On Insecure Uses of BGN for Privacy Preserving Data Aggregation Protocols
From MaRDI portal
Publication:6044490
DOI10.3233/FI-222143arXiv2208.11304OpenAlexW4327747203MaRDI QIDQ6044490FDOQ6044490
Authors: Hyang-Sook Lee, Seongan Lim, Ikkwon Yie, Aaram Yun
Publication date: 19 May 2023
Published in: Fundamenta Informaticae (Search for Journal in Brave)
Abstract: The notion of aggregator oblivious (AO) security for privacy preserving data aggregation was formalized with a specific construction of AO-secure blinding technique over a cyclic group by Shi et al. Some of proposals of data aggregation protocols use the blinding technique of Shi et al. for BGN cryptosystem, an additive homomorphic encryption. Previously, there have been some security analysis on some of BGN based data aggregation protocols in the context of integrity or authenticity of data. Even with such security analysis, the BGN cryptosystem has been a popular building block of privacy preserving data aggregation protocol. In this paper, we study the privacy issues in the blinding technique of Shi et al. used for BGN cryptosystem. We show that the blinding techniques for the BGN cryptosystem used in several protocols are not privacy preserving against the recipient, the decryptor. Our analysis is based on the fact that the BGN cryptosystem uses a pairing e:GxG-->G_T and the existence of the pairing makes the DDH problem on G easy to solve. We also suggest how to prevent such privacy leakage in the blinding technique of Shi et al. used for BGN cryptosystem.
Full work available at URL: https://arxiv.org/abs/2208.11304
Recommendations
- Private data aggregation over selected subsets of users
- Private over-threshold aggregation protocols
- Privacy-preserving aggregation of time-series data with public verifiability from simple assumptions
- A scalable scheme for privacy-preserving aggregation of time-series data
- Privacy-preserving data aggregation with probabilistic range validation
This page was built for publication: On Insecure Uses of BGN for Privacy Preserving Data Aggregation Protocols
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q6044490)