Privacy-preserving data aggregation protocols have been researched widely, but usually cannot guarantee correctness of the aggregate if users are malicious. These protocols can be extended with zero-knowledge proofs and commitments to work in the malicious model, but this incurs a significant computational cost on the end users, making adoption of such protocols less likely.We propose a privacy-preserving data aggregation protocol for calculating the sum of user inputs. Our protocol gives the aggregator confidence that all inputs are within a desired range. Instead of zero-knowledge proofs, our protocol relies on an asynchronous probabilistic hypergraph-based detection algorithm with which the aggregator can quickly pinpoint malicious users. Our protocol is robust to user dropouts and is non-interactive apart from the registration phase. We describe several optional extensions to our protocol for temporal aggregation, dynamic user joins and leaves, and differential privacy. We analyse our protocol in terms of security, privacy, and detection rate. Finally, we compare the runtime complexity of our protocol with a selection of related protocols.iii Preface This thesis describes my alternative solution to detecting malicious users in a privacy-preserving data aggregation protocol. My decision to dive into this field of research came after following the Privacy-Enhancing Technologies course by dr. ir. Erkin-who would later supervise this very thesis-and being inspired by the almost-magical properties of homomorphic encryption and oblivious transfer, amongst others. During my thesis, I first read up on privacy-preserving data aggregation for three months. Then, I decided to research the issue of detecting malicious users because the solutions I found were more like workarounds than proper solutions. So, I came up with my own solution, and then spent four months investigating my own solution to find out if it was any good. Luckily for me, it was, so I spent the final three months writing my thesis. Meanwhile, I wrote a paper about my solution, the second attempt of which is yet to be reviewed. All in all, this thesis is the culmination of 310 days of work, an estimated 1.063% of my entire life until my projected death. It is the crowning jewel on my 1846 days (6.189%) as a computer science student at TU Delft, and while it is neither perfect nor exhaustive, it is something I am proud of.I thank Zekeriya Erkin especially for keeping me engaged and motivated, particularly during my time in isolation because of some sort of worldwide pandemic; working from home does not suit me in the least. I thank Oguzhan Ersoy for his mathematical and cryptographic help during both the design and the analysis of my solution. I thank Dion Gijswijt for his mathematical insights, even though I was too late to process them into this work. Finally, I thank my family, girlfriend, friends, and colleagues for their patience on the occasions when I prioritised my thesis over them.
