Differentially Private Functional Encryption
Authors: Jasmin Zalonis (University of Mannheim), Frederik Armknecht (University of Mannheim), Linda Scheu-Hachtel (University of Mannheim)
Volume: 2024
Issue: 2
Pages: 509–530
DOI: https://doi.org/10.56553/popets-2024-0061
Abstract: We address the question of realizing privacy preserving analysis of user data. The abstract scenario considered is that an analyst aims to evaluate a function f on some user data X. To achieve comprehensive privacy, it is necessary to protect the input X directly. However, it is known that f(X) may leak too much information about X as well. A common approach to mitigate such risks is to make the computation differential private. In practice, this is often accomplished by replacing f by a noisy variant f^*. We investigate the use of multi-input functional encryption (MIFE) for achieving input- and output-privacy in one cryptographic mechanism. In a MIFE scheme, a setup authority can generate restricted decryption keys which enable to learn specific functions of encrypted messages, without revealing any additional information. To achieve differential privacy in this process, we introduce as a new cryptographic primitive: noisy multi-input functional encryption (NMIFE). It extends the concept of MIFE such that the decryption key may also encode a noisy function where the noise value is secret. While the change from MIFE to NMIFE is rather straightforward, the challenge is to come up with precise and workable definitions of correctness and security definition that we propose and explain in this work. Here, the security definition is tailored to the use case of differential privacy. As it is a special case of the established notion of full-hiding security, we present a generic transformation that allows to turn any full-hiding MIFE scheme into a secure NMIFE scheme that has practically the same performance as the initial MIFE scheme. Moreover, we make use of the fact that the proposed security definition is less restrictive and present a new concrete NMIFE scheme for evaluating the inner product. It is dubbed DiffPIPE (short for DIFFerentially Private Inner Product Evaluation). DiffPIPE is not the result from the transformation and outperforms all from existing full-hiding MIFE schemes constructed NMIFE schemes. In experiments, we demonstrate its applicability for realizing privacy preserving counting queries on data sets.
Keywords: privacy preserving analysis, differential privacy, functional encryption
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.