Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PINE: Efficient Norm-Bound Verification for Secret-Shared Vectors

Guy N. Rothblum, Eran Omri, Junye Chen, Kunal Talwar

TL;DR

The paper tackles secure aggregation across two non-colluding servers by enforcing that each secret-shared vector contribution has a bounded $\ell_2$-norm, mitigating poisoning attacks. It introduces PINE, a protocol for exact norm verification with distributed zero-knowledge and no offline setup, achieving a practical $\tilde{O}(\sqrt{d})$ communication overhead via a distributed Fiat-Shamir transform. The construction combines a range-check subprotocol, a wraparound-detection test, and quadratic-constraint verification to certify $\sum_i X_i^2 \le B$ while preserving ZK properties; it also offers a differentially private variant. Empirical results show substantial communication and runtime improvements over prior work, making exact norm verification feasible for very high-dimensional vectors in federated settings.

Abstract

Secure aggregation of high-dimensional vectors is a fundamental primitive in federated statistics and learning. A two-server system such as PRIO allows for scalable aggregation of secret-shared vectors. Adversarial clients might try to manipulate the aggregate, so it is important to ensure that each (secret-shared) contribution is well-formed. In this work, we focus on the important and well-studied goal of ensuring that each contribution vector has bounded Euclidean norm. Existing protocols for ensuring bounded-norm contributions either incur a large communication overhead, or only allow for approximate verification of the norm bound. We propose Private Inexpensive Norm Enforcement (PINE): a new protocol that allows exact norm verification with little communication overhead. For high-dimensional vectors, our approach has a communication overhead of a few percent, compared to the 16-32x overhead of previous approaches.

PINE: Efficient Norm-Bound Verification for Secret-Shared Vectors

TL;DR

The paper tackles secure aggregation across two non-colluding servers by enforcing that each secret-shared vector contribution has a bounded -norm, mitigating poisoning attacks. It introduces PINE, a protocol for exact norm verification with distributed zero-knowledge and no offline setup, achieving a practical communication overhead via a distributed Fiat-Shamir transform. The construction combines a range-check subprotocol, a wraparound-detection test, and quadratic-constraint verification to certify while preserving ZK properties; it also offers a differentially private variant. Empirical results show substantial communication and runtime improvements over prior work, making exact norm verification feasible for very high-dimensional vectors in federated settings.

Abstract

Secure aggregation of high-dimensional vectors is a fundamental primitive in federated statistics and learning. A two-server system such as PRIO allows for scalable aggregation of secret-shared vectors. Adversarial clients might try to manipulate the aggregate, so it is important to ensure that each (secret-shared) contribution is well-formed. In this work, we focus on the important and well-studied goal of ensuring that each contribution vector has bounded Euclidean norm. Existing protocols for ensuring bounded-norm contributions either incur a large communication overhead, or only allow for approximate verification of the norm bound. We propose Private Inexpensive Norm Enforcement (PINE): a new protocol that allows exact norm verification with little communication overhead. For high-dimensional vectors, our approach has a communication overhead of a few percent, compared to the 16-32x overhead of previous approaches.
Paper Structure (26 sections, 14 theorems, 30 equations, 4 figures, 10 tables)

This paper contains 26 sections, 14 theorems, 30 equations, 4 figures, 10 tables.

Table of Contents

  1. Introduction
  2. Our Work
  3. Model, Definitions and Preliminaries
  4. Distributed Verification Protocols
  5. Composition of dZKIPs
  6. An Example: Verifying Linear Equalities
  7. Norm Verification
  8. Range-Check Subprotocol
  9. Protocol overview.
  10. Detecting Wraparound
  11. Protocol overview.
  12. Soundness, case $I$ (large max).
  13. Soundness, case $II$ (bounded max).
  14. Verifying Quadratic Constraints
  15. Soundness amplification.
  16. ...and 11 more sections

Key Result

Theorem 1.1

Let $X \in \mathbb{Z}^d$ be a secret-shared vector and $B \geq 0$. Fix $\rho >0$, and set $r = \lceil 32\ln \frac{1}{\rho} \rceil$. For any field of size $q \geq \Omega(\max \{ B, 3r \})$ there is a distributed verification protocol with the following properties: The proof system is in the common reference string model, and consists of a single message of length $O\left(\sqrt{d} \log q + r \log^2

Figures (4)

  • Figure 1: Range Check $\pmod{q}$ Protocol
  • Figure 2: Wraparound Detection Protocol
  • Figure 3: $L_2$-Bound Protocol
  • Figure 4: Differential Zero Knowledge $L_2$-Bound Protocol

Theorems & Definitions (37)

  • Theorem 1.1: Informal version of \ref{['thm:norm-bound']}
  • Theorem 1.2: Informal Version of \ref{['thm:dzk-norm-bound']}
  • Definition 2.1
  • Definition 2.2: Distributed ZK Interactive Proof (dZKIP)
  • Remark 2.3: indistinguishability under varying private inputs
  • Remark 2.4: Non-interactive and malicious ZK via Fiat-Shamir
  • Lemma 2.5: ZK composition
  • proof : Proof sketch.
  • Example 1: A protocol for linear equality
  • Lemma 3.1
  • ...and 27 more