ENCRYPTED DATA MANAGEMENT SYSTEMS WITH TUNABLE PRIVACY

Encrypted data management systems allow untrusted platforms to manage and process encrypted data, thus enabling collaborative computations over confidential data. However, the pursuit of robust privacy protection and mitigation of privacy loss against cryptographic leakages often necessitates significant compromises to essential system guarantees, such as accuracy and performance, thereby rendering their implementation in real-world industries a highly improbable scenario.

This thesis aims to present a practical approach to constructing encrypted data management systems that effectively balance privacy and system guarantees. The fundamental design principle revolves around establishing quantifiable and adjustable privacy guarantees. This feature allows for fine-tuning of privacy levels to balance between privacy and system guarantees, enabling practitioners and system designers to navigate system tradeoffs according to their actual needs. First, we discuss a novel encrypted growing database framework, DP-Sync, which interoperates with a large class of existing encrypted databases and supports efficient updates while providing provable privacy for any single update. To accomplish this, we employ differential privacy constraints to rigorously quantify privacy loss against update leakages. Rather than defining a fixed privacy guarantee, our model allows for adjustable privacy, which offers flexibility for systems built on top of it to navigate tradeoffs.

Next, we expand the general design of the DP-Sync to accommodate more complex functionalities, namely private materializations and view-based secure query processing. The enhanced features enable untrusted platforms to securely maintain materialized views and process queries based on the computed views rather than accessing the underlying data. To achieve this, we propose a novel framework known asIncShrink, that: (i) supports view maintenance by utilizing incremental Multi-Party Computation (MPC) operators, effectively eliminating the necessity for trusted third parties; and (ii) guarantees that the privacy loss against view maintenance leakage satisfies DP definitions.

Lastly, we demonstrate that rather than traditional databases, the concept of tunable privacy design can also be applied to private decentralized data management systems, such as private Proof-of-Stake (PoS) blockchains. This showcases the potential for incorporating adjustable privacy mechanisms in distributed and decentralized settings, thereby opening up avenues for further exploration and research in the domain of encrypted data management systems. Specifically, we first present a new type of attack, namely, the stake inference attack that exploits permissible leakages present in state-of-the-art (SOTA) private Proof-of-Stake (PoS) blockchains, enabling the inference of precise stake values owned by each honest participant. Afterward, we utilize DP private stake distortion to achieve privacy in PoS blockchains. We formulate certain privacy requirements and design two stake distortion mechanisms that any PoS protocol can use.