collaborative filtering with privacy

Collaborative filtering with privacy

Wim VerhaeghAukje van DuijnhovenJan KorstPim Tuyls

IPA herfstdagen, 23 November 2004

Philips Research, Wim Verhaegh, IPA herfstdagen, 23 November 2004 2

Privacy issue

• Personalization is key in Ambient Intelligence– requires user profiles

• Privacy risks of services– untrusted server

– server gets hacked

– server goes bankrupt

• Perform personalization on encrypted data– collaborative filtering


Overview

• Collaborative filtering system

• Privacy requirements

• CF method– calculation scheme (formulas & example)

• Encryption basics

• Encrypted CF method

• Item-based CF

• Conclusion


Collaborative filtering system

• System to recommend new content– recommend content that ‘similar users’ like

databasewith ratings

calculatesimilarities

similarityvalues

predictmissingratings

musicplayer

user

server side user side

recommend


Security requirements

• Nobody may know users’ ratings– not even anonymously

• Nobody may know who rated what– not even anonymously

• Nobody may know who resembles who

• How to perform collaborative filtering?


Collaborative filtering methods

• Memory based– computes similarities and interpolates

• user based• item based

• Model based– first uses rating database to build a model

(e.g. extract basic rating profiles)– uses model for prediction

• Most approaches can be encrypted

users

items

xx

x

xx

x

x x

xx

xx

x

x

x

x

x

x

x

x x

x

xx

xx

x

x

x

x

xx

x

x

xx

x

x

x


Memory-based CF with user similarities

• Two steps1. determine similarities between users2. predict missing ratings

• Step 1: Pearson correlation

baba

ba

IIibbi

IIiaai

IIibbiaai

abvvvv

vvvv

s22 )()(

))((

av

iav

aI

i

ba

a

ai

a

user of rating average

item for user of rating

userby rated items set

item

users,))(( bbiaai vvvv )( aai vv

ba IIibbiaai vvvv ))((


Step 2: prediction

• E.g. weighted deviations from the average– similarities are weights

i

i

Ubab

Ubbbiab

aai s

vvs

vp

)(

iU i item rated have that users set


Example

• Tea and coffee flavors– 4 users– 9 items (flavors)

T1 T2 T3 C1 C2 C3 C4 C5 C6

Wim 2 1 1 4 4 3 4 3

Jan 1 1 5 5 4 4 3

Pim 4 5 5 2 3 3 2

Aukje 5 4 1 3 2 2


Example

• Subtract averages

flavor T1 T2 T3 C1 C2 C3 C4 C5 C6

Wim -0.8 -1.8 -1.8 1.2 1.2 0.2 1.2 0.2

Jan -2.3 -2.3 1.7 1.7 0.7 0.7 -0.3

Pim 0.6 1.6 1.6 -1.4 -0.4 -0.4 -1.4

Aukje 2.2 1.2 -1.8 0.2 -0.8 -0.8

T1 T2 T3 C1 C2 C3 C4 C5 C6

Wim -0.8 -1.8 -1.8 1.2 1.2 0.2 1.2 0.2

Jan -2.3 -2.3 1.7 1.7 0.7 0.7 -0.3

Pim 0.6 1.6 1.6 -1.4 -0.4 -0.4 -1.4

Aukje 2.2 1.2 -1.8 0.2 -0.8 -0.8

• Compute similarities, e.g.

83.0)0.22.00.26.24.0)(6.06.02.34.18.4(

)8.0()4.1()8.0()4.0()8.1()4.1(2.16.12.26.0


Example

• Use similarities to predict missing ratingssimilarity Wim Jan Pim Aukje T3

Wim 1 0.78 -0.96 -0.85 -1.8

Jan 0.78 1 -0.74 -0.77 -2.3

Pim -0.96 -0.74 1 0.83 1.6

Aukje -0.85 -0.77 0.83 1

• Prediction for Aukje, tea T3

7.483.077.085.0

6.183.0)3.2()77.0()8.1()85.0(8.2


Public key encryption scheme: Paillier

• Generate keys– choose large random primes p, q (private)– calculate n = pq and a ‘generator’ g (public)

• Encrypt message m by

with r random• Homomorphism properties

2mod)( nrgm nm

)()()(

)()()()(

211

2121212212

21

mmrgm

mmrrgmmnmmmm

nmm

)(mod 2n


Encrypted inner product

• User a: • User b:• User a encrypts vector and sends to b

• User b computes

and sends back to a• User a decrypts it to get inner product

),,( 1 kaa a

),,( 1 kbb b

))(,),(()( 1 kaa a

)()( )( )(111

ba

k

iii

k

iii

k

i

bi babaa i

ba


Encrypted CF: correlation step

• Rewrite correlation as three inner products

where

• Zeros to avoid contributions from in sums

))(()()(

))((

2222baab

ba

IIibbi

IIiaai

IIibbiaai

ab

baba

ba

vvvv

vvvv

swrwr

ww

otherwise0

userby rated is item if1otherwise0

userby rated is item if

air

aivvw

ai

aaiai

ba IIi


Encrypted CF: correlation step

• Protocol

• Active user knows correlation values, but not to whom

• Server knows between whom, but not the correlation values

)(),(),( 2aaa rww

active user server other users

)(),(),( 22baabba wrwrww

))(( 22baab

ba

wrwr

ww

copy


Encrypted CF: prediction step

• Rewrite

• Protocol

– each user b adds random factor

Ubbiab

Ubbiab

a

Ubab

Ubbbiab

a rs

wsv

s

vvs

v

i

i

)(

)(),( aa ss

active user server other users

)()(

biab

biabrsws

)(

)(

Ubbiab

Ubbiab

rs

ws

Ubbiab

Ubbiab

a rs

wsv

split )(),( abab ss


Memory-based CF with item similarities

• Similarities computed between items– compare rows in the matrix– similar formulas

users

items

xx

x

xx

x

x x

xx

xx

x

x

x

x

x

x

x

x x

x

xx

xx

x

x

x

x

xx

x

x

xx

x

x

x


Memory-based CF with item similarities

• Similarities

• Predictions

jiji

ji

UUaaaj

UUaaai

UUaaajaai

ijvvvv

vvvv

s22 )()(

))((

a

a

Ijij

Ijaajij

iais

vvs

vp

)(


Threshold Paillier

• Calculation of sums: use threshold encryption– key is shared among k users– decryption needs > t shares

server users

)( ax

)()(

Uaa

Uaa xx

))((' Ua

axUa

ax> t


Encrypted item-correlation step

• Rewrite correlation

• Protocol

Uaaj

Uaai

Uaajai

UUaaaj

UUaaai

UUaaajaai

ijww

ww

vvvv

vvvv

s

jiji

ji

2222 )()(

))((

server users

)(),(),( 22ajaiajai wwww

)(),(),( 22aj

Uaajai

Uaaj

Uaajai wwwwww

))(('

)),(('

)),(('

2

2

ajUa

aj

aiUa

aj

Uaajai

ww

ww

ww

22 ,, ajUa

ajaiUa

ajUa

ajai wwwwww

> t


Encrypted item-based prediction

• Rewrite prediction formula– item average: two sums

– prediction: four inner products (server & user a)

– protocols as before

Ijijaj

Ijaajij

Ijajij

Ijijaji

Ijij

Ijaajij

iaisr

vrsvssrv

s

vvs

vp

a

a

)(

Uaai

Uaai

i r

v

v


Conclusion

• Collaborative filtering can be encrypted– various correlation and prediction formulas

– various CF approaches

• More computations to be done at users’ sites– encryption and decryption

– users have to be online

• Future work– protection against more complicated attacks

– peer-to-peer solution