理性隐私计算及隐私风险可控技术研究

The existing privacy computing as a key technology of privacy protection is difficult to achieve the perfect privacy security. In order to mitigate the contradiction between the privacy protection and service quality, and realize the combination of technology and management, a new privacy communication model and its game model are provided, and the concept and its basic theory of rational privacy computing are proposed in our project. The purpose is to solve the problem of optimal equilibrium and risk control between privacy protection and service quality from rational view, and to provide a new idea for the research on the technology and mechanism of privacy protection. The main contents are as follows: Firstly, a new privacy communication model and its game model will be proposed. The privacy quantitative methods are systematically studied based on our proposed models, including basic quantitative methods, quantitative methods with subjective feelings and rational quantitative methods. Secondly, the fair exchange between privacy loss and service quality will be designed based on rational exchange protocol and our privacy quantitative methods. Furthermore, the project will study rational secure multi-party computation and rational collaborative computing for privacy protection based on the traditional secure multi-party computation protocol and incentive compatibility mechanism. Thirdly, the rational access control model and mechanism will be designed based on the mechanism design theory. Finally, we will focus on the rational difference privacy computing method, the rational quantitative risk assessment models, the privacy risk control technology and its application simulation.

现有以隐私保护为核心的隐私计算技术难以实现隐私的零泄露，针对隐私保护与服务需求的矛盾，构造一种新的隐私传播通信模型及博弈模型，提出理性隐私计算的概念及基本内容体系，实现技术与管理相结合的隐私安全解决方案，从理性角度解决隐私保护与服务质量之间的最优均衡及风险可控问题，为探讨隐私保护技术及机制提供新的思路。具体包括：(1) 提出新的隐私传播通信模型及其博弈模型，在此基础上系统地研究隐私量化方法，包括基本量化方法、带主观感受的量化方法和理性量化方法；(2) 基于理性隐私量化方法和理性交换协议探讨隐私损失与服务质量的理性公平交换，进一步基于理性安全多方计算和激励相容机制，探讨面向隐私保护的多方理性保密合作计算；(3) 提出理性访问控制模型，基于机制设计理论探讨理性访问控制机制及技术；(4) 提出理性差分隐私算法方法，研究隐私风险量化理性评估模型，探讨隐私风险可控技术及其应用仿真。

隐私保护与数据服务之间的矛盾日益突出，但现有的隐私计算技术很难实现零泄露的隐私保护。本项目的目标是从博弈均衡的角度提出理性隐私计算概念及其基本内容体系，通过构造一种新的隐私传播通信模型及其博弈模型，从理性角度解决隐私保护与数据可用性之间的最优均衡及风险可控问题，实现技术与管理相结合的隐私安全解决方案，为探讨隐私保护技术及机制提供新的思路。通过四年的研究，完成的主要研究及取得的结果有：(1) 基于Shannon信息论设计了新的隐私传播通信模型、隐私信息熵模型和博弈模型，包括隐私保护基本信息熵模型、含敌手攻击的隐私保护信息熵模型、带主观感受的信息熵模型和多隐私信源的信息熵模型；(2) 设计了隐私保护强度和敌手攻击能力的量化测评算法，系统地研究了隐私量化方法，包括基本量化方法、带主观感受的量化方法和理性隐私量化方法；(3) 构建了一种交换协议的理性模型及其公平机制，进一步基于理性安全多方计算和激励相容机制，探讨了面向隐私保护的多方理性保密合作计算，解决了面向隐私保护的分布式计算问题；(4) 结合博弈论提出了理性外包计算模型，基于纳什均衡设计了外包计算验证策略，构造了基于密文策略的属性签名方案；(5) 提出了风险自适应访问控制模型和理性访问控制模型，进一步结合扩展式博弈和演化博弈分别设计了隐私泄露风险量化评估方法及理性隐私风险访问控制模型，解决了数据共享的隐私保护与数据访问效用之间的平衡；(6) 通过建立差分隐私理性量化评估模型，形成了风险可控的理性数据发布技术；(7) 设计了相关仿真实验测试原型，验证了所提出的模型和算法的正确性。通过研究，项目组初步构建了理性隐私计算的基本理论和方法，形成了一批创新成果，构建了具有应用前景的理性风险可控技术，圆满完成了计划研究任务，实现了研究目标和超额完成了指标要求，在科学研究、人才培养和团队建设方面取得了较好的成果，进一步加强了团队的影响力。