Reo Eriguchi, Atsunori Ichikawa, N. Kunihiro, K. Nuida
{"title":"差分私有多方计算的高效噪声生成协议","authors":"Reo Eriguchi, Atsunori Ichikawa, N. Kunihiro, K. Nuida","doi":"10.1109/tdsc.2022.3227568","DOIUrl":null,"url":null,"abstract":"To bound information leakage in outputs of protocols, it is important to construct secure multiparty computation protocols which output differentially private values perturbed by the addition of noise. However, previous noise generation protocols have round and communication complexity growing with differential privacy budgets, or require parties to locally generate non-uniform noise, which makes it difficult to guarantee differential privacy against active adversaries. We propose three kinds of protocols for generating noise drawn from certain distributions providing differential privacy. The two of them generate noise from finite-range variants of the discrete Laplace distribution. For <inline-formula><tex-math notation=\"LaTeX\">$(\\epsilon,\\delta )$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"eriguchi-ieq1-3227568.gif\"/></alternatives></inline-formula>-differential privacy, they only need constant numbers of rounds independent of <inline-formula><tex-math notation=\"LaTeX\">$\\epsilon,\\delta$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi></mml:mrow></mml:math><inline-graphic xlink:href=\"eriguchi-ieq2-3227568.gif\"/></alternatives></inline-formula> while the previous protocol needs the number of rounds depending on <inline-formula><tex-math notation=\"LaTeX\">$\\delta$</tex-math><alternatives><mml:math><mml:mi>δ</mml:mi></mml:math><inline-graphic xlink:href=\"eriguchi-ieq3-3227568.gif\"/></alternatives></inline-formula>. The two protocols are incomparable as they make a trade-off between round and communication complexity. Our third protocol non-interactively generate shares of noise from the binomial distribution by predistributing keys for a pseudorandom function. It achieves communication complexity independent of <inline-formula><tex-math notation=\"LaTeX\">$\\epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\"eriguchi-ieq4-3227568.gif\"/></alternatives></inline-formula> or <inline-formula><tex-math notation=\"LaTeX\">$\\delta$</tex-math><alternatives><mml:math><mml:mi>δ</mml:mi></mml:math><inline-graphic xlink:href=\"eriguchi-ieq5-3227568.gif\"/></alternatives></inline-formula> for the computational analogue of <inline-formula><tex-math notation=\"LaTeX\">$(\\epsilon,\\delta )$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"eriguchi-ieq6-3227568.gif\"/></alternatives></inline-formula>-differential privacy while the previous protocols require communication complexity depending on <inline-formula><tex-math notation=\"LaTeX\">$\\epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\"eriguchi-ieq7-3227568.gif\"/></alternatives></inline-formula>. We also prove that our protocols can be extended so that they provide differential privacy in the active setting.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"5 1","pages":"4486-4501"},"PeriodicalIF":0.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Efficient Noise Generation Protocols for Differentially Private Multiparty Computation\",\"authors\":\"Reo Eriguchi, Atsunori Ichikawa, N. Kunihiro, K. Nuida\",\"doi\":\"10.1109/tdsc.2022.3227568\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To bound information leakage in outputs of protocols, it is important to construct secure multiparty computation protocols which output differentially private values perturbed by the addition of noise. However, previous noise generation protocols have round and communication complexity growing with differential privacy budgets, or require parties to locally generate non-uniform noise, which makes it difficult to guarantee differential privacy against active adversaries. We propose three kinds of protocols for generating noise drawn from certain distributions providing differential privacy. The two of them generate noise from finite-range variants of the discrete Laplace distribution. For <inline-formula><tex-math notation=\\\"LaTeX\\\">$(\\\\epsilon,\\\\delta )$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\\\"eriguchi-ieq1-3227568.gif\\\"/></alternatives></inline-formula>-differential privacy, they only need constant numbers of rounds independent of <inline-formula><tex-math notation=\\\"LaTeX\\\">$\\\\epsilon,\\\\delta$</tex-math><alternatives><mml:math><mml:mrow><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi></mml:mrow></mml:math><inline-graphic xlink:href=\\\"eriguchi-ieq2-3227568.gif\\\"/></alternatives></inline-formula> while the previous protocol needs the number of rounds depending on <inline-formula><tex-math notation=\\\"LaTeX\\\">$\\\\delta$</tex-math><alternatives><mml:math><mml:mi>δ</mml:mi></mml:math><inline-graphic xlink:href=\\\"eriguchi-ieq3-3227568.gif\\\"/></alternatives></inline-formula>. The two protocols are incomparable as they make a trade-off between round and communication complexity. Our third protocol non-interactively generate shares of noise from the binomial distribution by predistributing keys for a pseudorandom function. It achieves communication complexity independent of <inline-formula><tex-math notation=\\\"LaTeX\\\">$\\\\epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\\\"eriguchi-ieq4-3227568.gif\\\"/></alternatives></inline-formula> or <inline-formula><tex-math notation=\\\"LaTeX\\\">$\\\\delta$</tex-math><alternatives><mml:math><mml:mi>δ</mml:mi></mml:math><inline-graphic xlink:href=\\\"eriguchi-ieq5-3227568.gif\\\"/></alternatives></inline-formula> for the computational analogue of <inline-formula><tex-math notation=\\\"LaTeX\\\">$(\\\\epsilon,\\\\delta )$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>(</mml:mo><mml:mi>ε</mml:mi><mml:mo>,</mml:mo><mml:mi>δ</mml:mi><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\\\"eriguchi-ieq6-3227568.gif\\\"/></alternatives></inline-formula>-differential privacy while the previous protocols require communication complexity depending on <inline-formula><tex-math notation=\\\"LaTeX\\\">$\\\\epsilon$</tex-math><alternatives><mml:math><mml:mi>ε</mml:mi></mml:math><inline-graphic xlink:href=\\\"eriguchi-ieq7-3227568.gif\\\"/></alternatives></inline-formula>. We also prove that our protocols can be extended so that they provide differential privacy in the active setting.\",\"PeriodicalId\":13158,\"journal\":{\"name\":\"IACR Cryptol. ePrint Arch.\",\"volume\":\"5 1\",\"pages\":\"4486-4501\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Cryptol. ePrint Arch.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/tdsc.2022.3227568\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Cryptol. ePrint Arch.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/tdsc.2022.3227568","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Efficient Noise Generation Protocols for Differentially Private Multiparty Computation
To bound information leakage in outputs of protocols, it is important to construct secure multiparty computation protocols which output differentially private values perturbed by the addition of noise. However, previous noise generation protocols have round and communication complexity growing with differential privacy budgets, or require parties to locally generate non-uniform noise, which makes it difficult to guarantee differential privacy against active adversaries. We propose three kinds of protocols for generating noise drawn from certain distributions providing differential privacy. The two of them generate noise from finite-range variants of the discrete Laplace distribution. For $(\epsilon,\delta )$(ε,δ)-differential privacy, they only need constant numbers of rounds independent of $\epsilon,\delta$ε,δ while the previous protocol needs the number of rounds depending on $\delta$δ. The two protocols are incomparable as they make a trade-off between round and communication complexity. Our third protocol non-interactively generate shares of noise from the binomial distribution by predistributing keys for a pseudorandom function. It achieves communication complexity independent of $\epsilon$ε or $\delta$δ for the computational analogue of $(\epsilon,\delta )$(ε,δ)-differential privacy while the previous protocols require communication complexity depending on $\epsilon$ε. We also prove that our protocols can be extended so that they provide differential privacy in the active setting.