The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Probabilistic encryption & how to play mental poker keeping secret all partial information
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
Practical Techniques for Searches on Encrypted Data
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
\ell -Diversity: Privacy Beyond \kappa -Anonymity
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Eluding carnivores: file sharing with strong anonymity
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Multi-Dimensional Range Query over Encrypted Data
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Privacy-preserving data publishing: A survey of recent developments
ACM Computing Surveys (CSUR)
Differential privacy: a survey of results
TAMC'08 Proceedings of the 5th international conference on Theory and applications of models of computation
Differentially private aggregation of distributed time-series with transformation and encryption
Proceedings of the 2010 ACM SIGMOD International Conference on Management of data
Collaborative, privacy-preserving data aggregation at scale
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
P4P: practical large-scale privacy-preserving distributed computation robust against malicious users
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Privad: practical privacy in online advertising
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Information slicing: anonymity using unreliable overlays
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Anonygator: privacy and integrity preserving data aggregation
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
CryptDB: protecting confidentiality with encrypted query processing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Our data, ourselves: privacy via distributed noise generation
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Calibrating noise to sensitivity in private data analysis
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Towards statistical queries over distributed private user data
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
ObliviAd: Provably Secure and Practical Online Behavioral Advertising
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Privacy-aware personalization for mobile advertising
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the 2012 ACM conference on Computer and communications security
Dissent in numbers: making strong anonymity scale
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
An untold story of redundant clouds: making your service deployment truly reliable
Proceedings of the 9th Workshop on Hot Topics in Dependable Systems
Hi-index | 0.00 |
There is a growing body of research on mechanisms for preserving online user privacy while still allowing aggregate queries over private user data. A common approach is to store user data at users' devices, and to query the data in such a way that a differentially private noisy result is produced without exposing individual user data to any system component. A particular challenge is to design a system that scales well while limiting how much the malicious users can distort the result. This paper presents SplitX, a high-performance analytics system for making differentially private queries over distributed user data. SplitX is typically two to three orders of magnitude more efficient in bandwidth, and from three to five orders of magnitude more efficient in computation than previous comparable systems, while operating under a similar trust model. SplitX accomplishes this performance by replacing public-key operations with exclusive-or operations. This paper presents the design of SplitX, analyzes its security and performance, and describes its implementation and deployment across 416 users.