How Should We Solve Search Problems Privately?

Kobbi Nissim – BGU

A. Beimel, T. Malkin, and E. Weinreb

Secure Function Evaluation[Yao,GMW,BGW,…] n players with private inputs x1,…,xn

Can compute any function f() over their private inputs

No information beyond f() is leaked

SFE tells HOW to compute f()

But not What f() to compute

A Client-Server Setting

SFE reduces many of the general cases to the client-server setting

G

ClientServer

WHAT should we compute?

Server must/is willing to reveal a function f() of the data Secure function evaluation: Reveal f(), but

no other information

???

Server should preserve individual privacy Private data analysis: (rand) functions f()

satisfying differential privacy

In Between (1)

Server must/is willing to reveal a function f() of the data But… Computing f() is inefficient or intractable And, an efficient approx f*() exists

Idea: Use SFE to compute an approx f*() to f()

What Can Go Wrong? [FIMNSW01]

Server holds a graph G Client asks for size of min VC fvc(G) Approx: fvc*(G) = 2MaxMatch(G)

Hmmm...

ffVCVC 2 2

2MaxMatch2MaxMatch 2 4 G

Private Approximations [FIMNSW01]

Require: f*(G) simulatable given f(G) Hence approximation does not leak more information

than exact computation

Implied: f(G) = f(G’) f*(G) ≈ f*(G’)

Sometimes feasible: Hamming distance [FIMNSW01, IW06] Permanent [FIMNSW01]

Sometimes not feasible: fVC not privately approx within ratio n1-ε [HKKN01]

Approx feasible with a small leakage

In Between (2)

Server must/is willing to solve a search problem over the data

Idea: Use SFE to compute a solution? Or an approximate solution

What Can Go Wrong? [BCNW06]

Server holds a graph G Client asks for VC(G) Approx: A*VC(G) = MaxMatch(G)

Hmmm...

G

21

3

5

4

21

3

5

4

VCVC {2} {2} {2} {2}

A*A*VCVC {2,3} {2,1}{2,3} {2,1}

Private Algorithms [BCNW06]

R – Equivalence Relation over {0,1}* E.g. G1 ≈ G2 if VC(G1) = VC(G2)

Algorithm A is private with respect to R if:

x y

A( ) A( )≈

x y

Is Private Search Good?

Too strong: VC does not admit private search approx algs

Even with a significant relaxation [BCNW06,BHN07]

If NP not in P/poly, there is a search problem in P that has no polynomial time private algorithm [BCNW06]

Too weak: A private search algorithm may reveal all the

solutions Does not rule out simple ways of plausible

leakage

Some Possible Weaknesses

Randomized Algorithms: More solutions learned by repeated

querying Fuzziness

Deterministic Algorithms: Repeated querying ineffective Definite information learned

Can we get the best of both worlds?

Framework: Seeded Algorithms A – randomized algorithm Server fixes a seed s for all queries

Allows selecting random solutions Prevents abuse of repeated queries

G1G2

sAA(G2,s)

A(G1,s)

Rest of the Talk

Propose two new definitions Equivalence protecting Resemblance preserving

Show basic implementation methodologies

Summary/discuss

(x2)

First Definition: Equivalence Protecting Consistent oracle :

(x)S(x) (x)=(y) for all x ≈P y

A seeded algorithm A is equivalence protecting:

1( , )x sA

Distinguisher

≡c

A(· , )

x1

(x1)

x2

s

x1x2

2( , )x sA

Random consistentoracle

Equivalence Protecting: Shortest Path Def: An edge is relevant in G if it appears in

some shortest path from s to t

Fact I: Relevance depends only on S(G) Fact II: There exists an algorithm Arand(G,r )

that outputs a random shortest path in G

s 2 t

3

1

Equivalence Protecting: Shortest Path

Input: A graph G A seed s for a family {fs} of

pseudorandom functionsOutput: A path in S(G)

The algorithm:1. H = relevant edges of G2. Compute r=fs(H)

3. Output: p= Arand(H,r )

Other Equivalence Preserving Algorithms

Perfect matching in bipartite graphs

Solution of a linear system of equations

Shortest path: weighted directed graphs

Second Definition: Resemblance Preserving Motivation: protect inputs with similar

solution sets Resemblance between instances x,y:

A seeded algorithm A is resemblance preserving if for all instances x,y:

Pr[A(x,s)=A(y,s)] ≥ r(x,y)

|S(x)S(y)|

|S(x)S(y)|r(x,y) = Fact: 0 ≤ r(x,y)

≤ 1

Tool: Min-wise Independent Permutations [BroderCharikarFriezeMitzenmacher98]

A family of permutations is min-wise independent if for every set A U and aA:

Observation:

{ }s s S :s U U

1Pr[min( ( )) ( )]

| |s sA aA

Pr[min( ( ( ))) min( ( ( ))] ( , ).s sS x S y r x y

A Generic Resemblance Preserving Algorithm

Input: An input x A seed s for a family of min-wise

independent permutationsOutput: A solution in S(x)

Algorithm: Output sol S(x) such that

Algorithmic challenge: Find sol efficiently.

{ }s s S

(sol) min( ( ( ))).s s S x

Other Resemblance Preserving Algorithms (non-) Roots of polynomialsSolution of a linear system of

equationsSatisfying assignment of a DNF

formula

Summary

Presented two intuitive variants of private search Equivalence protecting Resemblance preserving

Constructed algorithms satisfying definitions Privacy implications of search problems are not well

understood Even (seemingly minimal) requirements of privacy

are hard to attain Different privacy requirements for different setups

Is there an order in the mess? A methodology for comparing/justifying definitions

BSF-DIMACS Privacy Workshop

@DIMACS/Rutgers University Interdisciplinary February 4-7 Organizers: B. Pinkas, K.N., and R.

Wright (some) Funding available

To be added to mailing list: kobbi@cs.bgu.ac.il

A (Seemingly) Minimal Requirement

Private search algorithm [BCNW06]:

VC(G) = VC(G’) A*VC(G) ≈ A*VC(G’)

A*VC should not distinguish graphs that have the same set of solutions

A generalization of private approximation [FIMNSW01]