Abstract
In encryption-based privacy-preserving recommender systems (PPRS), the user sends encrypted ratings to the server. An encrypted rating vector can have thousands of ciphertexts, causing a communication overhead. In some encryption-based PPRS proposed in the literature, if a user wants to rate a single item, he/she is required to send the entire rating vector to hide which item was rated. A user’s rating value and the item that is being rated both should remain private. This can be seen as a variant of the classical PIR-write problem. The goal is that each time a user wants to modify any data block, the communication should be minimal from the user.
In encryption-based PPRS, the ratings are required to be encrypted using homomorphic schemes so that the server can generate recommendations. Arjan proposed a private rating update protocol for the recommender system applications, whereas Lipmaa and Zhang gave a protocol for a more general database scenario. We propose a hybrid approach that combines the advantages of each protocol, yielding a more efficient protocol. Our approach has constant user-side computation, and it reduces the communication and computation overhead at the server-side compared to previous approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bresson, E., Catalano, D., Pointcheval, D.: A simple public-key cryptosystem with a double trapdoor decryption mechanism and its applications. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 37–54. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-40061-5_3
Chen, Y., Nguyen, P.Q.: Faster algorithms for approximate common divisors: breaking fully-homomorphic-encryption challenges over the integers. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 502–519. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_30
Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44586-2_9
Dyer, J., Dyer, M., Xu, J.: Practical homomorphic encryption over the integers for secure computation in the cloud. Int. J. Inf. Secur. 18(5), 549–579 (2019). https://doi.org/10.1007/s10207-019-00427-0
Galbraith, S.D., Gebregiyorgis, S.W., Murphy, S.: Algorithms for the approximate common divisor problem. LMS J. Comput. Math. 19(A), 58–72 (2016)
Gentry, C., Boneh, D.: A Fully Homomorphic Encryption Scheme, vol. 20. Stanford University, Stanford (2009)
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM (JACM) 43(3), 431–473 (1996)
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)
Howgrave-Graham, N., Joux, A.: New generic algorithms for hard knapsacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 235–256. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_12
Jeckmans, A.J.P.: Cryptographically-Enhanced Privacy for Recommender Systems. University of Twente (2014)
Kim, J., Koo, D., Kim, Y., Yoon, H., Shin, J., Kim, S.: Efficient privacy-preserving matrix factorization for recommendation via fully homomorphic encryption. ACM Trans. Priv. Secur. (TOPS) 21(4), 1–30 (2018)
Lipmaa, H., Zhang, B.: Two new efficient PIR-writing protocols. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 438–455. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13708-2_26
Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 502–519. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_27
Polat, H., Du, W.: Privacy-preserving collaborative filtering using randomized perturbation techniques. In: Third IEEE International Conference on Data Mining, ICDM 2003, pp. 625–628. IEEE (2003)
Samanthula, B.K., Chun, H., Jiang, W.: An efficient and probabilistic secure bit-decomposition. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 541–546 (2013)
Snook, M.: Integer-based fully homomorphic encryption. Rochester Institute of Technology (2011)
Stefanov, E., et al.: Path ORAM: an extremely simple oblivious ram protocol. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 299–310 (2013)
van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_2
Wang, J., Arriaga, A., Tang, Q., Ryan, P.Y.A.: CryptoRec: secure recommendations as a service. CoRR abs/1802.02432 (2018). arXiv:1802.02432
Williams, P., Sion, R.: Usable PIR. In: NDSS, pp. 139–152 (2008)
Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 139–148 (2008)
Yakut, I., Polat, H.: Arbitrarily distributed data-based recommendations with privacy. Data Knowl. Eng. 72, 239–256 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Secure Bit Decomposition (SBD)
A Secure Bit Decomposition (SBD)
In SBD protocol there are two sub-protocols: Encrypted_LSB() and SVR(). In our proposed work, we have made some changes in these sub-protocols to make it work using the HE1N scheme. First, the Encrypted_LSB() routine takes two inputs: a ciphertext of an encrypted integer and an integer in plaintext, and returns the encrypted least significant bit of the encrypted integer passed to it. The two observations that this sub-protocol follows are:
Observation-I. For any given x, let \(y = x+r \mod N\), where r is a random number in \(\mathbb {Z}_n\). Here the relation between y and r depends on whether \(x+r \mod N\) leads to an overflow or not. y is always greater than r if there is no overflow. Similarly, in the case of overflow y is always less than r.
Observation-II. For any given \(y = x+r \mod N\), where N is odd, the following property regarding the least significant bit of x always hold:
Here \(\lambda _1\) denotes whether an overflow occurs or not, and \(\lambda _2\) denotes whether y is odd or not. That is \(\lambda _1 = 1\) if \(r > y\), and 0 otherwise. Similarly, \(\lambda _2 = 1\) if y is odd and 0 otherwise, \(\oplus \) denotes the XOR operation. It is noteworthy that N in the Paillier cryptosystem is always odd, this follows in the HE1N system as well.
The second half of the SBD protocol is to verify if the bit decomposition is correct or not from the step 5 to 8 in Algorithm 2. The sub-protocol: secure verification of result (SVR()) is used to perform this verification. Basically what the dataserver does here, it reconstructs the integer from the decomposed bits, masks it with some random noise, and send it to the keyserver for decryption. If the bit decomposition is correct, the keyserver will receive encryption of 0 otherwise some random encrypted number. The result is conveyed to the dataserver; if the decomposition is incorrect, the dataserver starts over from step 2 of Algorithm 2.
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Verma, P., Mathuria, A., Dasgupta, S. (2021). Faster Private Rating Update via Integer-Based Homomorphic Encryption. In: Tripathy, S., Shyamasundar, R.K., Ranjan, R. (eds) Information Systems Security. ICISS 2021. Lecture Notes in Computer Science(), vol 13146. Springer, Cham. https://doi.org/10.1007/978-3-030-92571-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-92571-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92570-3
Online ISBN: 978-3-030-92571-0
eBook Packages: Computer ScienceComputer Science (R0)