Computational Differential Privacy from Lattice-based Cryptography

TL;DR

This paper develops a computationally secure framework for differential privacy in distributed time-series data analysis using lattice-based cryptography, introducing a novel Skellam distribution mechanism and a post-quantum protocol.

Contribution

It introduces a new Skellam distribution-based perturbation mechanism and a post-quantum secure protocol for differential privacy in distributed settings.

Findings

Skellam distribution mechanism offers comparable privacy and accuracy to existing methods.

The proposed protocol is efficient and secure against quantum adversaries.

A new variant of the DLWE problem based on Skellam errors is shown to be hard.

Abstract

The emerging technologies for large scale data analysis raise new challenges to the security and privacy of sensitive user data. In this work we investigate the problem of private statistical analysis of time-series data in the distributed and semi-honest setting. In particular, we study some properties of Private Stream Aggregation (PSA), first introduced by Shi et al. 2017. This is a computationally secure protocol for the collection and aggregation of data in a distributed network and has a very small communication cost. In the non-adaptive query model, a secure PSA scheme can be built upon any key-homomorphic weak pseudo-random function as shown by Valovich 2017, yielding security guarantees in the standard model which is in contrast to Shi et. al. We show that every mechanism which preserves $(\epsilon,\delta)$-differential privacy in effect preserves computational $(\epsilon,\delta)$-differential privacy when it is executed through a secure PSA scheme. Furthermore, we introduce a novel perturbation mechanism based on the symmetric Skellam distribution that is suited for preserving differential privacy in the distributed setting, and find that its performances in terms of privacy and accuracy are comparable to those of previous solutions. On the other hand, we leverage its specific properties to construct a computationally efficient prospective post-quantum protocol for differentially private time-series data analysis in the distributed model. The security of this protocol is based on the hardness of a new variant of the Decisional Learning with Errors (DLWE) problem. In this variant the errors are taken from the symmetric Skellam distribution. We show that this new variant is hard based on the hardness of the standard Learning with Errors (LWE) problem where the errors are taken from the discrete Gaussian distribution. Thus, we provide a variant of the LWE problem that is hard...