Paper 2017/479

Privacy-Preserving Aggregation of Time-Series Data with Public Verifiability from Simple Assumptions

Keita Emura


Aggregator oblivious encryption was proposed by Shi et al. (NDSS 2011), where an aggregator can compute an aggregated sum of data and is unable to learn anything else (aggregator obliviousness). Since the aggregator does not learn individual data that may reveal users' habits and behaviors, several applications, such as privacy-preserving smart metering, have been considered. In this paper, we propose aggregator oblivious encryption schemes with public verifiability where the aggregator is required to generate a proof of an aggregated sum and anyone can verify whether the aggregated sum has been correctly computed by the aggregator. Though Leontiadis et al. (CANS 2015) considered the verifiability, their scheme requires an interactive complexity assumption to provide the unforgeability of the proof. Our schemes are proven to be unforgeable under a static and simple assumption (a variant of the Computational Diffie-Hellman assumption). Moreover, our schemes inherit the tightness of the reduction of the Benhamouda et al. scheme (ACM TISSEC 2016) for proving aggregator obliviousness. This tight reduction allows us to employ elliptic curves of a smaller order and leads to efficient implementation.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MINOR revision.22nd Australasian Conference on Information Security and Privacy (ACISP 2017)
Aggregator Oblivious EncryptionPublic Verifiability
Contact author(s)
k-emura @ nict go jp
2017-07-25: last of 3 revisions
2017-05-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Keita Emura},
      title = {Privacy-Preserving Aggregation of Time-Series Data with Public Verifiability from Simple Assumptions},
      howpublished = {Cryptology ePrint Archive, Paper 2017/479},
      year = {2017},
      doi = {10.1007/978-3-319-59870-3_11},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.