簡易檢索 / 詳目顯示

研究生: 劉洧聿
Liu, Wei-Yu
論文名稱: 以零知識證明建立可信的隱私保護資料使用機制
Establishing Trusted Mechanisms for Privacy Preserving Data Usage Using Zero-Knowledge Proofs
指導教授: 黃冠寰
Hwang, Gwan-Hwan
口試委員: 黃冠寰
Hwang, Gwan-Hwan
張道顧
Chang, Tao-Ku
梁家為
Liang, Chia-Wei
口試日期: 2024/07/29
學位類別: 碩士
Master
系所名稱: 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2024
畢業學年度: 112
語文別: 中文
論文頁數: 40
中文關鍵詞: 零知識證明隱私保護數據分析
英文關鍵詞: Zero-Knowledge Proof, Privacy-Preserving, Data Analysis
研究方法: 實驗設計法
DOI URL: http://doi.org/10.6345/NTNU202401611
論文種類: 學術論文
相關次數: 點閱:112下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 隨著人工智慧技術的飛速發展,數據分析在各領域展現出巨大的應用潛力和商業價值。然而,數據分析依賴於大量涉及個人隱私的數據,這引發了對隱私保護的高度關注。現有的去識別化技術雖然可以在一定程度上保護隱私,但仍存在數據質量和準確性受損的問題。此外,合約和第三方稽核機構在保護資料隱私方面也面臨著效率和成本的挑戰。
    本篇論文提出了一套基於公開金鑰基礎建設和零知識證明的資料交換系統,以應對上述問題。公開金鑰基礎建設技術能夠提供安全的身份驗證和數據加密,確保數據在傳輸過程中的安全性。零知識證明技術則允許在不洩露原始數據的前提下進行數據分析,僅返回分析結果,從而大大降低了隱私洩露的風險。此外,零知識證明還能生成與原始資料無關的證明,使稽核過程自動化並降低稽核成本。
    這套資料交換系統預期能夠在不損害數據質量的前提下,有效保護隱私資料,提升數據分析的效率和安全性。儘管零知識證明技術需要耗費大量算力,計算成本和時間成本需要進一步評估,但其在隱私保護和稽核自動化方面的優勢,使其成為解決數據分析中隱私保護問題的有效方法。

    With the rapid development of artificial intelligence technology, data analysis has demonstrated significant application potential and commercial value across various fields. However, data analysis relies heavily on vast amounts of personal data, raising serious concerns about privacy protection. Existing de-identification techniques can protect privacy to some extent, but they often compromise data quality and accuracy. Additionally, contracts and third-party auditing organizations face efficiency and cost challenges in safeguarding data privacy.
    This paper proposes a data exchange system based on Public Key Infrastructure (PKI) and Zero-Knowledge Proofs (ZKP) to address these issues. PKI technology provides secure authentication and data encryption, ensuring data security during transmission. Zero-Knowledge Proof technology allows data analysis without revealing the original data, returning only the analysis results, thus significantly reducing the risk of privacy leakage. Furthermore, Zero-Knowledge Proofs can generate proofs unrelated to the original data, automating the auditing process and reducing audit costs.
    This data exchange system is expected to effectively protect privacy data and enhance the efficiency and security of data analysis without compromising data quality. Although Zero-Knowledge Proof technology requires substantial computational power and its computational and time costs need further evaluation, its advantages in privacy protection and audit automation make it an effective solution to privacy issues in data analysis.

    致謝 i 摘要 ii Abstract iii 目錄 iv 附表目錄 vii 附圖目錄 viii 第一章 緒論 1 第一節 數據在當代的商業價值 1 第二節 資料科學與隱私保護的衝突 2 第三節 隱私資料的保護技術 2 第四節 現今技術的問題 3 第五節 本篇論文的解法 4 第六節 預期成果 5 第二章 先前研究 6 第一節 隱私保護資料探勘 6 一、 k匿名性 6 二、 l多樣性 7 三、 t相似性 7 四、 ε差分隱私 7 第二節 模克樹(Merkle tree) 8 一、 簡介 8 二、 使用模克樹原因 9 第三節 公開金鑰基礎建設 10 第四節 零知識證明 11 一、 簡介 11 二、 交互式零知識證明 12 三、 非交互式零知識證明 12 第三章 應用情境與系統架構 15 第一節 總覽架構 15 第二節 參與者 16 一、 可信第三方 16 二、 資料提供者 17 三、 資料販售者 18 四、 資料購買者 22 第三節 系統流程 23 一、 資料聚合階段 23 二、 資料探勘階段 24 第四章 實驗設計與結果 28 第一節 實驗設計 28 一、 實驗環境 28 二、 實驗數據 28 三、 實驗種類 31 第二節 實驗結果 32 一、 實驗一 32 二、 實驗二 34 第五章 結論 35 第一節 安全分析 35 第二節 結論 36 第三節 未來展望 36 參考文獻 38

    Bahri, S., Zoghlami, N., Abed, M., & Tavares, J. M. R. (2018). Big data for healthcare: a survey. IEEE access, 7, 7397-7408.
    Jaiswal, A., & Bagale, P. (2017, October). A survey on big data in financial sector. In 2017 International Conference on Networking and Network Applications (NaNA) (pp. 337-340). IEEE.
    "Google DeepMind", https://deepmind.google/
    Silver, D., Huang, A., Maddison, C. J., Guez, A., Sifre, L., van den Driessche, G., ... & Hassabis, D. (2016). Mastering the game of Go with deep neural networks and tree search. Nature, 529(7587), 484–489.
    Luke D. (2014). Google Acquires Artificial Intelligence Company DeepMind For $500 Million. https://www.cultofandroid.com/50541/google-acquires-artificial-intelligence-company-deepmind-500-million/
    Tammy L. (2022). Google and DeepMind face legal claim for unauthorised use of NHS medical records https://www.healthcareitnews.com/news/emea/google-and-deepmind-face-legal-claim-unauthorised-use-nhs-medical-records
    European Union. (2016). General Data Protection Regulation (GDPR). Official Journal of the European Union, L 119, 1-88. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
    El Emam, K., & Malin, B. (2021). De-identification practices for open health data: The case of the Heritage Health Prize claims dataset. Journal of the American Medical Informatics Association, 20(1), 38-40.
    Adams, C., & Lloyd, S. (2003). Understanding PKI: Concepts, Standards, and Deployment Considerations. Addison-Wesley Professional.
    Goldwasser, S., Micali, S., & Rackoff, C. (1985). The Knowledge Complexity of Interactive Proof-Systems. SIAM Journal on Computing, 18(1), 186-208.
    Mendes, R., & Vilela, J. P. (2017). Privacy-preserving data mining: Methods, metrics, and applications. IEEE Access, 5, 10562-10582.
    Samarati, P., & Sweeney, L. (1998). Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. IEEE Symposium on Research in Security and Privacy.
    Machanavajjhala, A., Kifer, D., Gehrke, J., & Venkitasubramaniam, M. (2007). l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD), 1(1), 3.
    Li, N., Li, T., & Venkatasubramanian, S. (2007). t-closeness: Privacy beyond k-anonymity and l-diversity. IEEE 23rd International Conference on Data Engineering.
    Dwork, C. (2006). Differential privacy. Automata, languages and programming, 1-12.
    Merkle, R. C. (1988). A Digital Signature Based on a Conventional Encryption Function. In Advances in Cryptology—CRYPTO '87 (pp. 369-378). Springer.
    Goldreich, O., Micali, S., & Wigderson, A. (1991). Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM, 38(3), 690-728.
    Parno, B., Howell, J., Gentry, C., & Raykova, M. (2013). Pinocchio: Nearly practical verifiable computation. In Proceedings of the IEEE Symposium on Security and Privacy (SP) (pp. 238-252).
    "iden3", https://iden3.io/
    "Circom 2 Documentation", https://docs.circom.io/
    Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., & Schofnegger, M. (2021). Poseidon: A new hash function for {Zero-Knowledge} proof systems. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 519-535).
    Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., & Yang, B.-Y. (2012). High-speed high-security signatures. Journal of Cryptographic Engineering, 2, 77-89.
    Groth, J. (2016). On the size of pairing-based non-interactive arguments. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 305-326).

    下載圖示
    QR CODE