A Differentially Private Encryption Scheme

Encrypting data with a semantically secure cryptosystem guarantees that nothing is learned about the plaintext from the ciphertext. However, querying a database about individuals or requesting for summary statistics can leak information. Differential privacy (DP) offers a formal framework to bound the amount of information that an adversary can discover from a database with private data, when statistical findings of the stored data are communicated to an untrusted party. Although both encryption schemes and differential private mechanisms can provide important privacy guarantees, when employed in isolation they do not guarantee full privacy-preservation. This paper investigates how to efficiently combine DP and an encryption scheme to prevent leakage of information. More precisely, we introduce and instantiate differentially private encryption schemes that provide both DP and confidentiality. Our contributions are five-fold, we: (i) define an encryption scheme that is not correct with some probability αm1,m2 i.e., an αm1,m2 -correct encryption scheme and we prove that it satisfies the DP definition; (ii) prove that combining DP and encryption, is equivalent to using an αm1,m2 -correct encryption scheme and provide a construction to build one from the other; (iii) prove that an encryption scheme that belongs in the DP-then-Encrypt class is at least as computationally secure as the original base encryption scheme; (iv) provide an αm1,m2 -correct encryption scheme that achieves both requirements (i.e., DP and confidentiality) and relies on Dijk et al.’s homomorphic encryption scheme (EUROCRYPT 2010); and (v) perform some statistical experiments on our encryption scheme in order to empirically check the correctness of the theoretical results.