Categories: aggregatehiderestrict

Aggregation Gateway


Encrypt, aggregate and decrypt at different places.


A service provider gets continuous measurements of a service attribute linked to a set of individual service users.


The provision of a service may require detailed measurements of a service attribute linked to a data subject to adapt the service operation at each moment according to the demand load. However, these measurements may reveal further information (e.g. personal habits, etc.) when repeated over time.


A homomorphic encryption (e.g. Paillier) is applied at the metering system, using a secret shared with the service provider (generated by applying e.g. Shamir’s Secret Sharing Scheme)
The encrypted measurements from a group of users are transmitted to an independent yet trusted third party. This third-party cannot know about the content of each measurement (as it is encrypted), but it can still operate on that data in an encrypted form (as the encryption system is homomorphic). There are different trusted third parties for each group of users. In order to improve the privacy resilience, each user may belong to several groups at the same time.
The trusted third-party aggregates the measurements from all the users in the same group, without accessing the data in the clear at any time.
The service provider receives the encrypted, aggregated measurement and decrypts it with the shared secret.

A feeder metering system can be added as a measuring rod which introduces a comparison for each group of meters.

Let the service provider have reliable access to the aggregated load at every moment, so as to fulfil its operating requirements, without letting it access the individual load required from each specific service user.


There is a need to deploy trusted third parties that compute the aggregations over each group of users. Note that they need to be honest (i.e., they cannot collude with the other parties involved), but they need not respect confidentiality (as they only have access to encrypted contents). Smart meters are needed that have computation resources to apply secret generation and homomorphic encryption procedures (note that this is trivial when dealing with the use of computational resources, but it does not have to be always available in the case of e.g. smart grid systems). The potential range of measured values must be large enough to avoid brute force attacks. Robust homomorphic encryption schemes introduce a large computational load.


An electric utility operates a smart grid network with smart meters that provide measurements of the instantaneous power consumption of each user. The utility employs that information to adapt the power distribution in a dynamic fashion, according to the user demand at each moment.

[Known Uses]

  • Lu, R., Liang, X., Li, X., Lin, X., & Shen, X. (2012). Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications.Parallel and Distributed Systems, IEEE Transactions on, 23(9), 1621-1631.
  • Rottondi, C., Verticale, G., & Capone, A. (2013). Privacy-preserving smart metering with multiple data consumers. Computer Networks, 57(7), 1699-1713.
  • Kursawe, K., Danezis, G., & Kohlweiss, M. (2011, January). Privacy-friendly aggregation for the smart-grid. In Privacy Enhancing Technologies (pp. 175-191). Springer Berlin Heidelberg.