Pietro Russo, Lorenzo Bracciale, Giuseppe Bianchi. Dare-to-Share: Collaborative privacy-preserving recommendations with (almost) no crypto. Security and Privacy, volume 4, issue 3, March 2021.

View the paper

Abstract:

Collaborative recommending systems aim to predict a potential user-item rating on the basis of remaining ones. Since, in several contexts, sharing of other users’ ratings may be prevented by confidentiality concerns, several works have effectively addressed the design of privacy preserving recommenders. Still, most of the proposed solutions rely on advanced cryptographic methodologies, whose may conflict with the simplicity and viability requirements of real world deployments. In contrast, we propose an approach which does not require any complex cryptography. We show that whenever we can tolerate recommendations based on average values, we can transform the recommender into a privacy-preserving one, by using two noncolluding replicas of the same system, and by distributing randomly “blinded” data to these replicas. To protecting each user’s rating, a key asset of our approach is the ability to conceal which specific items are rated by which users. Our proposal is secure under the honest-but-curious attacker’s assumption, and we show how it can be extended to guarantee robustness also against malicious adversaries. Finally, as a proof-of-concept, we present an implementation of the proposed approach for our motivating use case—collaborative assessment of computer/network vulnerabilities without revealing which of them affect one own infrastructure.