research-article

STAR: Secret Sharing for Private Threshold Aggregation Reporting

Authors:

Joseph Genereux,

Benjamin Livshits,

Hamed HaddadiAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 697 - 710

https://doi.org/10.1145/3548606.3560631

Published: 07 November 2022 Publication History

Abstract

Threshold aggregation reporting systems promise a practical, privacy-preserving solution for developers to learn how their applications are used in-the-wild. Unfortunately, proposed systems to date prove impractical for wide scale adoption, suffering from a combination of requiring: i) prohibitive trust assumptions; ii) high computation costs; or iii) massive user bases. As a result, adoption of truly-private approaches has been limited to only a small number of enormous (and enormously costly) projects.

In this work, we improve the state of private data collection by proposing STAR, a highly efficient, easily deployable system for providing cryptographically-enforced κ-anonymity protections on user data collection. The STAR protocol is easy to implement and cheap to run, all while providing privacy properties similar to, or exceeding the current state-of-the-art. Measurements of our open-source implementation of STAR find that it is 1773x quicker, requires 62.4x less communication, and is 24x cheaper to run than the existing state-of-the-art.

References

[1]

Surya Addanki, Kevin Garbe, Eli Jaffe, Rafail Ostrovsky, and Antigoni Polychro- niadou. 2021. Prio: Privacy Preserving Aggregate Statistics via Boolean Shares. Cryptology ePrint Archive, Report 2021/576. https://eprint.iacr.org/2021/576.

[2]

Martin R. Albrecht, Alex Davidson, Amit Deo, and Nigel P. Smart. 2021. Round- Optimal Verifiable Oblivious Pseudorandom Functions from Ideal Lattices. In PKC 2021, Part II (LNCS, Vol. 12711), Juan Garay (Ed.). Springer, Heidelberg, 261--289. https://doi.org/10.1007/978-3-030-75248-4_10

Digital Library

[3]

Richard Barnes, Karthikeyan Bhargavan, Benjamin Lipp, and Christopher A. Wood. 2021. Hybrid Public Key Encryption. Internet-Draft draft-irtf-cfrg-hpke-12. IETF Secretariat. https://www.ietf.org/archive/id/draft-irtf-cfrg-hpke-12.txt https://www.ietf.org/archive/id/draft-irtf-cfrg-hpke-12.txt.

[4]

Raef Bassily, Kobbi Nissim, Uri Stemmer, and Abhradeep Thakurta. 2020. Practical Locally Private Heavy Hitters. Journal of Machine Learning Research 21, 16 (2020), 1--42. http://jmlr.org/papers/v21/18-786.html

[5]

Raef Bassily and Adam D. Smith. 2015. Local, Private, Efficient Protocols for Succinct Histograms. In 47th ACM STOC, Rocco A. Servedio and Ronitt Rubinfeld (Eds.). ACM Press, 127--135. https://doi.org/10.1145/2746539.2746632

Digital Library

[6]

Mihir Bellare, Wei Dai, and Phillip Rogaway. 2020. Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements. PoPETs 2020, 4 (Oct. 2020), 461--490. https://doi.org/10.2478/popets-2020-0082

[7]

Abhishek Bhowmick, Dan Boneh, Steve Myers, Kunal Talwar, and Karl Tarbe. July 29, 2021. The Apple PSI System, Apple Inc. https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf (accessed 19 Aug 2021).

[8]

Andrea Bittau, Úlfar Erlingsson, Petros Maniatis, Ilya Mironov, Ananth Raghu- nathan, David Lie, Mitch Rudominer, Ushasree Kode, Julien Tinnes, and Bernhard Seefeld. 2017. Prochlo: Strong Privacy for Analytics in the Crowd. In Proceedings of the 26th Symposium on Operating Systems Principles (Shanghai, China) (SOSP '17). Association for Computing Machinery, New York, NY, USA, 441--459. https://doi.org/10.1145/3132747.3132769

Digital Library

[9]

Marina Blanton and Everaldo Aguiar. 2012. Private and oblivious set and multiset operations. In ASIACCS 12, Heung Youl Youm and Yoojae Won (Eds.). ACM Press, 40--41.

[10]

Dan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, and Yuval Ishai. 2021. Lightweight Techniques for Private Heavy Hitters. IEEE Security & Privacy. https://eprint.iacr.org/2021/017.

[11]

Daniel Bourdrez, Hugo Krawczyk, Kevin Lewi, and Christopher A. Wood. 2021. The OPAQUE Asymmetric PAKE Protocol. Internet-Draft draft-irtf-cfrg-opaque-07. IETF Secretariat. https://www.ietf.org/archive/id/draft-irtf-cfrg-opaque-07.txt https://www.ietf.org/archive/id/draft-irtf-cfrg-opaque-07.txt.

[12]

Mark Bun, Jelani Nelson, and Uri Stemmer. 2019. Heavy Hitters and the Structure of Local Privacy. ACM Trans. Algorithms 15, 4, Article 51 (Oct. 2019). https://doi.org/10.1145/3344722

Digital Library

[13]

David L. Chaum. 1981. Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Commun. ACM 24, 2 (Feb. 1981), 84--90. https://doi.org/10.1145/ 358549.358563

Digital Library

[14]

Henry Corrigan-Gibbs and Dan Boneh. 2017. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics. In Proceedings of the 14th USENIX Conference on Networked Systems Design and Implementation (Boston, MA, USA) (NSDI'17). USENIX Association, USA, 259--282.

[15]

Alex Davidson, Armando Faz-Hernandez, Nick Sullivan, and Christopher A. Wood. 2021. Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups. Internet-Draft draft-irtf-cfrg-voprf-06. IETF Secretariat. https://www.ietf.org/ archive/id/draft-irtf-cfrg-voprf-06.txt https://www.ietf.org/archive/id/draft-irtf-cfrg-voprf-06.txt.

[16]

Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, and Filippo Valsorda. 2018. Privacy Pass: Bypassing Internet Challenges Anonymously. PoPETs 2018, 3 (July 2018), 164--180. https://doi.org/10.1515/popets-2018-0026

[17]

Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, Benjamin Livshits, and Hamed Haddadi. 2021. STAR: Secret Sharing for Private Threshold Aggregation Reporting. https://doi.org/10.48550/ARXIV.2109.10074

[18]

Jack Doerner and abhi shelat. 2017. Scaling ORAM for Secure Computation. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 523--535. https://doi.org/10.1145/3133956. 3133967

Digital Library

[19]

John R. Douceur. 2002. The Sybil Attack. In IPTPS '01: Revised Papers from the First International Workshop on Peer-to-Peer Systems. Springer-Verlag, London, UK, 251--260. http://portal.acm.org/citation.cfm?id=687813

[20]

Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. 2014. RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response. In ACM CCS 2014, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM Press, 1054--1067. https://doi.org/10.1145/2660267.2660348

Digital Library

[21]

Michael J. Freedman, Yuval Ishai, Benny Pinkas, and Omer Reingold. 2005. Keyword Search and Oblivious Pseudorandom Functions. In TCC 2005 (LNCS, Vol. 3378), Joe Kilian (Ed.). Springer, Heidelberg, 303--324. https://doi.org/10. 1007/978-3-540-30576-7_17

[22]

Sanjam Garg, Steve Lu, and Rafail Ostrovsky. 2015. Black-Box Garbled RAM. In 56th FOCS, Venkatesan Guruswami (Ed.). IEEE Computer Society Press, 210--229. https://doi.org/10.1109/FOCS.2015.22

Digital Library

[23]

Niv Gilboa and Yuval Ishai. 2014. Distributed Point Functions and Their Appli- cations. In EUROCRYPT 2014 (LNCS, Vol. 8441), Phong Q. Nguyen and Elisabeth Oswald (Eds.). Springer, Heidelberg, 640--658. https://doi.org/10.1007/978-3-642-55220-5_35

[24]

S. Dov Gordon, Jonathan Katz, Vladimir Kolesnikov, Fernando Krell, Tal Malkin, Mariana Raykova, and Yevgeniy Vahlis. 2012. Secure two-party computation in sublinear (amortized) time. In ACM CCS 2012, Ting Yu, George Danezis, and Virgil D. Gligor (Eds.). ACM Press, 513--524. https://doi.org/10.1145/2382196. 2382251

Digital Library

[25]

Sharon Huang, Subodh Iyengar, Sundar Jeyaraman, Shiv Kushwah, Chen-Kuei, Lee Zutian Luo, Payman Mohassel, Ananth Raghunathan, Shaahid Shaikh, Yen-Chieh Sung, and Albert Zhang. 2021. DIT: De-Identified Authenticated Telemetry at Scale. (2021). https://tinyurl.com/yxt7u2ss.

[26]

Stanislaw Jarecki, Aggelos Kiayias, and Hugo Krawczyk. 2014. Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model. In ASIACRYPT 2014, Part II (LNCS, Vol. 8874), Palash Sarkar and Tetsu Iwata (Eds.). Springer, Heidelberg, 233--253. https://doi.org/10.1007/978-3-662-45608-8_13

[27]

B. Kaliski. 2000. PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898. RFC Editor. http://www.rfc-editor.org/rfc/rfc2898.txt http://www.rfc-editor.org/rfc/rfc2898.txt.

[28]

Marcel Keller and Avishay Yanai. 2018. Efficient Maliciously Secure Multi-party Computation for RAM. In EUROCRYPT 2018, Part III (LNCS, Vol. 10822), Jesper Buus Nielsen and Vincent Rijmen (Eds.). Springer, Heidelberg, 91--124. https://doi.org/10.1007/978-3-319-78372-7_4

[29]

Lea Kissner and Dawn Xiaodong Song. 2005. Privacy-Preserving Set Operations. In CRYPTO 2005 (LNCS, Vol. 3621), Victor Shoup (Ed.). Springer, Heidelberg, 241--257. https://doi.org/10.1007/11535218_15

Digital Library

[30]

Jon Kleinberg and Steve Lawrence. 2001. The Structure of the Web. Science 294, 5548 (2001), 1849--1850. https://doi.org/10.1126/science.1067014 arXiv:https://science.sciencemag.org/content/294/5548/1849.full.pdf

[31]

Ben Kreuter, Tancrède Lepoint, Michele Orrù, and Mariana Raykova. 2020. Anony- mous Tokens with Private Metadata Bit. In CRYPTO 2020, Part I (LNCS, Vol. 12170), Daniele Micciancio and Thomas Ristenpart (Eds.). Springer, Heidelberg, 308--336. https://doi.org/10.1007/978-3-030-56784-2_11

Digital Library

[32]

Steve Lu and Rafail Ostrovsky. 2013. Distributed Oblivious RAM for Secure Two- Party Computation. In TCC 2013 (LNCS, Vol. 7785), Amit Sahai (Ed.). Springer, Heidelberg, 377--396. https://doi.org/10.1007/978-3-642-36594-2_22

Digital Library

[33]

C. Andrew Neff. 2001. A Verifiable Secret Shuffle and Its Application to e-Voting. In ACM CCS 2001, Michael K. Reiter and Pierangela Samarati (Eds.). ACM Press, 116--125. https://doi.org/10.1145/501983.502000

Digital Library

[34]

Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. 2020. A survey of published attacks on Intel SGX. arXiv preprint arXiv:2006.13598 (2020).

[35]

C. Percival and S. Josefsson. 2016. The scrypt Password-Based Key Derivation Function. RFC 7914. RFC Editor.

[36]

Zhan Qin, Yin Yang, Ting Yu, Issa Khalil, Xiaokui Xiao, and Kui Ren. 2016. Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy. In ACM CCS 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM Press, 192--203. https://doi.org/10.1145/ 2976749.2978409

Digital Library

[37]

Eric Rescorla. 2021. (2021). bofreq-privacy-preserving-measurement-06 https://datatracker.ietf.org/doc/bofreq-privacy-preserving-measurement/.

[38]

Sacha Servan-Schreiber, Kyle Hogan, and Srinivas Devadas. 2021. AdVeil: A Private Targeted-Advertising Ecosystem. Cryptology ePrint Archive, Report 2021/1032. https://ia.cr/2021/1032.

[39]

Latanya Sweeney. 2002. k-Anonymity: A Model for Protecting Privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 10, 5 (2002), 557--570. https://doi.org/10. 1142/S0218488502001648

Digital Library

[40]

Martin Thomson and Christopher A. Wood. 2021. Oblivious HTTP. Internet- Draft draft-thomson-ohai-ohttp-00. IETF Secretariat. https://www.ietf.org/archive/id/draft-thomson-ohai-ohttp-00.txt https://www.ietf.org/archive/id/draft-thomson-ohai-ohttp-00.txt.

[41]

Nirvan Tyagi, Sofia Celi, Thomas Ristenpart, Nick Sullivan, Stefano Tessaro, and Christopher A. Wood. 2021. A Fast and Simple Partially Oblivious PRF, with Applications. Cryptology ePrint Archive, Report 2021/864. https://eprint.iacr. org/2021/864.

[42]

Wennan Zhu, Peter Kairouz, Brendan McMahan, Haicheng Sun, and Wei Li. 2020. Federated Heavy Hitters Discovery with Differential Privacy. In Proceedings of the Twenty Third International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research, Vol. 108). PMLR. http://proceedings. mlr.press/v108/zhu20a.html

Cited By

Bozdemir BÖzdemir BÖnen M(2024)PRIDA: PRIvacy-Preserving Data Aggregation with Multiple Data CustomersICT Systems Security and Privacy Protection10.1007/978-3-031-65175-5_4(46-60)Online publication date: 26-Jul-2024
https://doi.org/10.1007/978-3-031-65175-5_4
Bharadwaj ACormode G(2023)Federated computation: a survey of concepts and challengesDistributed and Parallel Databases10.1007/s10619-023-07438-wOnline publication date: 23-Nov-2023
https://doi.org/10.1007/s10619-023-07438-w

Index Terms

STAR: Secret Sharing for Private Threshold Aggregation Reporting
1. Security and privacy
  1. Security services
    1. Privacy-preserving protocols

Recommendations

Privacy in Advertising: Analytics and Modeling
KDD '23: Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining

Privacy in general, and differential privacy (DP) in particular, have become important topics in data mining and machine learning. Digital advertising is a critical component of the internet and is powered by large-scale data analytics and machine ...
STaR: design and quantitative measurement of source-location privacy for wireless sensor networks

Wireless sensor networks WSNs can provide the world with a technology for real-time event monitoring. One of the primary concerns that hinder the successful deployment of WSNs is source-location privacy SLP. The privacy of the source location is vital ...
H-Star: Hilbert-order Based Star Network Expansion Cloaking Algorithm in Road Networks
CSE '11: Proceedings of the 2011 14th IEEE International Conference on Computational Science and Engineering

The proliferations of position identifying devices become increasing privacy threat in location-based services (LBSs). It is very difficult to avoid the privacy threat of a user in processing his/her request because the user has to submit his/her exact ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
511
Total Downloads

Downloads (Last 12 months)198
Downloads (Last 6 weeks)10

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Bozdemir BÖzdemir BÖnen M(2024)PRIDA: PRIvacy-Preserving Data Aggregation with Multiple Data CustomersICT Systems Security and Privacy Protection10.1007/978-3-031-65175-5_4(46-60)Online publication date: 26-Jul-2024
https://doi.org/10.1007/978-3-031-65175-5_4
Bharadwaj ACormode G(2023)Federated computation: a survey of concepts and challengesDistributed and Parallel Databases10.1007/s10619-023-07438-wOnline publication date: 23-Nov-2023
https://doi.org/10.1007/s10619-023-07438-w

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents