Profiting from Untrusted Parties in Web-Based Applications

  • Claus Boyens
  • Matthias Fischmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2738)


Privacy Homomorphisms (PHs) are encryption functions that allow for a limited processing of encrypted data. They are of particular importance for the transformation of sensitive data that is given away to untrusted third parties for computation purposes. In this paper, we analyze the theoretical foundations of this class of functions and mark out its limitations in terms of security and functionality. We then propose the employment of PHs in two different usage environments. First, a single user wants an untrusted service provider to perform operations on encrypted data that she lacks the power or ability to compute herself. Second, a group of peers uses the services of a semi-trusted mediator who cannot be relied on in principle but who is assumed not to collude with either of the peers. In both cases, privacy is preserved by encrypting sensitive data with a PH before transferring it to the untrusted party. The results show that PHs can be usefully employed in both situations although their firm theoretical limitations inhibit general-purpose use.


Service Provider Encryption Scheme Sensitive Data Online Service Single User 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Asonov, D., Freytag, J.C.: Almost optimal private information retrieval. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 209–223. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Beaver, D.: Commodity-based cryptography. In: Proceedings of the ACM STOC Conference, El Paso, USA (1997)Google Scholar
  3. 3.
    Boyens, C., Günther, O.: Trust is not enough: Privacy and security in ASP and web service environments. In: Manolopoulos, Y., Návrat, P. (eds.) ADBIS 2002. LNCS, vol. 2435, p. 8. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Boyens, C., Günther, O.: Using online services in untrusted environments - a privacy-preserving architecture. In: Proceedings of the European Conference on Information Systems (ECIS), Naples, Italy (2003) (to appear)Google Scholar
  5. 5.
    Brickell, E., Yacobi, Y.: On privacy homomorphisms. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 117–125. Springer, Heidelberg (1988)Google Scholar
  6. 6.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: Proceedings of the 36th IEEE Conference on Foundations of Computer Science, pp. 41–50. IEEE Press, New York (1995)Google Scholar
  7. 7.
    Chowdhury, S.D., Duncan, G., Krishnan, R., Roehrig, S., Mukherjee, S.: Disclosure detection in multivariate categorical databases: auditing confidentiality protection through two new matrix operators. Management Science 45(12) (December 1999)Google Scholar
  8. 8.
    Domingo-Ferrer, J., Herrera-Joancomarti, J.: A privacy homomorphism allowing field operations on encrypted data. Jornades de Matematica Discreta i Algorismica, Barcelona (1999)Google Scholar
  9. 9.
    Feigenbaum, J., Freedman, M., Sander, T., Shostack, A.: Privacy engineering for digital rights management systems. In: Digital Rights Management Workshop, pp. 76–105 (2001)Google Scholar
  10. 10.
    Goldreich, O.: Secure multi-party computation. Working Draft (1998)Google Scholar
  11. 11.
    Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation. Academic Press, New York (1978)Google Scholar
  12. 12.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2) (1978)Google Scholar
  13. 13.
    Smith, S.W., Weingart, S.H.: Building a high-performance, programmable secure coprocessor. Computer Networks, Special Issue on Computer Network Security 31, 831–860 (1999)Google Scholar
  14. 14.
    Stallings, W.: Cryptography and Network Security: Principles and Practice. Prentice-Hall, Englewood Cliffs (1999)Google Scholar
  15. 15.
    Sweeney, L.: Computational Disclosure Control: A Primer on Data Privacy Protection. PhD thesis, Massachusetts Institute of Technology (2001)Google Scholar
  16. 16.
    Willenborg, L., de Waal, T.: Elements of Statistical Disclosure Control. Addison-Wesley, Reading (2001)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Claus Boyens
    • 1
  • Matthias Fischmann
    • 1
  1. 1.Institute of Information SystemsHumboldt University BerlinBerlinGermany

Personalised recommendations