A Privacy Preserving Approach to Collaborative Systemic Risk Identification: The Use-Case of Supply Chain Networks
Table 4
Description of the calculateSecureShortestPath() method.
Line
Description
1-4
The calculateSecureShortestPath() is a recursive method, which sequentially routes the requests of the calculation of shortest paths via the neighboring players. Therefore, each player should not receive a duplicate request for the calculation of a specific path. However, a player may receive such a request, since the graph of the SCN is not necessarily acyclic. Once current player routes the message of the calculation of a specific shortest path via a neighboring player, due to the possible graph cycles, after few message routings player might receive its own message from a neighboring player causing endless loop. To avoid such conditions, the method uses a busy flag ().
As long as player is busy with the calculation of the shortest paths between players and , if it receives a message for the calculation of the same path, it implies that the message is its own message. Therefore, Line 1 identifies this message as a duplicate message. Furthermore, Line 3 prevents further calculations of the method and returns . Returning ensures that the duplicate request has no influence on the result of the calculations, and the method terminates.
5-8
To calculate the BC (c.f. Equation (1)), it is important to know the number of the shortest paths between two players, and to know which players are forming the shortest paths. The absolute numeric value of the length of the shortest paths does not change the result of BC. Thus, for privacy preserving concerns, we can modify the absolute numeric value ofthe distances between players by adding an offset to the target players given that the number of shortest paths and their forming players remain intact. Still, we obtain the same results as without modification of the distances.
In our method, each player uses its own private number (delta explained in Table 1) to modify the distance value (Line 7). Note that, this number must not be the players’ unique number, because if it is so, the positioning of the players might be disclosed. Please note, since the communication is only via neighboring players, this private number is only known to the player and its neighboring players. Players use the private number only if they are the target player . This assures a consistent modification of the distances to a specific target player and the comparability of the results for the source player .
The following scenario elaborates the importance of using to modify the value of distance. In our exemplary network (Figure 1), if the method does not modify the value of distances, and player shares 1 as its distance to players 7 , player (as a neighboring player of player ) infers that players and are adjacent. But if the method uses a modified value of the distance (we define, for player be ), player shares 71 as its distance to players 7 . This modification hinders unwanted information sharing in terms of inferring the positioning of players in the network.
To find the shortest paths, we must be able to compare the distances of the paths. Although the modified distance values (Line 7) eliminate many sorts of privacy concerns, yet there is a chance to reconstruct parts of the network structure by comparing the modified values. For instance in Figure 1 we set to 7. The distance of player to via player is and the distance of player to via player is . Based on this information, player reveals that players and are adjacent. Therefore, in addition to modifying the shortest path we apply a privacy preserving method to compare the shortest paths (See Line 17-40).
9-12
If the player already calculated the distance to target player , then it returns this calculated value of distance. This part increases the efficiency of the method by preventing recalculation of the shortest paths, which are already calculated.
13-43
If the current player receives a request for the calculation of a specific path for the first time and is not the target player, this part of the method (Line 17-40) recursively calculates the shortest paths between source player and target player .
To avoid data inconsistency during the execution of various instances of the method, Line 16 sets the temporary distance variable to which is the initial distance value of the current player to the target. The method does not use its distance attribute () for calculations, because the value of , may change during the calculation of a specific shortest path, leading to inconsistency of the result. The following example elaborates the necessity of the temporary distance variable.
We assume player is executing calculateSecureShortestPathand it is the first request to player for calculating the path to player . Players and are not adjacent and the initial value of the distance is . In the meantime, player receives the request for calculation of the path from source player to target player (calculateSecureShortestPath). If the execution of this requestends faster than calculateSecureShortestPath, player updates the distance to player () to . Consequently, the value of for the player varies during the execution of calculateSecureShortestPath.This leads to inconsistent values of the distance for the comparisons within the execution of the method. Using , the method prevents this sort of inconsistencies.
When player starts the calculation of the path between source player and target player via its neighboring players, Line 15 sets the to true. When player finishes calculating the shortest paths between players and , Line 41 sets to false. It allows the player to respond to the messages which are not originating from itself. At Line 42 the method returns the value of distance ), which is the distance of player to the target player ().
17-40
Current player routes the message of the calculation of the path via all neighboring players to calculate the result recursively. For this purpose Line 17 goes through each player to , where is the number of players in the network. Furthermore, the method identifies the neighboring players and only routes the request for calculating the shortest path via them.
19-39
Player identifies its neighboring players at Line 19. For this purpose it considers a given player as a neighboring player when the distance of the current player to the player is equal to one ( (Equation (2))). The player routes the request of calculation only via its neighboring players, since for privacy preserving concerns we limit direct communication of players and only allow communication via neighboring players. Please note that in this paper we assume the connections in the SCN are equally weighted. In a weighted graph, another mechanism to identify the neighboring players will be necessary.
Furthermore, this part of the method determines a new shortest path (Line 21-28), or the additional shortest paths (Line 29-38).
21-28
This part of the method determines if the path via the neighboring player is a new shortest path.
We define, smin as a function which performs the comparison of given input parameters and based on Yao’s secure comparison algorithm as
which keeps the input parameters of the players and private.
In method calculateSecureShortestPath() we are interested in finding the result of . The values of and are known to player . The distance of the neighboring player to target player , () is known to player . To use , and keep the input variables of each player private, we do the comparison as which uses the input of the current player and the neighboring player separately. The value of is not known for the current player, therefore it routes the requests to its neighboring player to participate in the calculation of the by Please note, as mentioned at Line 16 current player uses a temporary distance value instead of during the calculation.
Player does not share the distance value, and takes part with its encrypted input in the secure comparison of the distances. If the result of smin() is true, it implies that the alternative path via is shorter than the existing path(s), so this path is a shortest path in this iteration. In this case current player, at Line 27, assigns the calculated value of distance to its temporary variable of distance .
For privacy preserving concerns, we share as little information as possible. Consequently, if the alternative path via player is not shorter than the existing one(s), current player will not find it out.
23-26
Since the method is recursive, it is important to prevent assignment of values during the execution and before the source player which initiated the request receives the final result. Line 23 examines if is source player , which implies the initiating player received its own request, and then allows the method to update .
By finding a new shortest path (at Line 21), the previously found path(s) and the players which are forming these paths are not relevant anymore. Player is the neighboring player, which connects player with the shortest path to the target. Therefore, the method updates , and sets player as its only member.
29-38
If the path via the neighboring player is not shorter than previously found shortest path(s), this part of the method determines if the path via this neighboring player is an additional shortest path.
31-37
This part of the method aims to determine if the path via the neighboring player is an additional shortest path. If the following equation is true, it implies that the alternative path via player , and the already calculated path are equal.
In our case we evaluate the following expression: . In the case of , we only need to examine = true. Line 31 of the methods performs this comparison.
For privacy preserving concerns (as already elaborated at Line 21-28) player does not share the distance value, but only takes part with its encrypted input for secure multiparty calculation of ,a. calculateSecureShortestPath()
It should be noted that for the comparison of the shortest path distances (Line 31) the current player does not know , and therefore routes the request to the neighboring player by a. calculateSecureShortestPath(s,t). Please note, the neighboring player , already calculated this path (as Line 21) and therefore immediately returns this value.
33-36
Since the method is recursive, it is important to prevent the assignment of values before the source player, which initiated the request receives the final result. Line 33 examines if is source player and then allows the method to update .
Finding an additional shortest path implies that player is connecting player with the shortest path to target player . Therefore, Line 35 adds player to .
