How Should We Solve Search Problems Privately?
Kobbi Nissim – BGU
A. Beimel, T. Malkin, and E. Weinreb
Secure Function Evaluation[Yao,GMW,BGW,…] n players with private inputs x1,…,xn
Can compute any function f() over their private inputs
No information beyond f() is leaked
SFE tells HOW to compute f()
But not What f() to compute
A Client-Server Setting
SFE reduces many of the general cases to the client-server setting
G
ClientServer
WHAT should we compute?
Server must/is willing to reveal a function f() of the data Secure function evaluation: Reveal f(), but
no other information
???
Server should preserve individual privacy Private data analysis: (rand) functions f()
satisfying differential privacy
In Between (1)
Server must/is willing to reveal a function f() of the data But… Computing f() is inefficient or intractable And, an efficient approx f*() exists
Idea: Use SFE to compute an approx f*() to f()
What Can Go Wrong? [FIMNSW01]
Server holds a graph G Client asks for size of min VC fvc(G) Approx: fvc*(G) = 2MaxMatch(G)
Hmmm...
ffVCVC 2 2
2MaxMatch2MaxMatch 2 4 G
Private Approximations [FIMNSW01]
Require: f*(G) simulatable given f(G) Hence approximation does not leak more information
than exact computation
Implied: f(G) = f(G’) f*(G) ≈ f*(G’)
Sometimes feasible: Hamming distance [FIMNSW01, IW06] Permanent [FIMNSW01]
Sometimes not feasible: fVC not privately approx within ratio n1-ε [HKKN01]
Approx feasible with a small leakage
In Between (2)
Server must/is willing to solve a search problem over the data
Idea: Use SFE to compute a solution? Or an approximate solution
What Can Go Wrong? [BCNW06]
Server holds a graph G Client asks for VC(G) Approx: A*VC(G) = MaxMatch(G)
Hmmm...
G
21
3
5
4
21
3
5
4
VCVC {2} {2} {2} {2}
A*A*VCVC {2,3} {2,1}{2,3} {2,1}
Private Algorithms [BCNW06]
R – Equivalence Relation over {0,1}* E.g. G1 ≈ G2 if VC(G1) = VC(G2)
Algorithm A is private with respect to R if:
x y
A( ) A( )≈
x y
Is Private Search Good?
Too strong: VC does not admit private search approx algs
Even with a significant relaxation [BCNW06,BHN07]
If NP not in P/poly, there is a search problem in P that has no polynomial time private algorithm [BCNW06]
Too weak: A private search algorithm may reveal all the
solutions Does not rule out simple ways of plausible
leakage
Some Possible Weaknesses
Randomized Algorithms: More solutions learned by repeated
querying Fuzziness
Deterministic Algorithms: Repeated querying ineffective Definite information learned
Can we get the best of both worlds?
Framework: Seeded Algorithms A – randomized algorithm Server fixes a seed s for all queries
Allows selecting random solutions Prevents abuse of repeated queries
G1G2
sAA(G2,s)
A(G1,s)
Rest of the Talk
Propose two new definitions Equivalence protecting Resemblance preserving
Show basic implementation methodologies
Summary/discuss
(x2)
First Definition: Equivalence Protecting Consistent oracle :
(x)S(x) (x)=(y) for all x ≈P y
A seeded algorithm A is equivalence protecting:
1( , )x sA
Distinguisher
≡c
A(· , )
x1
(x1)
x2
s
x1x2
2( , )x sA
Random consistentoracle
Equivalence Protecting: Shortest Path Def: An edge is relevant in G if it appears in
some shortest path from s to t
Fact I: Relevance depends only on S(G) Fact II: There exists an algorithm Arand(G,r )
that outputs a random shortest path in G
s 2 t
3
1
Equivalence Protecting: Shortest Path
Input: A graph G A seed s for a family {fs} of
pseudorandom functionsOutput: A path in S(G)
The algorithm:1. H = relevant edges of G2. Compute r=fs(H)
3. Output: p= Arand(H,r )
Other Equivalence Preserving Algorithms
Perfect matching in bipartite graphs
Solution of a linear system of equations
Shortest path: weighted directed graphs
Second Definition: Resemblance Preserving Motivation: protect inputs with similar
solution sets Resemblance between instances x,y:
A seeded algorithm A is resemblance preserving if for all instances x,y:
Pr[A(x,s)=A(y,s)] ≥ r(x,y)
|S(x)S(y)|
|S(x)S(y)|r(x,y) = Fact: 0 ≤ r(x,y)
≤ 1
Tool: Min-wise Independent Permutations [BroderCharikarFriezeMitzenmacher98]
A family of permutations is min-wise independent if for every set A U and aA:
Observation:
{ }s s S :s U U
1Pr[min( ( )) ( )]
| |s sA aA
Pr[min( ( ( ))) min( ( ( ))] ( , ).s sS x S y r x y
A Generic Resemblance Preserving Algorithm
Input: An input x A seed s for a family of min-wise
independent permutationsOutput: A solution in S(x)
Algorithm: Output sol S(x) such that
Algorithmic challenge: Find sol efficiently.
{ }s s S
(sol) min( ( ( ))).s s S x
Other Resemblance Preserving Algorithms (non-) Roots of polynomialsSolution of a linear system of
equationsSatisfying assignment of a DNF
formula
Summary
Presented two intuitive variants of private search Equivalence protecting Resemblance preserving
Constructed algorithms satisfying definitions Privacy implications of search problems are not well
understood Even (seemingly minimal) requirements of privacy
are hard to attain Different privacy requirements for different setups
Is there an order in the mess? A methodology for comparing/justifying definitions
BSF-DIMACS Privacy Workshop
@DIMACS/Rutgers University Interdisciplinary February 4-7 Organizers: B. Pinkas, K.N., and R.
Wright (some) Funding available
To be added to mailing list: [email protected]
A (Seemingly) Minimal Requirement
Private search algorithm [BCNW06]:
VC(G) = VC(G’) A*VC(G) ≈ A*VC(G’)
A*VC should not distinguish graphs that have the same set of solutions
A generalization of private approximation [FIMNSW01]