Paper 2025/801

POBA: Privacy-Preserving Operator-Side Bookkeeping and Analytics

Dennis Faut, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Valerie Fetzer, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Jörn Müller-Quade, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Markus Raiber, Karlsruhe Institute of Technology, KASTEL Security Research Labs
Andy Rupp, University of Luxembourg, KASTEL Security Research Labs
Abstract

Many user-centric applications face a common privacy problem: the need to collect, store, and analyze sensitive user data. Examples include check-in/check-out based payment systems for public transportation, charging/discharging electric vehicle batteries in smart grids, coalition loyalty programs, behavior-based car insurance, and more. We propose and evaluate a generic solution to this problem. More specifically, we provide a formal framework integrating privacy-preserving data collection, storage, and analysis, which can be used for many different application scenarios, present an instantiation, and perform an experimental evaluation of its practicality. We consider a setting where multiple operators (e.g., different mobility providers, different car manufacturers and insurance companies), who do not fully trust each other, intend to maintain and analyze data produced by the union of their user sets. The data is collected in an anonymous (wrt.\ all operators) but authenticated way and stored in so-called user logbooks. In order for the operators to be able to perform analyses at any time without requiring user interaction, the logbooks are kept on the operator's side. Consequently, this potentially sensitive data must be protected from unauthorized access. To achieve this, we combine several selected cryptographic techniques, such as threshold signatures and oblivious RAM. The latter ensures that user anonymity is protected even against memory access pattern attacks. To the best of our knowledge, we provide and evaluate the first generic framework that combines data collection, operator-side data storage, and data analysis in a privacy-preserving manner, while providing a formal security model, a UC-secure protocol, and a full implementation. With three operators, our implementation can handle over two million new logbook entries per day.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
AnalyticsBookkeepingBuilding-BlockMPCProtocolsPrivacyProvable SecurityUCUniversal Composability
Contact author(s)
dennis faut @ kit edu
valerie fetzer @ kit edu
joern mueller-quade @ kit edu
markus raiber @ kit edu
andy rupp @ uni lu
History
2025-05-05: approved
2025-05-05: received
See all versions
Short URL
https://ia.cr/2025/801
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/801,
      author = {Dennis Faut and Valerie Fetzer and Jörn Müller-Quade and Markus Raiber and Andy Rupp},
      title = {{POBA}: Privacy-Preserving Operator-Side Bookkeeping and Analytics},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/801},
      year = {2025},
      url = {https://eprint.iacr.org/2025/801}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.