Users today expect more security from services that handle their data. In addition to traditional data privacy and integrity requirements, they expect transparency, i.e., that the service's processing of the data is verifiable by users and trusted auditors. Our goal is to build a multi-user system that provides data privacy, integrity, and transparency for a large number of operations, while achieving practical performance. To this end, we first identify the limitations of existing approaches that use authenticated data structures. We find that they fall into two categories: 1) those that hide each user's data from other users, but have a limited range of verifiable operations (e.g., CONIKS, Merkle2, and Proofs of Liabilities), and 2) those that support a wide range of verifiable operations, but make all data publicly visible (e.g., IntegriDB and FalconDB). We then present TAP to address the above limitations. The key component of TAP is a novel tree data structure that supports efficient result verification, and relies on independent audits that use zero-knowledge range proofs to show that the tree is constructed correctly without revealing user data. TAP supports a broad range of verifiable operations, including quantiles and sample standard deviations. We conduct a comprehensive evaluation of TAP, and compare it against two state-of-the-art baselines, namely IntegriDB and Merkle2, showing that the system is practical at scale.
翻译:除了传统的数据隐私和完整性要求之外,他们还期望透明度,即服务对数据的处理由用户和信任的审计员进行核查。我们的目标是建立一个多用户系统,为大量业务提供数据隐私、完整性和透明度,同时实现实际业绩。为此,我们首先确定使用经认证的数据结构的现有方法的局限性。我们发现这些方法分为两类:1) 隐藏每个用户数据来自其他用户,但可核实操作范围有限的操作(例如,CONIKS、Merkle2和负债证据),2) 支持一系列广泛的可核查操作,但能让公众看到所有数据(例如,IntegriDB和FalconDB)的多用户系统。我们然后介绍TAP,以解决上述局限性。TAP的关键组成部分是支持高效结果核查的新树类数据结构,并依靠使用实际知识范围证明显示树木结构正确无误,但不披露用户数据。TAP支持广泛的可核实操作范围,在TAP系统上进行广泛的可核实的基线评估,在两个基准国家进行对比。
相关内容
微信扫码咨询专知VIP会员