Presentation is loading. Please wait.

Presentation is loading. Please wait.

Antonis Papadimitriou, Arjun Narayan, Andreas Haeberlen

Published byJunior Jackson Modified over 6 years ago

Similar presentations

Presentation on theme: "Antonis Papadimitriou, Arjun Narayan, Andreas Haeberlen"— Presentation transcript:

1 DStress: Efficient Differentially Private Computations on Distributed Data
Antonis Papadimitriou, Arjun Narayan, Andreas Haeberlen University of Pennsylvania

2 Motivation: Systemic risk
Bank A Bank C Bank B If house prices fall If house prices fall Bank A Bank B Bank C debt=200 debt=200 payout = 20 Capital = 100 80 Capital = 100 102 120 Capital = 200 218 20 20 18 Banks reduce risk by buying “insurance” contracts This means they rely on others to meet obligations B and A will have problems if C goes bankrupt Systemic risk: The risk of snowball bankruptcies in the financial graph Measuring it could provide early warning (2008 crisis!)

3 I knew C was going to kill us all!
Challenge: Privacy All 3 banks fail! Bank A Bank B Bank C debt=200 debt=200 I knew C was going to kill us all! Capital = 80 Capital = 102 Capital = 218 Why can’t we collect data and measure the systemic risk? Economists have algorithms, e.g., [EN, EGJ] We know how to execute graph algorithms Privacy concern 1: Graph values and edges are very sensitive Privacy concern 2: Even the output of the computation can leak information

4 Approach All 3 banks fail! 80 102 218
Bank A debt=200 Bank B Bank C All 3 banks fail! debt=200 Capital = 80 Capital = 102 Capital = 218 Banks keep data and take part in distributed computation Goal: Privacy and efficiency Output privacy Value privacy Edge privacy Efficiency Result: Private distributed graph computations (not only systemic risk!) Differential privacy Existing Secure multiparty computation (MPC) Secure message transfer protocol New Formulation as vertex programs

5 Outline Systemic risk Privacy concerns Approach
Distributed computation Protecting values Protecting edges Protecting output Evaluation

6 How do systemic risk algorithms work?
40 27/ 135/ 40 Bank A Bank B Bank C 200 20 Capital = 80 Capital = 102 Capital = 20 prorate: 162*(200/240) = 135 In-payments = = 60 Capital = = 162 Shortfall = = 78 Systemic risk = total shortfall [EN01] computes the systemic risk by simulating payment between banks Economists formulate this as a matrix computation Step: Aggregation: But matrix operations are expensive in secure multiparty computation (MPC) Computing systemic risk for entire US graph would take > 200 years! 𝐹𝐹 𝑝 ′ 𝑝 =Λ 𝑝 ′ Π Τ Λ 𝑝 ′ 𝑝+ 𝐼−Λ 𝑝 ′ 𝑝 +𝑒 +(𝐼−Λ( 𝑝 ′ ))( 𝑝 ) ( 𝑝 −𝑝)

7 Systemic risk as a vertex program
40 27/ 135/ 40 Bank A Bank B Bank C 200 20 Capital = 80 Capital = 102 Capital = 20 Idea: Run algorithm as a distributed simulation The simulation of payments can be expressed as a vertex program Advantage: Vertex programs are faster in MPC No matrix ops, no need to read entire matrix

8 Privately running vertex programs
We had to overcome several challenges Protecting values Secret sharing Secure MPC Protecting edges Re-sharing Variant of ElGamal encryption Re-randomizable encryption keys Homomorphic mixing Protecting output Differential privacy Sensitivity and utility analysis Read our paper for details!

9 Privately running vertex programs: Value privacy
B’s Committee C’s Committee 20 -37 78 -12 52 54 Bank A Bank B Bank C 20/200 135/200 Capital = 80 102 20 17 -13 +35 -29 10 Challenge: Hide intermediate values of the computation Solution: Committee of k banks Secret sharing and MPC Result: No committee member can observe intermediate state!

10 Privately running vertex programs: Edge privacy
B’s Committee C’s Committee Bank A Bank B Bank C 17 17 17 -13 -13 -13 Aha! Contract (C,B) exists I have to use blue key – so (C,B) exists +35 +35 +35 -29 -29 -29 10 10 10 Challenge 1: Direct communication can leak edge Solution 1: Route shares via C and B They already know about edge (C,B) Challenge 2: Encryption keys can leak edge Solution 2: Use re-randomizable encryption keys Please look at paper for other challenges!

11 Privately running vertex programs: Output privacy
$100±𝜀 $2000±𝜀 VS Problem: Output can leak information Solution: Differential privacy Add noise to result Mask contribution of any individual contract Systemic risk with noise OK, because we’re looking for devastating effects For details look at our paper!

12 Outline Systemic risk Privacy concerns Approach
Distributed computation Protecting values Protecting edges Protecting output Evaluation

13 Implementation and experimental setup
Evaluation questions: What is the computational cost of vertex programs in MPC? What is the communication cost of vertex programs in MPC? How does the size of MPC blocks affect the cost of vertex computations? What is the cost of message transfers? What is the end-to-end cost of DStress? How does DStress compare to monolithic MPC? Can DStress scale to the size of the entire US financial network? Evaluation questions: What is the computational cost of vertex programs in MPC? What is the communication cost of vertex programs in MPC? How does the size of MPC blocks affect the cost of vertex computations? What is the cost of message transfers? What is the end-to-end cost of DStress? How does DStress compare to monolithic MPC? Can DStress scale to the size of the entire US financial network?

14 What is the cost of vertex program steps in MPC?
Vertex update Message transfer Aggregate Iterations Vertex update Message transfer Aggregate Iterations 12 members 16 members 8 members 20 members [EN01] EGJ[14] Aggregation We evaluated the cost of MPC steps Eisenberg-Noe, “Systemic Risk in Financial Systems”, Management Science, 2001 Elliott-Golub-Jackson. "Financial networks and contagion." American Economic Review, 2014 Tradeoff between performance and privacy (committee sizes) Completion time is reasonable even for committees of 20 banks The largest inter-bank collusion observed involved 16 banks

15 Can DStress scale to the US financial network?
# US banks We show DStress performance for large networks This is an extrapolation from smaller scale experiments DStress would take less than 5 hours for the US financial system! Compare that with 200+ years for naïve application of MPC

16 Conclusion Motivation: Computing the systemic risk could serve as an early warning system for the financial network Solution: DStress can execute distributed vertex programs with privacy guarantees Challenges: Many subtle ways sensitive information can leak Differential privacy to protect output Secret sharing and MPC to hide intermediate values Secure message transfer protocol to hide edges Evaluation: DStress could be used for graphs the size of the US financial system Thank you!

Download ppt "Antonis Papadimitriou, Arjun Narayan, Andreas Haeberlen"

Similar presentations

Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.

Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Experimental Economics Fall 2009 Yale University.

Experimental Economics Fall 2009 Yale University.
Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.

Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.

A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,

Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,
1 Sensor Relocation in Mobile Sensor Networks Guiling Wang, Guohong Cao, Tom La Porta, and Wensheng Zhang Department of Computer Science & Engineering.

1 Sensor Relocation in Mobile Sensor Networks Guiling Wang, Guohong Cao, Tom La Porta, and Wensheng Zhang Department of Computer Science & Engineering.
Information Gathering in Government Bailout Decision: An Experiment Ayung Tseng December 8, 2009 1.

Information Gathering in Government Bailout Decision: An Experiment Ayung Tseng December 8,
CLOUD COMPUTING, INFORMATION FLOWS, AND MARKETS Subir K. Chakrabarti Department of Economics IUPUI Rajeev R. Raje Department of Computer and Information.

CLOUD COMPUTING, INFORMATION FLOWS, AND MARKETS Subir K. Chakrabarti Department of Economics IUPUI Rajeev R. Raje Department of Computer and Information.
1 1 Chenhao Tan, 1 Jie Tang, 2 Jimeng Sun, 3 Quan Lin, 4 Fengjiao Wang 1 Department of Computer Science and Technology, Tsinghua University, China 2 IBM.

1 1 Chenhao Tan, 1 Jie Tang, 2 Jimeng Sun, 3 Quan Lin, 4 Fengjiao Wang 1 Department of Computer Science and Technology, Tsinghua University, China 2 IBM.
CS492: Special Topics on Distributed Algorithms and Systems Fall 2008 Lab 3: Final Term Project.

CS492: Special Topics on Distributed Algorithms and Systems Fall 2008 Lab 3: Final Term Project.
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.

Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.
Technology Panel What technical tools are in our disposal for achieving privacy Privacy: Technology + Policy –Technology can Implement Policy –Without.

Technology Panel What technical tools are in our disposal for achieving privacy Privacy: Technology + Policy –Technology can Implement Policy –Without.
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.
Technology Panel What technical tools are in our disposal for achieving privacy and security Privacy: Technology + Policy –Without Policy, technology will.

Technology Panel What technical tools are in our disposal for achieving privacy and security Privacy: Technology + Policy –Without Policy, technology will.
Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.

Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.
Deadline-sensitive Opportunistic Utility-based Routing in Cyclic Mobile Social Networks Mingjun Xiao a, Jie Wu b, He Huang c, Liusheng Huang a, and Wei.

Deadline-sensitive Opportunistic Utility-based Routing in Cyclic Mobile Social Networks Mingjun Xiao a, Jie Wu b, He Huang c, Liusheng Huang a, and Wei.
GraphSC: Parallel Secure Computation Made Easy Kartik Nayak With Xiao Shaun Wang, Stratis Ioannidis, Udi Weinsberg, Nina Taft, Elaine Shi 1.

GraphSC: Parallel Secure Computation Made Easy Kartik Nayak With Xiao Shaun Wang, Stratis Ioannidis, Udi Weinsberg, Nina Taft, Elaine Shi 1.
Protecting Sensitive Labels in Social Network Data Anonymization.

Protecting Sensitive Labels in Social Network Data Anonymization.
1 Privacy Preserving Data Mining Haiqin Yang Extracted from a ppt “Secure Multiparty Computation and Privacy” Added “Privacy Preserving SVM”

1 Privacy Preserving Data Mining Haiqin Yang Extracted from a ppt “Secure Multiparty Computation and Privacy” Added “Privacy Preserving SVM”

Similar presentations

Ads by Google