Private and Scalable Execution of SQL Aggregates on a Secure Decentralized Architecture.

Current applications, from complex sensor systems (e.g., quantified self) to online e-markets, acquire vast quantities of personal information that usually end up on central servers where they are exposed to prying eyes. Conversely, decentralized architectures that help individuals keep full control of their data complexify global treatments and queries, impeding the development of innovative services. This article aims precisely at reconciling individual's privacy on one side and global benefits for the community and business perspectives on the other. It promotes the idea of pushing the security to secure hardware devices controlling the data at the place of their acquisition. Thanks to these tangible physical elements of trust, secure distributed querying protocols can reestablish the capacity to perform global computations, such as Structured Query Language (SQL) aggregates, without revealing any sensitive information to central servers. This article studies how to secure the execution of such queries in the presence of honest-but-curious and malicious attackers. It also discusses how the resulting querying protocols can be integrated in a concrete decentralized architecture. Cost models and experiments on SQL/Asymmetric Architecture (AA), our distributed prototype running on real tamper-resistant hardware, demonstrate that this approach can scale to nationwide applications.