Trust but Verify: Cryptographic Data Privacy for Mobility Management

TL;DR

This paper introduces a cryptographic protocol enabling transportation authorities to analyze mobility data for insights without compromising user privacy or revealing trade secrets, using commitments, zero-knowledge proofs, and differential privacy.

Contribution

It presents a novel cryptographic protocol combining commitments and zero-knowledge proofs for privacy-preserving mobility data analysis, including a differentially private variant for large queries.

Findings

Protocol ensures data privacy and integrity.

Verifiable for both authorities and providers.

Extensible to multiple providers with secure multi-party computation.

Abstract

The era of Big Data has brought with it a richer understanding of user behavior through massive data sets, which can help organizations optimize the quality of their services. In the context of transportation research, mobility data can provide Municipal Authorities (MA) with insights on how to operate, regulate, or improve the transportation network. Mobility data, however, may contain sensitive information about end users and trade secrets of Mobility Providers (MP). Due to this data privacy concern, MPs may be reluctant to contribute their datasets to MA. Using ideas from cryptography, we propose an interactive protocol between a MA and a MP in which MA obtains insights from mobility data without MP having to reveal its trade secrets or sensitive data of its users. This is accomplished in two steps: a commitment step, and a computation step. In the first step, Merkle commitments and aggregated traffic measurements are used to generate a cryptographic commitment. In the second step, MP extracts insights from the data and sends them to MA. Using the commitment and zero-knowledge proofs, MA can certify that the information received from MP is accurate, without needing to directly inspect the mobility data. We also present a differentially private version of the protocol that is suitable for the large query regime. The protocol is verifiable for both MA and MP in the sense that dishonesty from one party can be detected by the other. The protocol can be readily extended to the more general setting with multiple MPs via secure multi-party computation.