Privacy-preserving Data Mining
|
|
- Barbra Manning
- 5 years ago
- Views:
Transcription
1 Privacy-preserving Data Mining What is [data] privacy? Privacy and Data Mining Privacy-preserving Data mining: main approaches Anonymization Obfuscation Cryptographic hiding Challenges Definition of privacy Mining mobile data Mining medical data Privacy Freedom to be left alone ability to control who knows what about us [Westin; Moor] [=database views] Jeopardized with the Internet greased data Moral obligation for the community to find solutions
2 Privacy and data mining Individual Privacy Nobody should know more about any entity after the data mining than they did before Approaches: Data Obfuscation, Value swapping Organization Privacy Protect knowledge about a collection of entities Individual entity values are not disclosed to all parties The results alone need not violate privacy Contain no individually identifiable values Reflect overall results, not individual organizations The problem is computing the results without access to the data! 3 Basic ideas Camouflage Hiding obfuscation k-anonymity and cryptographic approaches 4
3 Why naïve anonymization does not work The [Sweeney 0] experiment purchased the voter registration list for Cambridge, MA 54,805 people 69% unique on postal code and birth date; 87% US-wide with all three Also, we do not know with what other data sources we may do oins in the future Solution: k-anonymization 5 Randomization Approach Overview Alice s age 30 70K K Add random number to Age 30 becomes 65 (30+35) Randomizer Reconstruct Distribution of Age Randomizer 65 0K K Reconstruct Distribution of Salary... Classification Algorithm Model 6 3
4 Reconstruction Problem Original values x, x,..., x n from probability distribution X (unknown) To hide these values, we use y, y,..., y n from probability distribution Y Given x +y, x +y,..., x n +y n the probability distribution of Y Estimate the probability distribution of X. 7 Intuition (Reconstruct single point) Use Bayes' rule for density functions 0 V 90 Age Original distribution for Age Probabilistic estimate of original value of V 8 4
5 Intuition (Reconstruct single point) Use Bayes' rule for density functions 0 V 90 Age Original Distribution for Age Probabilistic estimate of original value of V 9 Works well 00 Number of People Original Randomized Reconstructed Age 0 5
6 Recap: Why is privacy preserved? Cannot reconstruct individual values accurately. Can only reconstruct distributions. Naïve Bayes Classification Assumes independence between attributes. Decision Tree Correlations are weakened by randomization, not destroyed. 6
7 Decision Tree Example Age Salary Repeat Visitor? 3 50K Repeat 7 30K Repeat 43 40K Repeat 68 50K Single 3 70K Single 0 0K Repeat Yes Repeat Age < 5 Repeat Yes No Salary < 50K No Single 3 Decision Tree Experiments 00 00% Randomization Level 90 Accuracy Original Randomized Reconstructed Fn Fn Fn 3 Fn 4 Fn 5 4 7
8 Privacy Metric If, from perturbed data, the original value x can be estimated to lie between [x, x ] with c% confidence, then the privacy at c% confidence level is related to x - x Discretization Uniform Gaussian Issues 50% 0.5 x W 0.5 x α.34 x σ Confidence 95% 0.95 x W 0.95 x α 3.9 x σ 99.9% x W x α 6.8 x σ Example Salary 0K - 50K 95% Confidence 50% Privacy in Uniform α = 0.5*30K / 0.95 = 68K For very high privacy, discretization will lead to a poor model Gaussian provides more privacy at higher confidence levels 5 Association Rule Mining Algorithm [Agrawal et al. 993] L. = large -itemsets. for ( k = ; Lk φ; k + + ) do begin 3. C ( ) k = apriori gen Lk 4. for all candidates c C k do begin 5. compute c.count 6. end 7. Lk = { c Ck c. count min sup} 8. end 9. Return L = k L k c.count is the frequency count for a given itemset. Key issue: to compute the frequency count, we needs to access attributes that belong to different parties. 6 8
9 An Example c.count is the vector product. Let s use A to denote Alice s attribute vector and B to denote Bob s attribute vector. AB is a candidate frequent itemset, then c.count = A B = 3. How to conduct this computation across parties without compromising each party s data privacy? Alice 0 A Bob 0 B 7 Homomorphic Encryption [Paillier 999] Privacy-preserving protocols are based on Homomorphic Encryption. Specifically, we use the following additive homomorphism property: e ( m ) e( m) e( mn ) = e( m + m + + m n ) Where e is an encryption function and m i is the data to be encrypted and e( ) 0. m i 8 9
10 Digital Envelope [Chaum85] A digital envelope is a random number (a set of random numbers) only known by the owner of private data. V V + R VV 9 The Obective Privacy Correctness Efficiency Solution Homomorphic Encryption Digital Envelope 0 0
11 Frequency Count Protocol Assume Alice s attribute vector is A and Bob s attribute vector is B. Each vector contains N elements. A i : the ith element of A. B i : the ith element of B. One of parties is randomly chosen as a key generator, e.g, Alice, who generates (e, d) and an integer X > N. e and X will be shared with Bob. Let s use e(.) to denote encryption and d(.) to denote decryption. Alice A R X + A R X + AN + R N X Digital envelopes R R,, R N A set of random integers generated by Alice
12 Alice A R X + + AN + RN X A R X e A + R ) e A + R ) e( AN + RN X ) ( X ( X 3 Alice e ( A + R X ) e A + R ) e( A + R X ) ( X N N Bob 4
13 Bob W ( B = e A + R X ) W ( B = e A + R X ) W = e( A + R X) B N N N N B B i i = 0 W = W i i = 0 = e( A i + R X ) B i i = e( A i + R X ) i 5 Bob multiplies all the W i s for those B i s that are not equal to 0. In other words, Bob computes the multiplication of all non-zero W i s, e.g., W where 0. W i = Wi W = W W W 6 3
14 4 7 W W W W = ] ) ( [ ] ) ( [ ] ) ( [ B X R A e B X R A e B X R A e = 8 W W W W = ] ) ( [ ] ) ( [ ] ) ( [ = X R A e X R A e X R A e
15 W = W W W = e( A + R X ) e( A + R X ) e( A + R X ) According to the property of homomorphic encryption = e( A + A + + A + ( R + R + + R ) X ) 9 Bob generates an integer R'. Bob then computes W ' = W e( R' X ) According to the property of homomorphic encryption = e( A + A + + A + ( R + R + + R + R') X ) Alice 30 5
16 The Final Step Alice decrypts W' and computes modulo X. c. count = d( e( A + A + + A + ( R + R + + R + R') ( A + A (( R + R + + A ) N < X + + R + R') X)modX = 0 X )) mod X She then obtains A for those A for which + A + + A corresponding B are 0, which is = c.count 3 Privacy Analysis Goal: Bob never sees Alice s data values. All the information that Bob obtains from Alice is e( A + R X ), e( A + R X ),, e( AN + RN X ). Since Bob doesn t know the decryption key d, he cannot get Alice s original data values. 3 6
17 Privacy Analysis Goal: Alice never sees Bob s data values. The information that Alice obtains from Bob is W = e( A + A + + A + ( R + R + + R + R' ) ) for those =. ' X Alice computes d( W ') mod X. She only obtains the frequency count and cannot know Bob s original data values. B i 33 Complexity Analysis Linear in the number of transactions The total number elements in each attribute vector α( N +) where N is the total number transactions and α is the number of bits for each encrypted element. 34 7
18 Complexity Analysis Linear in the number of transactions The computational cost is (0N g) where N is the total number transactions and g is the computational cost for generating a key pair. 35 Other Privacy-Oriented Protocols Multi-Party Frequency Count Protocol [Zhan et al. 005 (a)] Multi-Party Summation Protocol [Zhan et al. 005 (f)] Multi-Party Comparison Protocol [Zhan et al. 006 (a)] Multi-Party Sorting Protocol [Zhan et al. 006 (a)] 36 8
19 What about the results of DM? Can DM results reveal personal information? In some cases, yes [Atzori et al. 05]: Suppose an association rule is found: a a a a [sup = 80, conf = 98.7%] 3 4 This means then sup({ a, a, a, a }) = sup({ a, a, a3, a4}) 0.8 sup({ a, a, a 3}) = = = therefore a a a3 a4 identifies one person!! has support=, and 37 They propose an approach called k-anonymous patterns and an algorithm (inference channels) which detects violations of k-anonymity The algorithm is expensive computationally We have a new approach which embeds k- anonimity into the concept lattice association rule algorithm [Zaki, Ogihara 98] 38 9
20 Conclusion Important problem, challenge for the field Lots of creative work, but lack of systematic approach Lack of an operational, agreed upon definition of privacy: inspiration in economics? 39 0
Privacy and Data Mining: New Developments and Challenges. Plan
Privacy and Data Mining: New Developments and Challenges Stan Matwin School of Information Technology and Engineering Universit[é y] [d of]ottawa, Canada stan@site.uottawa.ca Plan Why privacy?? Classification
More informationData Mining. Dr. Raed Ibraheem Hamed. University of Human Development, College of Science and Technology Department of Computer Science
Data Mining Dr. Raed Ibraheem Hamed University of Human Development, College of Science and Technology Department of Computer Science 2016 2017 Road map The Apriori algorithm Step 1: Mining all frequent
More informationCryptographical Security in the Quantum Random Oracle Model
Cryptographical Security in the Quantum Random Oracle Model Center for Advanced Security Research Darmstadt (CASED) - TU Darmstadt, Germany June, 21st, 2012 This work is licensed under a Creative Commons
More informationAn Overview of Homomorphic Encryption
An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester Institute of Technology Rochester, NY 14623 May 9, 2011 Alexander Lange (RIT) Homomorphic Encryption May 9,
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationStatistical Privacy For Privacy Preserving Information Sharing
Statistical Privacy For Privacy Preserving Information Sharing Johannes Gehrke Cornell University http://www.cs.cornell.edu/johannes Joint work with: Alexandre Evfimievski, Ramakrishnan Srikant, Rakesh
More informationQuantifying Privacy for Privacy Preserving Data Mining
Quantifying Privacy for Privacy Preserving Data Mining Justin Zhan Carnegie Mellon University justinzh@rew.cmu.edu Abstract Data privacy is an important issue in data mining. How to protect respondents
More informationk-nearest Neighbor Classification over Semantically Secure Encry
k-nearest Neighbor Classification over Semantically Secure Encrypted Relational Data Reporter:Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU May 9, 2014 1 2 3 4 5 Outline 1. Samanthula B K, Elmehdwi
More informationCSE-4412(M) Midterm. There are five major questions, each worth 10 points, for a total of 50 points. Points for each sub-question are as indicated.
22 February 2007 CSE-4412(M) Midterm p. 1 of 12 CSE-4412(M) Midterm Sur / Last Name: Given / First Name: Student ID: Instructor: Parke Godfrey Exam Duration: 75 minutes Term: Winter 2007 Answer the following
More informationPRIVACY PRESERVING DISTANCE COMPUTATION USING SOMEWHAT-TRUSTED THIRD PARTIES. Abelino Jimenez and Bhiksha Raj
PRIVACY PRESERVING DISTANCE COPUTATION USING SOEWHAT-TRUSTED THIRD PARTIES Abelino Jimenez and Bhisha Raj Carnegie ellon University, Pittsburgh, PA, USA {abjimenez,bhisha}@cmu.edu ABSTRACT A critically
More informationOverview of the Talk. Secret Sharing. Secret Sharing Made Short Hugo Krawczyk Perfect Secrecy
Overview of the Talk Secret Sharing CS395T Design and Implementation of Trusted Services Ankur Gupta Hugo Krawczyk. Secret Sharing Made Short, 1993. Josh Cohen Benaloh. Secret Sharing Homomorphisms: Keeping
More informationHomomorphic Encryption. Liam Morris
Homomorphic Encryption Liam Morris Topics What Is Homomorphic Encryption? Partially Homomorphic Cryptosystems Fully Homomorphic Cryptosystems Benefits of Homomorphism Drawbacks of Homomorphism What Is
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationEfficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply
CIS 2018 Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply Claudio Orlandi, Aarhus University Circuit Evaluation 3) Multiplication? How to compute [z]=[xy]? Alice, Bob
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationPrivacy-Preserving Data Imputation
Privacy-Preserving Data Imputation Geetha Jagannathan Stevens Institute of Technology Hoboken, NJ, 07030, USA gjaganna@cs.stevens.edu Rebecca N. Wright Stevens Institute of Technology Hoboken, NJ, 07030,
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2018 Secret Sharing Vault should only open if both Alice and Bob are present Vault should only open if Alice, Bob, and Charlie are
More informationSolutions to the Mathematics Masters Examination
Solutions to the Mathematics Masters Examination OPTION 4 Spring 2007 COMPUTER SCIENCE 2 5 PM NOTE: Any student whose answers require clarification may be required to submit to an oral examination. Each
More informationMulti-Party Privacy-Preserving Decision Trees for Arbitrarily Partitioned Data
INTERNATIONAL JOURNAL OF INTELLIGENT CONTROL AND SYSTEMS VOL. 12, NO. 4, DECEMBER 2007, 351-358 Multi-Party Privacy-Preserving Decision Trees for Arbitrarily Partitioned Data Shuguo HAN, and Wee Keong
More informationMachine Learning Classification over Encrypted Data. Raphael Bost, Raluca Ada Popa, Stephen Tu, Shafi Goldwasser
Machine Learning Classification over Encrypted Data Raphael Bost, Raluca Ada Popa, Stephen Tu, Shafi Goldwasser Classification (Machine Learning) Supervised learning (training) Classification data set
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationBenny Pinkas Bar Ilan University
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar Ilan University 1 Extending OT [IKNP] Is fully simulatable Depends on a non-standard security assumption
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationMathematics of Public Key Cryptography
Mathematics of Public Key Cryptography Eric Baxter April 12, 2014 Overview Brief review of public-key cryptography Mathematics behind public-key cryptography algorithms What is Public-Key Cryptography?
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More information5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes
5th March 2004 Unconditional Security of Quantum Key Distribution With Practical Devices Hermen Jan Hupkes The setting Alice wants to send a message to Bob. Channel is dangerous and vulnerable to attack.
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationRandom Multiplication based Data Perturbation for Privacy Preserving Distributed Data Mining - 1
Random Multiplication based Data Perturbation for Privacy Preserving Distributed Data Mining - 1 Prof. Ja-Ling Wu Dept. CSIE & GINM National Taiwan University Data and User privacy calls for well designed
More information1 Frequent Pattern Mining
Decision Support Systems MEIC - Alameda 2010/2011 Homework #5 Due date: 31.Oct.2011 1 Frequent Pattern Mining 1. The Apriori algorithm uses prior knowledge about subset support properties. In particular,
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More information732A61/TDDD41 Data Mining - Clustering and Association Analysis
732A61/TDDD41 Data Mining - Clustering and Association Analysis Lecture 6: Association Analysis I Jose M. Peña IDA, Linköping University, Sweden 1/14 Outline Content Association Rules Frequent Itemsets
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationSharing a Secret in Plain Sight. Gregory Quenell
Sharing a Secret in Plain Sight Gregory Quenell 1 The Setting: Alice and Bob want to have a private conversation using email or texting. Alice Bob 2 The Setting: Alice and Bob want to have a private conversation
More informationDavid Chaum s Voter Verification using Encrypted Paper Receipts
David Chaum s Voter Verification using Encrypted Paper Receipts Poorvi Vora In this document, we provide an exposition of David Chaum s voter verification method [1] that uses encrypted paper receipts.
More informationCryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1
Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption
More informationPrivacy-preserving cooperative statistical analysis
Syracuse University SURFACE Electrical Engineering and Computer Science College of Engineering and Computer Science 2001 Privacy-preserving cooperative statistical analysis Wenliang Du Syracuse University,
More informationl-diversity: Privacy Beyond k-anonymity
l-diversity: Privacy Beyond k-anonymity Ashwin Machanavajjhala Johannes Gehrke Daniel Kifer Muthuramakrishnan Venkitasubramaniam Department of Computer Science, Cornell University {mvnak, johannes, dkifer,
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationIntroduction to Cryptography Lecture 13
Introduction to Cryptography Lecture 13 Benny Pinkas June 5, 2011 Introduction to Cryptography, Benny Pinkas page 1 Electronic cash June 5, 2011 Introduction to Cryptography, Benny Pinkas page 2 Simple
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationOutline. Fast Algorithms for Mining Association Rules. Applications of Data Mining. Data Mining. Association Rule. Discussion
Outline Fast Algorithms for Mining Association Rules Rakesh Agrawal Ramakrishnan Srikant Introduction Algorithm Apriori Algorithm AprioriTid Comparison of Algorithms Conclusion Presenter: Dan Li Discussion:
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationLecture Notes 15 : Voting, Homomorphic Encryption
6.857 Computer and Network Security October 29, 2002 Lecture Notes 15 : Voting, Homomorphic Encryption Lecturer: Ron Rivest Scribe: Ledlie/Ortiz/Paskalev/Zhao 1 Introduction The big picture and where we
More informationAlgorithms for Classification: The Basic Methods
Algorithms for Classification: The Basic Methods Outline Simplicity first: 1R Naïve Bayes 2 Classification Task: Given a set of pre-classified examples, build a model or classifier to classify new cases.
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationMarch 19: Zero-Knowledge (cont.) and Signatures
March 19: Zero-Knowledge (cont.) and Signatures March 26, 2013 1 Zero-Knowledge (review) 1.1 Review Alice has y, g, p and claims to know x such that y = g x mod p. Alice proves knowledge of x to Bob w/o
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationProgress in Data Anonymization: from k-anonymity to the minimality attack
Progress in Data Anonymization: from k-anonymity to the minimality attack Graham Cormode graham@research.att.com Tiancheng Li, Ninghua Li, Divesh Srivastava 1 Why Anonymize? For Data Sharing Give real(istic)
More informationSecure Vickrey Auctions without Threshold Trust
Secure Vickrey Auctions without Threshold Trust Helger Lipmaa Helsinki University of Technology, {helger}@tcs.hut.fi N. Asokan, Valtteri Niemi Nokia Research Center, {n.asokan,valtteri.niemi}@nokia.com
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationEvaluating 2-DNF Formulas on Ciphertexts
Evaluating 2-DNF Formulas on Ciphertexts Dan Boneh, Eu-Jin Goh, and Kobbi Nissim Theory of Cryptography Conference 2005 Homomorphic Encryption Enc. scheme is homomorphic to function f if from E[A], E[B],
More informationThe RSA public encryption scheme: How I learned to stop worrying and love buying stuff online
The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online Anthony Várilly-Alvarado Rice University Mathematics Leadership Institute, June 2010 Our Goal Today I will
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationAssociation Rule. Lecturer: Dr. Bo Yuan. LOGO
Association Rule Lecturer: Dr. Bo Yuan LOGO E-mail: yuanb@sz.tsinghua.edu.cn Overview Frequent Itemsets Association Rules Sequential Patterns 2 A Real Example 3 Market-Based Problems Finding associations
More information18.310A Final exam practice questions
18.310A Final exam practice questions This is a collection of practice questions, gathered randomly from previous exams and quizzes. They may not be representative of what will be on the final. In particular,
More informationHow to Shuffle in Public
How to Shuffle in Public Ben Adida Harvard (work done at MIT) Douglas Wikström ETH Zürich TCC 27 February 24th, 27 How to Shuffle in Public Ben Adida Harvard (work done at MIT) Douglas Wikström ETH Zürich
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationCarmen s Core Concepts (Math 135)
Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat
More informationThis article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and
This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research and education use, including for instruction at the authors institution
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationand Other Fun Stuff James L. Massey
Lectures in Cryptology 10-14 October 2005 School of Engineering and Science International University Bremen Lecture 3: Public-Key Cryptography and Other Fun Stuff James L. Massey [Prof.-em. ETH Zürich,
More informationThreshold Cryptography
Threshold Cryptography Cloud Security Mechanisms Björn Groneberg - Summer Term 2013 09.07.2013 Threshold Cryptography 1 ? 09.07.2013 Threshold Cryptography 2 Threshold Cryptography Sharing Secrets Treasure
More informationSecurity Protocols and Application Final Exam
Security Protocols and Application Final Exam Solution Philippe Oechslin and Serge Vaudenay 25.6.2014 duration: 3h00 no document allowed a pocket calculator is allowed communication devices are not allowed
More informationA Knapsack Cryptosystem Based on The Discrete Logarithm Problem
A Knapsack Cryptosystem Based on The Discrete Logarithm Problem By K.H. Rahouma Electrical Technology Department Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationImplementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm
Implementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm Mohan Rao Mamdikar, Vinay Kumar & D. Ghosh National Institute of Technology, Durgapur E-mail : Mohanrao.mamdikar@gmail.com,
More informationLeveraging Randomness in Structure to Enable Efficient Distributed Data Analytics
Leveraging Randomness in Structure to Enable Efficient Distributed Data Analytics Jaideep Vaidya (jsvaidya@rbs.rutgers.edu) Joint work with Basit Shafiq, Wei Fan, Danish Mehmood, and David Lorenzi Distributed
More informationAn Anonymous Authentication Scheme for Trusted Computing Platform
An Anonymous Authentication Scheme for Trusted Computing Platform He Ge Abstract. The Trusted Computing Platform is the industrial initiative to implement computer security. However, privacy protection
More informationTutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction
Tutorial on Quantum Computing Vwani P. Roychowdhury Lecture 1: Introduction 1 & ) &! # Fundamentals Qubits A single qubit is a two state system, such as a two level atom we denote two orthogonal states
More informationLecture 11- Differential Privacy
6.889 New Developments in Cryptography May 3, 2011 Lecture 11- Differential Privacy Lecturer: Salil Vadhan Scribes: Alan Deckelbaum and Emily Shen 1 Introduction In class today (and the next two lectures)
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationk-points-of-interest Low-Complexity Privacy-Preserving k-pois Search Scheme by Dividing and Aggregating POI-Table
Computer Security Symposium 2014 22-24 October 2014 k-points-of-interest 223-8522 3-14-1 utsunomiya@sasase.ics.keio.ac.jp POIs Points of Interest Lien POI POI POI POI Low-Complexity Privacy-Preserving
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationSelections:! Internet voting with over-the-shoulder coercion-resistance. Jeremy Clark
Selections:! Internet voting with over-the-shoulder coercion-resistance Jeremy Clark Overview We consider the problem of over-theshoulder adversaries in Internet voting We design a voting protocol resistant
More informationOblivious Evaluation of Multivariate Polynomials. and Applications
The Open University of Israel Department of Mathematics and Computer Science Oblivious Evaluation of Multivariate Polynomials and Applications Thesis submitted as partial fulfillment of the requirements
More informationLecture 11: Hash Functions, Merkle-Damgaard, Random Oracle
CS 7880 Graduate Cryptography October 20, 2015 Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle Lecturer: Daniel Wichs Scribe: Tanay Mehta 1 Topics Covered Review Collision-Resistant Hash Functions
More informationMeeting Scheduling Guaranteeing n/2-privacy and Resistant to Statistical Analysis (Applicable to any DisCSP)
Meeting Scheduling Guaranteeing n/2-privacy and Resistant to Statistical Analysis (Applicable to any DisCSP) Marius Călin Silaghi Florida Institute of Technology, Computer Sciences Department Abstract
More informationLecture Notes, Week 10
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 10 (rev. 2) Professor M. J. Fischer March 29 & 31, 2005 Lecture Notes, Week 10 1 Zero Knowledge Interactive
More informationData Obfuscation. Bimal Kumar Roy. December 17, 2015
December 17, 2015 Problem description (informal) Owner with large database. Lends the database for public use user is allowed to run restriced set of queries on data items. Goal is to prevent the user
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationData Analytics Beyond OLAP. Prof. Yanlei Diao
Data Analytics Beyond OLAP Prof. Yanlei Diao OPERATIONAL DBs DB 1 DB 2 DB 3 EXTRACT TRANSFORM LOAD (ETL) METADATA STORE DATA WAREHOUSE SUPPORTS OLAP DATA MINING INTERACTIVE DATA EXPLORATION Overview of
More informationCSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography
CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography 1 Two Problems Problem 1. Generate Primes Find a prime number p of between 200 and 1000 decimal digits that has never been
More informationA Privacy Preserving Markov Model for Sequence Classification
A Privacy Preserving Markov Model for Sequence Classification Suxin Guo Department of Computer Science and Engineering SUNY at Buffalo Buffalo 14260 U.S.A. suxinguo@buffalo.edu Sheng Zhong State Key Laboratory
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationError-correcting codes and applications
Error-correcting codes and applications November 20, 2017 Summary and notation Consider F q : a finite field (if q = 2, then F q are the binary numbers), V = V(F q,n): a vector space over F q of dimension
More informationLecture 19: Verifiable Mix-Net Voting. The Challenges of Verifiable Mix-Net Voting
6.879 Special Topics in Cryptography Instructors: Ran Canetti April 15, 2004 Lecture 19: Verifiable Mix-Net Voting Scribe: Susan Hohenberger In the last lecture, we described two types of mix-net voting
More informationDigital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set
More informationHow to Measure Loss of Privacy
University of Texas at El Paso DigitalCommons@UTEP Departmental Technical Reports (CS) Department of Computer Science 6-1-2006 How to Measure Loss of Privacy Luc Longpre University of Texas at El Paso,
More informationData Mining Part 4. Prediction
Data Mining Part 4. Prediction 4.3. Fall 2009 Instructor: Dr. Masoud Yaghini Outline Introduction Bayes Theorem Naïve References Introduction Bayesian classifiers A statistical classifiers Introduction
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationModulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis. Financial Cryptography '10, Tenerife, Spain
Modulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis Bart Mennink (K.U.Leuven) Joint work with: Jorge Guajardo (Philips Research Labs) Berry Schoenmakers (TU Eindhoven)
More information