Transcript How Should We Solve Search Problems Privately? Kobbi Nissim – BGU A. Beimel, T.

How Should We Solve Search
Problems Privately?
Kobbi Nissim – BGU
A. Beimel, T. Malkin, and E. Weinreb
Secure Function Evaluation
[Yao,GMW,BGW,…]
 n players with private inputs x1,…,xn
 Can compute any function f() over their
private inputs
 No information beyond f() is leaked
 SFE tells
 HOW to compute f()
 But not
 What f() to compute
A Client-Server Setting
 SFE reduces many of the general cases to
the client-server setting
Server
Client
G
WHAT should we compute?
 Server must/is willing to reveal a function
f() of the data

Secure function evaluation: Reveal f(), but
no other information
 ???
 Server should preserve individual privacy

Private data analysis: (rand) functions f()
satisfying differential privacy
In Between (1)
 Server must/is willing to reveal a function f() of
the data


But… Computing f() is inefficient or intractable
And, an efficient approx f*() exists
 Idea: Use SFE to compute an approx f*() to f()
What Can Go Wrong? [FIMNSW01]
 Server holds a graph G
 Client asks for size of min VC fvc(G)
 Approx: fvc*(G) = 2MaxMatch(G)
Hmmm...
fVC
2MaxMatch
2
2
2
4
G
Private Approximations [FIMNSW01]
 Require: f*(G) simulatable given f(G)
 Hence approximation does not leak more
information than exact computation
 Implied: f(G) = f(G’)  f*(G) ≈ f*(G’)
 Sometimes feasible:
 Hamming distance [FIMNSW01, IW06]
 Permanent [FIMNSW01]
 Sometimes not feasible:
 fVC not privately approx within ratio n1-ε [HKKN01]
 Approx feasible with a small leakage
In Between (2)
 Server must/is willing to solve a search
problem over the data
 Idea: Use SFE to compute a solution?

Or an approximate solution
What Can Go Wrong? [BCNW06]
 Server holds a graph G
 Client asks for VC(G)
 Approx: A*VC(G) = MaxMatch(G)
4
4
5
2
3
VC
A*VC
Hmmm...
1
5
2
1
3
{2}
{2}
{2,3}
{2,1}
G
Private Algorithms [BCNW06]
R – Equivalence Relation over {0,1}*

E.g. G1 ≈ G2 if VC(G1) = VC(G2)
Algorithm A is private with respect to R if:
A( )
x
y
≈ A( )
Is Private Search Good?
Too strong:
 VC does not admit private search approx algs

Even with a significant relaxation
[BCNW06,BHN07]
 If NP not in P/poly, there is a search problem in P
that has no polynomial time private algorithm
[BCNW06]
Too weak:
 A private search algorithm may reveal all the
solutions
 Does not rule out simple ways of plausible leakage
Some Possible Weaknesses
 Randomized Algorithms:
 More solutions learned by repeated
querying
 Fuzziness
 Deterministic Algorithms:
 Repeated querying ineffective
 Definite information learned
 Can we get the best of both worlds?
Framework: Seeded Algorithms
 A – randomized algorithm
 Server fixes a seed s for all queries
 Allows selecting random solutions
 Prevents abuse of repeated queries
G1
G2
A(G1,s)
A
A(G2,s)
s
Rest of the Talk
 Propose two new definitions


Equivalence protecting
Resemblance preserving
 Show basic implementation methodologies
 Summary/discuss
First Definition: Equivalence
Protecting
 Consistent oracle :


(x)S(x)
(x)=(y) for all x ≈P y
 A seeded algorithm A is equivalence protecting:
Random
consistent
oracle
A(· , s )
A( x2 , s)A( x1, s)
≡c
x1 x2
(x1)(x2)
x1 x2
Distinguisher 
Equivalence Protecting: Shortest
Path
 Def: An edge is relevant in G if it appears in
some shortest path from s to t
1
s
2
t
3
 Fact I: Relevance depends only on S(G)
 Fact II: There exists an algorithm Arand(G,r )
that outputs a random shortest path in G
Equivalence Protecting: Shortest
Path
Input:


A graph G
A seed s for a family {fs} of pseudorandom
functions
Output: A path in S(G)
The algorithm:
H = relevant edges of G
2. Compute r=fs(H)
3. Output: p= Arand(H,r )
1.
Other Equivalence Preserving
Algorithms
 Perfect matching in bipartite graphs
 Solution of a linear system of
equations
 Shortest path: weighted directed
graphs
Second Definition: Resemblance
Preserving
 Motivation: protect inputs with similar
solution sets
 Resemblance between instances x,y:
r(x,y) =
|S(x)S(y)|
|S(x)S(y)|
Fact: 0 ≤ r(x,y) ≤ 1
 A seeded algorithm A is resemblance
preserving if for all instances x,y:
Pr[A(x,s)=A(y,s)] ≥ r(x,y)
Tool: Min-wise Independent Permutations
[BroderCharikarFriezeMitzenmacher98]
 A family { s }sS of permutations  s : U  U is
min-wise independent if for every set A  U
and aA:
1
Pr[min( s ( A))   s (a)] 
| A|
 Observation:
Pr[min( s (S ( x)))  min( s (S ( y))]  r ( x, y).
A Generic Resemblance Preserving
Algorithm
Input:
An input x
 A seed s for a family { s }sS of min-wise
independent permutations

Output: A solution in S(x)
Algorithm:
 Output sol  S(x) such that
 s (sol)  min( s (S ( x))).
 Algorithmic challenge: Find sol efficiently.
Other Resemblance Preserving
Algorithms
 (non-) Roots of polynomials
 Solution of a linear system of
equations
 Satisfying assignment of a DNF
formula
Summary
 Presented two intuitive variants of private search
 Equivalence protecting
 Resemblance preserving
Constructed algorithms satisfying definitions
 Privacy implications of search problems are not well
understood
 Even (seemingly minimal) requirements of privacy are
hard to attain

 Different privacy requirements for different setups

Is there an order in the mess?
 A methodology for comparing/justifying definitions
BSF-DIMACS Privacy Workshop
 @DIMACS/Rutgers University
 Interdisciplinary
 February 4-7
 Organizers: B. Pinkas, K.N., and R. Wright
 (some) Funding available
 To be added to mailing list:
[email protected]
A (Seemingly) Minimal Requirement
Private search algorithm
[BCNW06]:
VC(G) = VC(G’)  A*VC(G) ≈ A*VC(G’)
A*VC should not distinguish graphs that have
the same set of solutions
A generalization of private approximation [FIMNSW01]