tl;dr: We show that it is possible to take some of GDPR’s rules, translate them into a formal security property and design a protocol that achieves such privacy guarantees.
Paper: CANS 2018 or personal pdf.
Elena Pagnin, Carlo Brunetta, Pablo Picazo-Sanchez
We consider the problem of privacy-preserving processing of outsourced data in the context of user-customised services. Clients store their data on a server. In order to provide user-dependent services, service providers may ask the server to compute functions on the users’ data. We propose a new solution to this problem that guarantees data privacy (i.e., an honest-but-curious server cannot access plaintexts), as well as that service providers can correctly decrypt only –functions on– the data the user gave them access to (i.e., service providers learn nothing more than the result of user-selected computations).
Our solution has as base point a new secure labelled homomorphic encryption scheme (LEEG). LEEG supports additional algorithms (FEET) that enhance the scheme’s functionalities with extra privacy-oriented features. Equipped with LEEG and FEET, we define HIKE: a lightweight protocol for private and secure storage, computation and disclosure of users’ data. Finally, we implement HIKE and benchmark its performances demonstrating its succinctness and efficiency.