Centrala begrepp
Colo, a new system, enables efficient privacy-preserving federated graph analytics for a subset of queries by using tailored secure computation and metadata-hiding communication protocols.
Sammanfattning
The paper presents Colo, a new system for privacy-preserving federated graph analytics. Colo targets a subset of graph queries that have predicates with a limited set of inputs and outputs, and that evaluate these predicates between a device and its neighbors and then aggregate the results across the devices.
Colo's workflow consists of three phases:
Query distribution: The analyst submits a query to the servers, who validate it and distribute it to the devices.
Local aggregation: Each device evaluates the query in its local neighborhood using a new secure computation protocol that hides node, edge, and topology data. Devices communicate via a metadata-hiding network to protect topology information.
Global aggregation: Devices secret share their local results with servers, who aggregate them and send the final result to the analyst.
Colo's key innovations are:
A tailored secure computation protocol that operates over a limited set of inputs and outputs, making it more efficient than general-purpose protocols.
Leveraging the metadata-hiding Karaoke system to enable devices to communicate anonymously and hide their topology.
A simple global aggregation protocol that ensures honest devices' results are aggregated exactly once.
Colo's evaluation shows that for 1M devices, it requires less than 8.4 minutes of device cpu time and 4.93 MiB of network transfers per query, which is up to three orders of magnitude better than the state-of-the-art Mycelium system.
Statistik
For 1M devices connected to up to 50 neighbors each:
Colo's per-device cost is less than 8.4 minutes of (single core) cpu time and 4.93 MiB of network transfers.
Colo's server-side cost is $3.95 to $37.6 per server ($158 to $1,504 total for 40 servers), depending on the query.