Funabiki, N.: Revocable group signatures with compact revocation list using accumulators. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 435–451. Springer, Heidelberg (2014). Google Scholar
  27. 27.
    Sakai, Y., Emura, K., Hanaoka, G., Kawai, Y., Omote, K.: Towards restricting plaintext space in public key encryption. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 193–209. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  28. 28.
    Sakai, Y., Emura, K., Hanaoka, G., Kawai, Y., Omote, K.: Methods for restricting message space in public-key encryption. IEICE Trans. 96(A(6)), 1156–1168 (2013)CrossRefGoogle Scholar
  29. 29.
    Stokes, K.: On computational anonymity. In: Domingo-Ferrer, J., Tinnirello, I. (eds.) PSD 2012. LNCS, vol. 7556, pp. 336–347. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  30. 30.
    Sweeney, L.: Achieving \(k\)-anonymity privacy protection using generalization and suppression. Int. J. Uncertainty, Fuzziness Knowl.-Based Syst. 10(5), 571–588 (2002)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Sweeney, L.: \(k\)-anonymity: A model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)MathSciNetCrossRefGoogle Scholar
  32. 32.
    Tassa, T., Mazza, A., Gionis, A.: \(k\)-concealment: an alternative model of \(k\)-type anonymity. Trans. Data Priv. 5(1), 189–222 (2012)MathSciNetGoogle Scholar
  33. 33.
    Truta, T.M., Campan, A., Meyer, P.: Generating microdata with p-sensitive k-anonymity property. In: Jonker, W., Petković, M. (eds.) SDM 2007. LNCS, vol. 4721, pp. 124–141. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  34. 34.
    Xue, M., Papadimitriou, P., Raïssi, C., Kalnis, P., Pung, H.K.: Distributed privacy preserving data collection. In: Yu, J.X., Kim, M.H., Unland, R. (eds.) DASFAA 2011, Part I. LNCS, vol. 6587, pp. 93–107. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  35. 35.
    Yang, Z., Zhong, S., Wright, R.N.: Anonymity-preserving data collection. In: KDD, pp. 334–343 (2005)Google Scholar
  36. 36.
    Yao, A.C.C.: Protocols for secure computations (extended abstract). In: FOCS 1982, pp. 160–164 (1982)Google Scholar
  37. 37.
    Zhong, S., Yang, Z., Chen, T.: k-anonymous data collection. Inf. Sci. 179(17), 2948–2963 (2009)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.The University of TokyoTokyoJapan
  2. 2.National Institute of Information and Communications Technology (NICT)TokyoJapan
  3. 3.National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan

Personalised recommendations