Title : Privacy-Preserving Updates to Anonymous and
Confidential Databases .
Abstract : Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple
owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are
used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple
breaks the privacy of Bob (e.g., a patient’s medical record); on the other hand, the confidentiality of the database managed by Alice
is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with
the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database respectively. In this
paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential
databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness
and experimental results to illustrate their efficiency.