Paper 2025/420

Non-Interactive Verifiable Aggregation

Ojaswi Acharya, University of Massachusetts Amherst
Suvasree Biswas, George Washington University
Weiqi Feng, University of Massachusetts Amherst
Adam O'Neill, University of Massachusetts Amherst
Arkady Yerukhimovich, George Washington University
Abstract

Consider a weak analyst that wishes to outsource data collection and computation of aggregate statistics over a a potentially large population of (also weak) clients to a powerful server. For flexibility and efficiency, we consider public-key and non-interactive protocols, meaning the clients know the analyst's public key but do not share secrets, and each client sends at most one message. Furthermore, the final step should be silent, whereby the analyst simply downloads the (encrypted) result from the server when needed. To capture this setting, we define a new primitive we call Non-Interactive Verifiable Aggregation (NIVA). We require both privacy and robustness for a NIVA protocol to be deemed secure. Namely, our security notion for NIVA ensures that the clients' data remains private to both the server and the analyst, while also ensuring that malicious clients cannot skew the results by providing faulty data. We propose a secure NIVA protocol, which we call PEAR (for Private, Efficient, Accurate, Robust), which can validate inputs according to any NP validity rule. PEAR is based on a novel combination of functional encryption for inner-products (Abdalla et al., PKC 2015) and fully-linear probabilistically-checkable proofs (Boneh et al., Crypto 2019). We emphasize that PEAR is non-interactive, public-key, and makes black-box use of the underlying cryptographic primitives. Additionally, we devise substantial optimizations of PEAR for practically-relevant validity rules. Finally, we implement PEAR to show feasibility for such validity rules, conducting a thorough performance evaluation. In particular, we compare PEAR to two more straightforward or "off-the-shelf" NIVA protocols and show performance gains, demonstrating the merit of our new approach. The bottleneck in our protocol comes from the fact that we require the underlying IPFE scheme to be "unrestricted" over a large field. As more efficient such schemes are developed, they can be immediately be plugged into PEAR for further gains.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Secure aggregationInput validationInner-product functional encryptionFully-linear PCPs
Contact author(s)
oacharya @ umass edu
suvasree @ gwu edu
weiqifeng @ umass edu
adamoneill @ umass edu
arkady @ gwu edu
History
2025-03-05: approved
2025-03-05: received
See all versions
Short URL
https://ia.cr/2025/420
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/420,
      author = {Ojaswi Acharya and Suvasree Biswas and Weiqi Feng and Adam O'Neill and Arkady Yerukhimovich},
      title = {Non-Interactive Verifiable Aggregation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/420},
      year = {2025},
      url = {https://eprint.iacr.org/2025/420}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.