Privacy-Preserving Aggregation of Time-Series Data with Public Verifiability from Simple Assumptions

  • Keita Emura
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10343)


Aggregator oblivious encryption was proposed by Shi et al. (NDSS 2011), where an aggregator can compute an aggregated sum of data and is unable to learn anything else (aggregator obliviousness). Since the aggregator does not learn individual data that may reveal users’ habits and behaviors, several applications, such as privacy-preserving smart metering, have been considered. In this paper, we propose aggregator oblivious encryption schemes with public verifiability where the aggregator is required to generate a proof of an aggregated sum and anyone can verify whether the aggregated sum has been correctly computed by the aggregator. Though Leontiadis et al. (CANS 2015) considered the verifiability, their scheme requires an interactive complexity assumption to provide the unforgeability of the proof. Our schemes are proven to be unforgeable under a static and simple assumption (a variant of the Computational Diffie-Hellman assumption). Moreover, our schemes inherit the tightness of the reduction of the Benhamouda et al. scheme (ACM TISSEC 2016) for proving aggregator obliviousness. This tight reduction allows us to employ elliptic curves of a smaller order and leads to efficient implementation.



The author would like to thank Dr. Miyako Ohkubo for her invaluable comments against the bulletin board assumption, and thank Dr. Takuya Hayashi for his invaluable suggestions against elliptic curve parameters.


  1. 1.
    Abe, M., Chase, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Constant-size structure-preserving signatures: Generic constructions and simple assumptions. J. Cryptology 29(4), 833–878 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Backes, M., Fiore, D., Reischuk, R.M.: Verifiable delegation of computation on outsourced data. In: ACM CCS, pp. 863–874 (2013)Google Scholar
  3. 3.
    Badrinarayanan, S., Goyal, V., Jain, A., Sahai, A.: Verifiable functional encryption. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 557–587. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53890-6_19 CrossRefGoogle Scholar
  4. 4.
    Barker, E.: NIST Special Publication 800–57 Part 1, Revision 4.
  5. 5.
    Barreto, P., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Selected Areas in Cryptography, pp. 319–331 (2005)Google Scholar
  6. 6.
    Barthe, G., Danezis, G., Grégoire, B., Kunz, C., Béguelin, S.Z.: Verified computational differential privacy with applications to smart metering. In: IEEE Computer Security Foundations Symposium, pp. 287–301 (2013)Google Scholar
  7. 7.
    Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). doi: 10.1007/3-540-68339-9_34 Google Scholar
  8. 8.
    Benhamouda, F., Joye, M., Libert, B.: A new framework for privacy-preserving aggregation of time-series data. ACM Trans. Inf. Syst. Secur. 18(3), 10 (2016)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_14 CrossRefGoogle Scholar
  10. 10.
    Boyen, X.: The Uber-assumption family. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 39–56. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85538-5_3 CrossRefGoogle Scholar
  11. 11.
    Chan, T.H., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Financial Cryptography, pp. 200–214 (2012)Google Scholar
  12. 12.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_9 Google Scholar
  13. 13.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_4 CrossRefGoogle Scholar
  14. 14.
    Cui, Y., Fujisaki, E., Hanaoka, G., Imai, H., Zhang, R.: Formal security treatments for IBE-to-signature transformation: relations among security notions. IEICE Trans. 92–A(1), 53–66 (2009)CrossRefGoogle Scholar
  15. 15.
    Danezis, G., Fournet, C., Kohlweiss, M., Béguelin, S.Z.: Smart meter aggregation via secret-sharing. In: ACM Workshop on Smart Energy Grid Security, pp. 75–80 (2013)Google Scholar
  16. 16.
    Fan, C., Huang, S., Lai, Y.: Privacy-enhanced data aggregation scheme against internal attackers in smart grid. IEEE Trans. Industr. Inf. 10(1), 666–675 (2014)CrossRefGoogle Scholar
  17. 17.
    Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: ACM CCS, pp. 844–855 (2014)Google Scholar
  18. 18.
    Garcia, F.D., Jacobs, B.: Privacy-friendly energy-metering via homomorphic encryption. In: Security and Trust Management, pp. 226–238 (2010)Google Scholar
  19. 19.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)Google Scholar
  20. 20.
    Goldwasser, S., et al.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_32 CrossRefGoogle Scholar
  21. 21.
    Green, M., Hohenberger, S.: Practical adaptive oblivious transfer from simple assumptions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 347–363. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_21 CrossRefGoogle Scholar
  22. 22.
    Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_38 CrossRefGoogle Scholar
  23. 23.
    Hofheinz, D., Jager, T.: Verifiable random functions from standard assumptions. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 336–362. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49096-9_14 CrossRefGoogle Scholar
  24. 24.
    Jager, T.: Verifiable random functions from weaker assumptions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 121–143. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46497-7_5 CrossRefGoogle Scholar
  25. 25.
    Jawurek, M., Johns, M., Kerschbaum, F.: Plug-in privacy for smart metering billing. In: Privacy Enhancing Technologies, pp. 192–210 (2011)Google Scholar
  26. 26.
    Jawurek, M., Kerschbaum, F.: Fault-tolerant privacy-preserving statistics. In: Privacy Enhancing Technologies, pp. 221–238 (2012)Google Scholar
  27. 27.
    Joye, M., Libert, B.: A scalable scheme for privacy-preserving aggregation of time-series data. In: Financial Cryptography, pp. 111–125 (2013)Google Scholar
  28. 28.
    Kiltz, E., Vahlis, Y.: CCA2 secure IBE: standard model efficiency through authenticated symmetric encryption. In: CT-RSA, pp. 221–238 (2008)Google Scholar
  29. 29.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53018-4_20 CrossRefGoogle Scholar
  30. 30.
    Leontiadis, I., Elkhiyaoui, K., Molva, R.: Private and dynamic time-series data aggregation with trust relaxation. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 305–320. Springer, Cham (2014). doi: 10.1007/978-3-319-12280-9_20 Google Scholar
  31. 31.
    Leontiadis, I., Elkhiyaoui, K., Önen, M., Molva, R.: PUDA - privacy and unforgeability for data aggregation. In: CANS, pp. 3–18 (2015)Google Scholar
  32. 32.
    Li, Q., Cao, G.: Efficient privacy-preserving stream aggregation in mobile sensing with low aggregation error. In: Privacy Enhancing Technologies, pp. 60–81 (2013)Google Scholar
  33. 33.
    Libert, B., Mouhartem, F., Peters, T., Yung, M.: Practical “signatures with efficient protocols” from simple assumptions. In: AsiaCCS, pp. 511–522 (2016)Google Scholar
  34. 34.
    Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_15 CrossRefGoogle Scholar
  35. 35.
    Lu, R., Liang, X., Li, X., Lin, X., Shen, X.: EPPA: an efficient and privacy-preserving aggregation scheme for secure smart grid communications. IEEE Trans. Parallel Distrib. Syst. 23(9), 1621–1631 (2012)CrossRefGoogle Scholar
  36. 36.
    Menezes, A., Sarkar, P., Singh, S.: Challenges with assessing the impact of NFS advances on the security of pairing-based cryptography. IACR Cryptology ePrint Archive 2016:1102 (2016)Google Scholar
  37. 37.
    Micali, S., Reyzin, L.: Improving the exact security of digital signature schemes. J. Cryptology 15(1), 1–18 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_6 CrossRefGoogle Scholar
  39. 39.
    Ohara, K., Sakai, Y., Yoshida, F., Iwamoto, M., Ohta, K.: Privacy-preserving smart metering with verifiability for both billing and energy management. In: ASIAPKC, pp. 23–32 (2014)Google Scholar
  40. 40.
    Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_11 CrossRefGoogle Scholar
  41. 41.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi: 10.1007/3-540-48910-X_16 Google Scholar
  42. 42.
    Rastogi, V., Nath, S.: Differentially private aggregation of distributed time-series with transformation and encryption. In: ACM SIGMOD, pp. 735–746 (2010)Google Scholar
  43. 43.
    Rial, A., Danezis, G.: Privacy-preserving smart metering. In: WPES, pp. 49–60 (2011)Google Scholar
  44. 44.
    Shi, E., Chan, T.H., Rieffel, E.G., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: NDSS (2011)Google Scholar
  45. 45.
    Takashima, K.: Expressive attribute-based encryption with constant-size ciphertexts from the decisional linear assumption. In: Abdalla, M., Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 298–317. Springer, Cham (2014). doi: 10.1007/978-3-319-10879-7_17 Google Scholar
  46. 46.
    Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_36 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.National Institute of Information and Communications Technology (NICT)TokyoJapan

Personalised recommendations