Synthesis with Privacy Against an Observer

TL;DR

This paper investigates the automatic synthesis of systems that preserve privacy against observers, balancing secret hiding costs and constraints, and analyzes the complexity and variants of the privacy-preserving synthesis problem.

Contribution

It introduces a formal framework for privacy-aware synthesis with cost and budget constraints, and analyzes the complexity, including polynomial-time cases and exponential blow-ups.

Findings

The synthesis problem is 2EXPTIME-complete for LTL specifications.

Hiding secrets and choosing signals increase complexity exponentially.

Bounded synthesis and observer knowledge variants are studied.

Abstract

We study automatic synthesis of systems that interact with their environment and maintain privacy against an observer to the interaction. The system and the environment interact via sets $I$ and $O$ of input and output signals. The input to the synthesis problem contains, in addition to a specification, also a list of secrets, a function $cost: I\cup O\rightarrow\mathbb{N}$, which maps each signal to the cost of hiding it, and a bound $b\in\mathbb{N}$ on the budget that the system may use for hiding of signals. The desired output is an $(I/O)$-transducer $T$ and a set $H\subseteq I\cup O$ of signals that respects the bound on the budget, thus $\sum_{s\in H} cost(s)\leq b$, such that for every possible interaction of $T$, the generated computation satisfies the specification, yet an observer, from whom the signals in $H$ are hidden, cannot evaluate the secrets. We first show that the problem's complexity is 2EXPTIME-complete for specifications and secrets in LTL, making it no harder than synthesis without privacy requirements. We then analyze the complexity further, isolating the two aspects that do not exist in traditional synthesis: the need to hide secret values and the need to choose the set $H$. We do this by studying settings in which traditional synthesis is solvable in polynomial time -- when the specification formalism is deterministic automata and when the system is closed -- and show that each of these aspects adds an exponential blow-up in complexity. We continue and study bounded synthesis with privacy, where the input includes a bound on the synthesized transducer size, as well as a variant of the problem in which the observer has knowledge, either about the specification or about the system, which can be helpful in evaluating the secrets. Additionally, we study certified privacy, where the synthesis algorithm provides certification that the secrets remain hidden.