practical privacy using homomorphic encryption â€“ a myth or reality?

Homomorphic encryptionPrivacy preserving collaborative filtering (PPCF)

On the SaaS cloudTail piece

Practical privacy using homomorphicencryption – a myth or reality?

Anirban Basu

Department of Electrical EngineeringFaculty of Engineering

Tokai University (Japan)

SecureCloud 2012May 9, 2012

Frankfurt am Main, Germany

Anirban Basu Practical privacy and homomorphic encryption 1/24

What and why?Application in recommender systems

The magic of homomorphic encryption1 Homomorphic encryption

2 Privacy preserving collaborative filtering (PPCF)Collaborative filtering (CF), brieflyPrivacy preserving Slope One

3 On the SaaS cloudGoogle App Engine feasibilityAn alternative approach

4 Tail pieceConclusions and future avenuesQuestion time!

Compute blindly?

(m1 ⊕m2)′

= m′

1 ⊗m′

m1 and m2: plaintext messages; x′: ciphertext of x ; ⊕ and ⊗:

two operations that satisfy this homomorphic relation.

Homomorphic cryptosystems

Depending on ⊕ and ⊗, we have:additive (e.g., Paillier, Damgärd-Jurik, Elliptic CurveElGamal),multiplicative (e.g., RSA, ElGamal), andfully homomorphic cryptosystems (Craig Gentry et al.).

too good to be true?or, practically feasible?

but, is this magictoo good to be true?or, practically feasible?

Recommendation through collaborative filtering

‘People who have bought this have also bought these’ –recommendation.Collaborative filtering (CF) – recommendation fromopinions of the community.What about privacy in rating based collaborative filtering?

Privacy and recommender systems

Can someone (the cloud?) compute CF for users?. . . and do so blindly?Privacy preserving collaborative filtering (PPCF) for theSoftware-as-a-Service cloud.

Collaborative filtering (CF), brieflyPrivacy preserving Slope One

Application scenario1 Homomorphic encryption

CF – a form of recommendation

User-item rating data like this1:

Canon 7D Leica M9 Nikon D7000 . . . Olympus OM-DAlice 5 4 - . . . 3Bob 3 5 2 . . . -

Carol - ? 4 . . . 3Dave 4 3 - . . . -

The objective is to find a rating for Leica M9 for Carol.CF – a well-known recommendation technique, based onthe preferences of the community.

1“-” indicates the absence of a rating.Anirban Basu Practical privacy and homomorphic encryption 8/24

CF – a form of recommendation

User-item rating data like this1:

Canon 7D Leica M9 Nikon D7000 . . . Olympus OM-DAlice 5 4 - . . . 3Bob 3 5 2 . . . -

Carol - ? 4 . . . 3Dave 4 3 - . . . -

The objective is to find a rating for Leica M9 for Carol.CF – a well-known recommendation technique, based onthe preferences of the community.

1“-” indicates the absence of a rating.Anirban Basu Practical privacy and homomorphic encryption 8/24

Slope One predictors

Based on:Lemire, D., Maclachlan, A. 2005. Slope one predictors foronline rating-based collaborative filtering. In: Society forIndustrial Mathematics.

CF predictors of the form f (x) = x + b, hence “slope one”.Simple and efficient (compared with SVD, PMCC, Cosine).

Figure: The general CF problem.

CF and Slope One

Pre-compute:Deviation matrix ∆: deviation of ratings of an item pair bythe same user; dimension: n × n.Cardinality matrix φ: number of co-existing ratings by thesame user of an item pair; dimension same as ∆.

CF and Slope One

Pre-compute:Deviation matrix ∆: deviation of ratings of an item pair bythe same user; dimension: n × n.Cardinality matrix φ: number of co-existing ratings by thesame user of an item pair; dimension same as ∆.

CF and Slope One

Figure: Slope One pre-computation creates a ‘model’ which isused for prediction.

The weighted Slope One predictor

Average deviation:

δa,b =∆a,b

φa,b=

∑i δi,a,b

φa,b=

∑i(ri,a − ri,b)

φa,b: the number of the users who have rated both items;δi,a,b = ri,a − ri,b: the deviation of the ratings of item a fromthat of item b both given by user i .The weighted Slope One predictor:

ru,x =

∑a|a 6=x (δx ,a + ru,a)φx ,a∑

a|a 6=x φx ,a=

∑a|a 6=x (∆x ,a + ru,aφx ,a)∑

a|a 6=x φx ,a

The weighted Slope One predictor

Average deviation:

δa,b =∆a,b

φa,b=

∑i δi,a,b

φa,b=

∑i(ri,a − ri,b)

φa,b: the number of the users who have rated both items;δi,a,b = ri,a − ri,b: the deviation of the ratings of item a fromthat of item b both given by user i .The weighted Slope One predictor:

ru,x =

∑a|a 6=x (δx ,a + ru,a)φx ,a∑

a|a 6=x φx ,a=

∑a|a 6=x (∆x ,a + ru,aφx ,a)∑

a|a 6=x φx ,a

Preserving privacy with Slope One CF

An additively homomorphic cryptosystem – theDamgärd-Jurik cryptosystem, defining

homomorphic addition:

E(m1 + m2) = E(m1) · E(m2)

and homomorphic multiplication:

E(m1 · π) = E(m1)π

m1 and m2 are plaintexts and π is a plaintext multiplicand.

E(m1 + m2) = E(m1) · E(m2)

E(m1 · π) = E(m1)π

E(m1 + m2) = E(m1) · E(m2)

E(m1 · π) = E(m1)π

Privacy preserving weighted Slope One predictors

The numerator of the prediction equation:∑a|a 6=x

(∆x ,a + ru,aφx ,a) = D(∏

a|a 6=x

(E(∆x ,a)(E(ru,a)φx,a)))

The final prediction:

ru,x =D(

∏a|a 6=x (E(∆x ,a)(E(ru,a)φx,a)))∑

a|a 6=x φx ,a

The numerator of the prediction equation:∑a|a 6=x

(∆x ,a + ru,aφx ,a) = D(∏

a|a 6=x

(E(∆x ,a)(E(ru,a)φx,a)))

The final prediction:

ru,x =D(

∏a|a 6=x (E(∆x ,a)(E(ru,a)φx,a)))∑

a|a 6=x φx ,a

Pre-computed: E(∆) and φ.Encrypted query result decrypted using thresholddecryption keys.Query answered by collaborating sites.Supports horizontal and vertical partitioning, using securescalar product (Vaidya and Clifton).

Some results

Hardware: 2.53GHz Intel Core 2 Duo (dual core)processor, 8GB RAM, Mac OS X 10.6.7 and 64-bit Java1.6.Implementation: Single server, single partition,MovieLens 100K dataset.

Some resultsHardware: 2.53GHz Intel Core 2 Duo (dual core)processor, 8GB RAM, Mac OS X 10.6.7 and 64-bit Java1.6.Implementation: Single server, single partition,MovieLens 100K dataset.

Key size Mean PCa Total PC Prediction512 bits 30s 2h 500ms1024 bits 90s 6h 1.5s2048 bits 270s 18h 4.5s

aPC: pre-computation

practical privacy using homomorphic encryption â€“ a myth or reality?

Documents