Complementary set encryption for privacy-preserving data consolidation

Abstract

Privacy-preserving data consolidation is one of the prominent research topics in the big data era, mostly because of the need of consolidating data from various database communities, which are highly sensitive or competitive in nature. This leads to a new emerging problem namely how to accomplish data consolidation among different organization data sets or databases appropriately without revealing any competitive or sensitive information to non-owners. To address this issue, we first introduce a new encryption notion called “complementary set encryption” (CSE) to apply to privacy-preserving data consolidation. In this notion, to provide privacy protection, the data in one database will be encrypted under a set W prior to being sent to the other database, and a decryption key will be generated with another set Q. The data will be decrypted and consolidated into the other database, if and only if both sets W and Q are complementary. Here, the “complementary” means that the intersection of set W and set Q is empty and meanwhile the union of both is to be completed into a universal set exactly. We then describe two constructions of CSE under the public-key setting. Our first construction is designed under a weaker security notion – “payload hiding”, which only preserves the data privacy but achieves a higher performance. The second construction is a stronger security notion, which we refer to as an “attribute hiding”, which preserves both the privacy of the data and its associated set W. Finally, we provide a formal analysis to prove the security of our two constructions, followed by a theoretical performance comparison and an experimental evaluation. In particular, the first construction is of an independent interest in the context of cryptography since it was able to stand out for its efficiency as a predicate encryption scheme in the sense that it features both low communication overhead and computational costs simultaneously, and only requires a private key size of O(1), a ciphertext size of O(1), and only O(1) pairing computations.