隐私计算:技术方法和行业应用的综述

王伟; WANG Wei; 邵瑜; SHAO Yu; 段佳; DUAN Jia; 张泽华; ZHANG Zehua

doi:10.48014/ccsr.20230517001

隐私计算:技术方法和行业应用的综述

Privacy-Preserving Computation:A Comprehensive Survey of Methods and Applications

中国计算机科学评论 2023年第1卷第1期页码[1-12] 下载全文[1.3MB] [HTML]

摘要

人工智能与大数据的迅猛发展, 使得数据成为了重要的生产资料和流通要素。如何能在安全合规, 确保数据隐私安全的前提下, 充分发挥数据价值, 成为了公众关心的热点问题。隐私计算, 作为新兴的技术体系, 它可以通过密码学、可信硬件、多方安全计算、差分隐私等交叉融合技术, 实现数据的可用不可见, 达到数据安全流通, 发挥数据价值的目的。随着学术界以及工业领域的日益关注, 隐私计算已成为新的技术热点, 也成为商业和资本竞争的热门赛道。文章综述了隐私计算的技术原理, 对隐私计算中的关键技术进行了分类详述, 包括可信计算、多方安全计算、联邦学习、差分隐私、匿踪查询等。同时, 文章也从安全性, 技术优势, 存在的风险点等多维度, 对隐私计算技术进行了对比分析。另外, 文章也总结分析了隐私计算在国内各个行业的发展和应用, 侧面验证了隐私计算在数据流通和数据价值实现等方面的显著贡献。最后, 文章对隐私计算的发展现状和面临挑战进行了总结, 并展望了隐私计算未来的发展趋势。

Abstract

This paper presents a comprehensive review of privacy-preserving computation, including its various methods, such as Trusted Environment Execution (TEE) computation, Secure Multi-Party Computation (SMPC) , Federated Learning (FL) , Differential Privacy (DP) , and Private Information Retrieval (PIR) , et. It also analyzes and compares these methods from the aspects of security, advantages/disadvantages, and risks. Additionally, this paper investigates the applications and development of privacy-preserving computation, which finally demonstrates that privacy-preserving computation has a significant contribution on data circulation and data value realization. At last, the paper analyzes the current situation and challenges of privacy- preserving computation, while pointing out the future direction of it.

DOI	10.48014/ccsr.20230517001
文章类型	综述
收稿日期	2023-05-18
接收日期	2023-08-25
出版日期	2023-09-28
关键词	隐私计算, 数据安全, 联邦学习, 差分隐私, 多方安全计算
Keywords	Privacy-preserving computation, data security, federated learning, differential privacy, secure multi-party computation
作者	王伟¹, 邵瑜¹, 段佳^2,*, 张泽华²
Author	WANG Wei¹, SHAO Yu¹, DUAN Jia^2,*, ZHANG Zehua²
所在单位	1. 北京理工大学医学技术学院, 北京 102676； 2. 京东零售平台运营与营销中心, 北京 102676。
Company	1. School of Medical Technology, Beijing Institute of Technology, Beijing 102676, China 2. JD Retail Platform Operation and Marketing Center, JD. com, Beijing 102676, China.
浏览量	356
下载量	175
参考文献	[1] 符芳诚, 侯忱, 程勇, 等. 隐私计算关键技术与创新[J]. 信息通信技术与政策, 2021, 47(6): 27. [2] 闫树, 吕艾临. 隐私计算发展综述[J]. 信息通信技术与政策, 2021, 47(6): 1-1. [3] Costan V, Devadas S. Intel SGX Explained[J]. Cryptology ePrint Archive, 2016. [4] Zheng W, Wu Y, Wu X, et al. A Survey of Intel SGX and Its Applications[J]. Frontiers of Computer Science, 2021, 15(3): 1-15. https://doi.org/10.1007/s11704-019-9096-y [5] Mohassel P, Rindal P. ABY3: A Mixed Protocol Framework for Machine Learning[C]. Proc. ACM SIGSAC Conf. Computer Communications Security: 35-52. [6] Keller M. MP-SPDZ: A Versatile Framework for Multiparty Computation[C]. Proc. ACM SIGSAC Conf. Computer and Communications Security: 1575-1590. [7] Chandran N, Gupta D, Rastogi A, et al. EzPC: Programmable, Efficient, and Scalable Secure Two-Party Computation for Machine Learning[C]. 2019 IEEE European Symposium on Security and Privacy(EuroS&P), 2017: 496-511. [8] Mcmahan B, Moore E, Ramage D, et al. Communication- Efficient Learning of Deep Networks from Decentralized Data[C]. Proc. Artificial Intelligence and Statistics: 1273-1282. [9] Yang Q, Liu Y, Chen T, Tong Y. Federated Machine Learning: Concept and Applications[J]. ACM Trans. Intelligent Systems and Technology, 2019, 10(2): 1-19. https://doi.org/10.1145/3298981 [10] 丁丽萍, 卢国庆. 面向频繁模式挖掘的差分隐私保护研究综述[J]. 通信学报, 2014, 35(10): 200-209. https://doi.org/10.3969/j.issn.1000-436x.2014.10.023 [11] Dwork C. The Differential Privacy Frontier[C]. Proc. Theory of Cryptography Conf. : 496-502. [12] Angel S, Chen H, Laine K, Setty S. PIR with Compressed Queries and Amortized Query Processing[C]. Proc. IEEE Symposium on Security and Privacy: 962-979. [13] Ali A, Lepoint T, Patel S, et al. Communication-Computation Trade-offs in PIR[C]. Proc. USENIX Security Symposium: 1811-1828. [14] Bay A, Erkin Z, Alishahi M, Vos J. Multi-Party Private Set Intersection Protocols for Practical Applications[C]. Proc. Int. Conf. Security and Cryptography: 515-522. [15] Bay A, Erkin Z, Hoepman J-H, et al. Practical Multi- Party Private Set Intersection Protocols[J]. IEEE Trans. Information Forensics and Security, 2021, 17: 1-15. https://doi.org/10.1109/TIFS.2021.3118879 [16] Kaplan D, Powell J, Woller T. AMD Memory Encryption[R]. White Paper, 2016. [17] Pinto S, Santos N. Demystifying Arm Trustzone: A Comprehensive Survey[J]. ACM Computing Surveys, 2019, 51(6): 1-36. https://doi.org/10.1145/3291047 [18] Pinto S, Garlati C. Multi Zone Security for Arm Cortex- M Devices[C]. Proc. Embedded World Conference. [19] Feng E, Lu X, Du D, et al. Scalable Memory Protection in the PENGLAI Enclave[C]. Proc. USENIX Symposium on Operating Systems Design and Implementation: 275-294. [20] Shamir A. How to Share A Secret[J]. Communications of the ACM, 1979, 22(11): 612-613. https://doi.org/10.1145/359168.359176 [21] Yao A C. Protocols for Secure Computations[C]. Proc. Annual Symposium on Foundations of Computer Science: 160-164. [22] Gentry C. Fully Homomorphic Encryption Using Ideal Lattices[C]. Proc. ACM Symposium on Theory of Computing, 2009: 169-178. [23] Rabin M O. How to Exchange Secrets with Oblivious Transfer[R]. Cryptology ePrint Archive, 2005: 1-26. [24] Nielsen J B, Orlandi C. LEGO for Two-Party Secure Computation[C]. Proc. Theory of Cryptography Conf. , 2009: 368-386. [25] Damgård I, Zakarias S. Constant-Overhead Secure Computation of Boolean Circuits Using Preprocessing[C]. Proc. Theory of Cryptography Conf. , 2013: 621-641. [26] Huang Z, Lu W J, Hong C, Ding J. Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference[J]. IACR Cryptol. ePrint Arch. , 2022: 207. [27] Rathee D, Rathee M, Kumar N, et al. CrypTFlow2: Practical 2-Party Secure Inference[C]. Proc. ACM SIGSAC Conf. Computer and Communications Security, 2020: 325-342. [28] Li T, Sahu A K, Zaheer M, et al. Federated Optimization in Heterogeneous Networks[C]. Proc. Machine Learning and Systems, 2020: 429-450. [29] Acar D a E, Zhao Y, Matas R, et al. Federated Learning Based on Dynamic Regularization[C]. Proc. Int. Conf. Learning Representations, 2021: 1-36. [30] Zhu L, Liu Z, Han S. Deep leakage from gradients[C]. Proc. Int. Conf. Neural Info. Processing Systems, 2019: 14774-14784. [31] Yin H, Mallya A, Vahdat A, et al. See Through Gradients: Image Batch Recovery via Gradinversion[C]. Proc. IEEE/CVF Conf. Computer Vision and Pattern Recognition, 2021: 16337-16346. [32] Zhang C, Li S, Xia J, et al. Batchcrypt: Efficient Homomorphic Encryption for Cross-silo Federated Learning[C]. Proc. USENIX Annual Technical Conf, 2020: 493-506. [33] Hardy S, Henecka W, Ivey-Law H, et al. Private Federated Learning on Vertically Partitioned Data via Entity Resolution and Additively Homomorphic Encryption[J]. arXiv preprint arXiv: 1711. 10677, 2017. https://doi.org/10.48550/arXiv.1711.10677 [34] Brisimi T S, Chen R, Mela T, et al. Federated Learning of Predictive Models from Federated Electronic Health Records[J]. Int. Journal of Medical Informatics, 2018, 112: 59-67. https://doi.org/10.1016/j.ijmedinf.2018.01.007 [35] Jiang L, Tan R, Lou X, et al. On Lightweight Privacy- Preserving Collaborative Learning for Internet-of- Things Objects[C]. Proc. Int. Conf. Internet of Things Design and Implementation, 2019: 70-81. [36] Dwork C, Mcsherry F, Nissim K, et al. Calibrating Noise to Sensitivity in Private Data Analysis[C]. Proc. Theory of Cryptography Conf. , 2006: 265-284. [37] Gupta A, Roth A, Ullman J. Iterative Constructions and Private Data Release[C]. Proc. Theory of Cryptography Conf. , 2012: 339-356. [38] Cormode G, Jha S, Kulkarni T, et al. Privacy at Scale: Local Differential Privacy in Practice[C]. Proc. Int. Conf. Management of Data, 2018: 1655-1658. [39] Kairouz P, Bonawitz K, Ramage D. Discrete Distribution Estimation under Local Privacy[C]. Proc. Int. Conf. Machine Learning, 2016: 2436-2444. [40] Wang T, Blocki J, Li N, et al. Locally Differentially Private Protocols for Frequency Estimation[C]. Proc. USENIX Security Symposium, 2017: 729-745. [41] Bassily R, Smith A. Local, Private, Efficient Protocols for Succinct Histograms[C]. Proc. ACM Symposium on Theory of Computing, 2015: 127-135. [42] Acharya J, Sun Z, Zhang H. Hadamard Response: Estimating Distributions Privately, Efficiently, and with Little Communication[C]. Proc. Artificial Intelligence and Statistics, 2019: 1120-1129. [43] Zheng K, Mou W, Wang L. Collect at Once, Use Effectively: Making Non-Interactive Locally Private Learning Possible[C]. Proc. Int. Conf. Machine Learning, 2017: 4130-4139. [44] Abadi M, Chu A, Goodfellow I, et al. Deep Learning with Differential Privacy[C]. Proc. ACM SIGSAC Conf. Computer and Communications Security, 2016: 308-318. [45] Wang D, Gaboardi M, Xu J. Empirical Risk Minimization in Non-Interactive Local Differential Privacy Revisited[C]. Proc. Int. Conf. Neural Info. Processing Systems, 2018: 973-982. [46] Meadows C. A More Efficient Cryptographic Matchmaking Protocol for Use in The Absence of A Continuously Available Third Party[C]. Proc. IEEE Symposium on Security and Privacy, 1986: 134-144. [47] Huang Y, Evans D, Katz J. Private Set Intersection: Are Aarbled Circuits Better than Custom Protocols?[C]. Proc. NDSS, 2012: 1-5. [48] Huang Y, Evans D, Katz J, et al. Faster Secure {Two- Party} Computation Using Garbled Circuits[C]. Proc. USENIX Security Symposium, 2011: 35-45. [49] Kolesnikov V, Kumaresan R, Rosulek M, et al. Efficient Batched Oblivious PRF with Applications to Private Set Intersection[C]. Proc. ACM SIGSAC Conf. Computer and Communications Security, 2016: 818-829. [50] Inbar R, Omri E, Pinkas B. Efficient Scalable Multiparty Private Set-Intersection via Garbled Bloom Filters[C]. Proc. Int. Conf. Security and Cryptography for Networks, 2018: 235-252. [51] Dong C, Chen L, Wen Z. When Private Set Intersection Mmeets Big Data: An Eefficient and Scalable Protocol[C]. Proc. ACM SIGSAC Conf. Computer and Communications Security, 2013: 789-800. [52] Chor B, Kushilevitz E, Goldreich O, et al. Private Information Retrieval[J]. Journal of the ACM, 1998, 45(6): 965-981. https://doi.org/10.1145/1721654.1721674 [53] Mughees M H, Chen H, Ren L. OnionPIR: Response Efficient Single-Server PIR[C]. Proc. ACM SIGSAC Conf. Computer and Communications Security, 2021: 2292-2306. [54] Chen H, Huang Z, Laine K, Rindal P. Labeled PSI from Fully Homomorphic Encryption with Malicious Security[C]. Proc. ACM SIGSAC Conf. Computer and Communications Security, 2018: 1223-1237. [55] Chor B, Gilboay N, Naorz M. Private Information Retrieval by Keywords[J]. IACR Cryptol. ePrint Arch. , 1997: 1-19. [56] 艾瑞咨询. 2022 年中国隐私计算行业研究报告[R]. 2022: 1-89.
引用本文	王伟, 邵瑜, 段佳, 等. 隐私计算: 技术方法和行业应用的综述[J]. 中国计算机科学评论, 2023, 1(1): 1-12.
Citation	WANG Wei, SHAO Yu, DUAN Jia, et al. Privacy-preserving computation: a comprehensive survey of methods and applications[J]. Chinese Computer Sciences Review, 2023, 1(1): 1-12.