[Paper] Secure, Verifiable, and Scalable Multi-Client Data Sharing via Consensus-Based Privacy-Preserving Data Distribution
Source: arXiv - 2601.00418v1
Overview
The paper introduces Consensus‑Based Privacy‑Preserving Data Distribution (CPPDD), a lightweight protocol that lets many clients pool their data securely without a trusted central party. By combining simple affine masks with a “consensus‑locking” step, CPPDD guarantees that data is released only when all participants agree, while providing built‑in integrity checks that instantly spot any malicious deviation.
Key Contributions
- Dual‑layer protection: per‑client affine masking plus priority‑driven sequential consensus locking ensures unanimous‑release confidentiality.
- Autonomous integrity verification: lightweight step (
σ_S) and data (σ_D) checksums detect cheating and trigger an atomic abort without ongoing coordination. - Scalable performance: O(N·D) computation/communication (N = clients, D = data dimension) with optional edge‑server offloading; linear scalability up to 500 clients in experiments.
- Strong security guarantees: proven IND‑CPA security (under a PRF), resistance to collusion with up to N‑1 corrupted parties, and formal Consensus‑Dependent Integrity and Fairness (CDIF).
- Broad applicability: demonstrated on MNIST‑derived vectors and benchmarked against MPC and homomorphic‑encryption (HE) baselines, achieving 10³–10⁴× fewer FLOPs while maintaining 100 % detection of malicious behavior.
Methodology
- Affine Masking – Each client multiplies its data vector by a secret scalar and adds a random offset (a classic one‑time pad style mask). The mask is locally generated, so no extra key‑exchange is needed.
- Priority‑Driven Sequential Consensus – Clients are ordered (e.g., by ID). The first client “locks” the protocol by broadcasting its masked payload and a hash of the mask. Subsequent clients verify the hash, then append their own masked payloads, each time updating a global checksum.
- Dual Checksums
- Step checksum (
σ_S) validates the order of contributions and ensures no client skips or reorders steps. - Data checksum (
σ_D) is a cryptographic hash over the aggregated masked data, enabling every participant to verify that the final aggregate matches what was contributed.
- Step checksum (
- Abort on Deviation – If any checksum fails, every client independently aborts the session, guaranteeing atomicity without a central arbiter.
- Optional Edge‑Server Offload – Heavy‑weight operations (e.g., hash aggregation) can be delegated to a low‑trust edge server; the protocol’s security proofs still hold because the server never sees raw masks.
The whole flow is post‑setup: after an initial lightweight registration, the protocol runs autonomously, requiring no further coordination.
Results & Findings
| Metric | CPPDD | MPC (Garbled Circuits) | HE (CKKS) |
|---|---|---|---|
| FLOPs per client (N=100, D=784) | ~1 × 10⁴ | ~1 × 10⁸ | ~5 × 10⁸ |
| Latency (median) | 0.8 ms | 45 ms | 120 ms |
| Detection of malicious deviation | 100 % | 95 % (requires extra rounds) | 100 % (but abort costly) |
| Communication per client | O(N·D) ≈ 78 KB | O(N·D·log p) ≈ 1.2 MB | O(N·D·ciphertext) ≈ 2 MB |
| Scalability (max N tested) | 500 (linear) | 50 (exponential blow‑up) | 30 (ciphertext size) |
Key takeaways: CPPDD scales linearly with the number of participants and data size, keeping both compute and network overhead tiny. The protocol’s integrity checks catch any deviation instantly, and the abort is atomic—all parties stop at the same moment, preventing partial leakage.
Practical Implications
- Secure Voting & Escrow – Parties can submit encrypted ballots or escrowed funds, knowing the result is revealed only when every participant consents, and any cheating aborts instantly.
- Consortium Federated Learning – Multiple organizations can share model updates (vectors/matrices) without a central aggregator, reducing trust assumptions and compliance risk (e.g., GDPR).
- Edge‑IoT Data Fusion – Sensors on a smart city grid can pool measurements while preserving privacy; the lightweight nature fits low‑power devices.
- Blockchain & Smart Contracts – CPPDD can serve as an off‑chain data‑availability layer where the contract releases funds only after a verified unanimous consensus.
- Regulated Industries – Finance, healthcare, and telecom can meet strict audit requirements because every step is verifiable and the protocol tolerates up to N‑1 compromised nodes.
For developers, the protocol can be wrapped in a few API calls (mask generation, submit, verify checksum) and integrated into existing pipelines without heavyweight cryptographic libraries.
Limitations & Future Work
- Assumes Synchronous Communication – The current design expects messages to be delivered in order; handling high‑latency or lossy networks would need additional timeout/retry logic.
- Fixed Priority Order – While simple, a static client order could be a target for denial‑of‑service; future work may explore dynamic leader election.
- Limited to Affine Masks – Extending to richer masking schemes (e.g., secret‑sharing) could broaden applicability to non‑linear operations.
- Formal Proofs in the Random Oracle Model – Security relies on idealized hash functions; moving to standard model proofs is an open research direction.
Overall, CPPDD offers a pragmatic bridge between heavyweight secure‑multiparty computation and ad‑hoc data sharing, opening the door for scalable, verifiable collaboration in real‑world systems.
Authors
- Prajwal Panth
- Sahaj Raj Malla
Paper Information
- arXiv ID: 2601.00418v1
- Categories: cs.CR, cs.DC, cs.LG
- Published: January 1, 2026
- PDF: Download PDF