Private and Robust Aggregate Statistics Collection with Shamir-Secret Sharing

Today's world is filled with smartwatches and smartphones which collect data every second of every day. The data collected from the user of such devices, the client, and is being accessed by the creator of the applications on the devices at the servers. The client's data is sensitive and private (e.g., its current location), and the servers need only the statistical functions over the values of all clients (e.g., the most popular location). The existing work Prio [\cite{DBLP:journals/corr/Corrigan-GibbsB17}] presents a privacy-preserving protocol for the collection of aggregate statistics. Their protocol ensures that the client's private data is protected as long as at least one server is honest. However, it is only robust against malicious clients and not against malicious servers. In particular, even a single malicious server can arbitrarily change the aggregate output. In this work, we present a new protocol that guarantees data privacy as well as system robustness in the presence of both malicious clients and malicious servers as long as a majority of the servers are honest. Our new protocol extends the Prio protocol by introducing Shamir secret sharing in place of additive secret sharing.