Full Program »
Sipster: Settling IOU Privately and Quickly with Smart Meters
Cyber-physical systems revolutionize the way computing systems interact with our physical world. Smart grid is a prominent example. With advanced features such as fine-grained billing, user privacy is at a greater risk than before. For instance, a utility company (UC) can infer customers’ (fine-grained) usage patterns from their payment. The literature only focuses on hiding individual meter readings in bill calculation. It is unclear how to preserve amount privacy in verifiable payment. After all, UC needs to assert that each customer has settled the amount as calculated in the bill. Note that e-cash by itself only preserves privacy for withdrawal and spending of e-coins but does not hide the payment amount.
How to settle the bill issued by a smart meter, while UC (who owns the meter) cannot learn about the bill that leaks one’s fine-grained utility usage? We avoid this seemingly unavoidable privacy leakage by advocating a new paradigm of cash payment settlement. Our protocol Sipster preserves the privacy of users by letting them pay their bills in unit amount, which also allows the UC to obtain payments earlier in the pay-as-you-go model. Sipster thus enables a win-win situation. A highlight of Sipster is that the receipts for the payments can be combined into a 𝑂 (1)-size receipt certifying the smart meter’s certification. Without such aggregation, techniques such as zero-knowledge proof would fail since it typically cannot hide the size of the witness. Indeed, seemingly helpful tools, e.g., aggregate signatures or fully homomorphic signatures, also fail.
The novelty of Sipster lies in achieving our five goals simultaneously:
1) privacy-preserving: UC cannot infer a customer’s payment amount;
2) prover-efficient: no zero-knowledge proof is ever needed;
3) verifier-efficient: it takes constant time to verify a combined receipt;
4) double-claiming-free: customers cannot present the same receipt twice; and
5) minimalistic smart meter: it can report signed readings (needed even in a non-private setting).