To protect user privacy in distributed systems from leaking by statistical queries.
The most direct solutions are
to anonymize + add noise to user data.
[-] utility, de-anonymize
differential privacy. add noise to answer of queries.
[-] scale, churn tolerance, malicious client
PDDP: Practical Distributed Differential Privacy.
Clients and analysts are potentially malicious. Proxy is HbC (honest but curious) and should not have access to noise-free result.
Query Initialization(Analyst -> Proxy)
Query Forwarding (Proxy -> Client)
Client Respond (Client -> Proxy)
answers are encrypted with the analyst's public key.
Differential Private Noise Addition.
collaborative coin generation with a GM cryptosystem. Unbiased proxy flip encrypted coins from clients randomly and thus transform them into unbiased ones. Coins serve as DP noises.
Noisy Answers to Analyst ( Proxy -> Analyst)
600+ Client = Firefox add-on + SQLite
Proxy = Tomcat web service + MySQL
Analyst = Java program
The authors achieve scalable, churn-tolerant user privacy against malicious analyst and clients by