Unanimous-Release Confidentiality

• Unanimous-release confidentiality is a cryptographic guarantee that prevents up to N-1 malicious clients from accessing an honest client’s data before all participants enact unanimous decryption.
• It utilizes per-client affine masking and priority-driven sequential consensus locking to obfuscate data and ensure all-or-nothing release in secure multi-client data aggregation.
• Empirical validations on high-dimensional data, such as MNIST vectors, demonstrate IND-CPA security and effective malicious deviation detection with minimal computational overhead.

Unanimous-release confidentiality is a cryptographic guarantee in secure multi-client data aggregation protocols that ensures no coalition of up to $N-1$ malicious participants, even with the coordinator going offline, can extract any information about an honest client's private data prior to all clients' explicit participation in the unanimous decryption procedure. The Consensus-Based Privacy-Preserving Data Distribution (CPPDD) framework rigorously enforces unanimous-release confidentiality via a combination of per-client affine masking and priority-driven sequential consensus locking, achieving formal security under the IND-CPA paradigm and practical scalability for high-dimensional data (Panth et al., 1 Jan 2026).

1. Formal Definition and Security Model

Unanimous-release confidentiality is satisfied if no probabilistic polynomial-time (PPT) adversary $\mathcal{A}$, controlling up to $N-1$ clients, can distinguish between two private inputs of the honest client prior to that client's decryption action. Formally, this is expressed via the experiment ${\sf Exp}^{\sf URC}_{\sf CPPDD}(\kappa)$:

• Setup: The trusted coordinator initializes protocol parameters with security parameter $\kappa$.
• Challenge selection: Adversary $\mathcal{A}$ selects two challenge vectors $D_k^0, D_k^1 \in \F_p^D$ for the target honest client $C_k$.
• Protocol execution: The challenger randomly selects $b\in\{0,1\}$, obfuscates all payloads (including the challenge), and performs consensus encryption. All public output (obfuscated data, step checksums, consensus lock parameters) is revealed except the honest client's masking keys.
• Guess: $\mathcal{A}$ outputs a guess $b'$.

The adversary's advantage is

$$\mathrm{Adv}^{\sf URC}_{\mathcal{A}(\kappa)} = |\Pr[b'=b] - \tfrac12|$$

Unanimous-release confidentiality holds if, for all PPT adversaries, the advantage is negligible in $\kappa$.

2. Per-Client Affine Masking and Obfuscation

CPPDD employs a per-client affine masking mechanism over a prime field $\F_p$ for data vectors of dimension $D$:

• Key Generation: For each client $C_i$,

$(\lambda_i, r_i) \xleftarrow{\$} \F_p^\times \times \F_p^D$</p> <p>where$\lambda_i$$is sampled (or derived from a secure <a href="https://www.emergentmind.com/topics/pseudo-relevance-feedback-prf" title="" rel="nofollow" data-turbo="false" class="assistant-link" x-data x-tooltip.raw="">PRF</a>) as a nonzero multiplier and$$r_i$$as a random vector offset.</p> <ul> <li><strong>Obfuscation</strong>: Each private payload$$D_i$is transformed via</li> </ul> <p>$O_i = \lambda_i \odot D_i + r_i \in \F_p^D$$</p> <ul> <li><strong>Deobfuscation</strong>: Upon unanimous protocol completion, clients recover their data using</li> </ul> <p>$$D_i = (O_i - r_i) \odot \lambda_i^{-1}$$</p> <p>guaranteeing exact recovery due to invertibility of$$\lambda_i$.</p> <p>This affine masking scheme renders each client&#39;s contribution pseudorandom until all participants&#39; unmasking is completed.</p> <h2 class='paper-heading' id='priority-driven-sequential-consensus-locking'>3. Priority-Driven Sequential Consensus Locking</h2> <p>CPPDD utilizes a fixed-priority chain where each client sequentially removes a consensus lock from the global aggregate. The locking mechanism is structured as follows:</p> <ul> <li><strong>Consensus Encryption</strong>: <ul> <li>Aggregate all masked payloads:</li> </ul> <p>$L^{(0)} = \sum_{i=1}^N O_i$- For$i=N, \ldots, 1$, iteratively apply invertible operations$\circ'_{\theta_i}$with key$k_{c,i}$and register a step checksum:</p> <p>$L^{(N-i+1)} = L^{(N-i)} \circ'_{\theta_i} k_{c,i}$</p> <p>$\sigma_{S,i} = H\left(\sum_{d=1}^D L^{(N-i)}_d\right)$$</p></li> <li><p><strong>Consensus Decryption</strong>:</p> <ul> <li>Each client$$C_j$$, in priority order, executes the forward operation$$\circ_{\theta_j}$and validates$\sigma_{S,j}$.</li> <li>On checksum mismatch ($\sigma_{S,j}\neq \sigma'_{S,j}$), or failure after$\tau$ retries, the protocol triggers an atomic abort, preventing any partial data release.</li> </ul></li> </ul> <p>This locking scheme ensures all-or-nothing confidentiality: data is only unveiled if all clients follow the decryption chain in sequence.</p> <h2 class='paper-heading' id='correctness-integrity-and-formal-security-proofs'>4. Correctness, Integrity, and Formal Security Proofs</h2> <p>CPPDD&#39;s guarantees are established via three central theorems:</p> <ul> <li><strong>Correctness</strong>: Honest protocol execution results in exact data recovery and matching checksums for all parties.</li> <li><strong><a href="https://www.emergentmind.com/topics/consensus-dependent-integrity-and-fairness-cdif" title="" rel="nofollow" data-turbo="false" class="assistant-link" x-data x-tooltip.raw="">Consensus-Dependent Integrity and Fairness</a> (CDIF)</strong>: Any deviation at priority $j$causes the subsequent honest client ($j+1$) to detect a checksum inconsistency (probability$2^{-\kappa}$ for collision), immediately halting the protocol.</li> <li><strong>IND-CPA Security</strong>: Under the secure PRF assumption for the masking keys and with no collusion by the coordinator, the adversary&#39;s advantage in distinguishing target client data is negligible.</li> </ul> <p>The security reduction relies on the affine mask&#39;s PRF-derived unpredictability: summing masked payloads followed by bijective consensus locks maintains computational indistinguishability from random vectors.</p> <h2 class='paper-heading' id='algorithmic-workflow-and-pseudocode'>5. Algorithmic Workflow and Pseudocode</h2> <p>The protocol comprises two main algorithms.</p> <p><strong>Coordinator: Consensus Encryption</strong></p> <p>

Input: O[1..N], k_c[1..N], θ[1..N] Output: L_C, σ_S[1..N] L ← 0 ∈ F_p^D for i=1..N: L ← L + O[i] for i=N..1: σ_S[i] ← H(sum_d L[d]) L ← apply_inv_op(L, k_c[i], θ[i]) return L_C = L, σ_S

</p> <p><strong>Client C_j: Decrypt + Validate</strong></p> <p>

Input: L_C, {θ[i],k_c[i]}_{i=1..N}, σ_S[1..N], λ_j, r_j, priority j State: L ← L_C for i=1..j: L ← apply_op(L, k_c[i], θ[i]) σ' ← H(sum_d L[d]) if σ'≠σ_S[i] after τ retries: broadcast("ABORT"); halt if j<N: broadcast L to C_{j+1} else: post L to bulletin board # Unanimous Release O_j ← λ_j·D_j + r_j # originally stored D_j ← (O_j - r_j)·λ_j^{-1} return D_j

</p> <h2 class='paper-heading' id='complexity-and-scalability'>6. Complexity and Scalability</h2> <p>CPPDD achieves:</p> <ul> <li><strong>Computation</strong>: $O(ND)$field operations for the coordinator;$O(jD)$for client$j$in decryption; total chain cost$O(ND)$$.</li> <li><strong>Communication</strong>: Offline setup requires$$N$$unicast exchanges for locks and masks; online execution involves$$N$rounds relaying a$D$$-length vector per client, yielding total communication of$$O(ND)$$field elements.</li> <li><strong>Storage</strong>:$$O(D)$$per client for masking, state, and checksums.</li> </ul> <p>Empirical benchmarks on MNIST-derived vectors ($$D=784$$) reveal end-to-end aggregation latency under 50 ms for$$N=500$$clients, with per-client computation and validation consistently below 0.3 ms.</p> <h2 class='paper-heading' id='integrity-via-checksum-mechanisms'>7. Integrity via Checksum Mechanisms</h2> <p>CPPDD incorporates dual-level integrity checks:</p> <ul> <li><strong>Step Checksums</strong>:</li> </ul> <p>$$\sigma_{S,i} = H\Bigl(\sum_{d=1}^D L^{(i)}_d\Bigr) \in \{0,1\}^\kappa$$</p> <p>serving as tamper-evident markers after every operation.</p> <ul> <li><strong>Final Data Checksums</strong>:</li> </ul> <p>$$\sigma_{D,d} = \frac{\sum_{i=1}^N O_{i,d}}{L^{(N)}_d}$</p> <p>with honest recovery forcing$\sigma_{D,d}=1\,\, \forall d$$. Failure at this stage prompts an abort before unmasking.</p> <p>These checks ensure deterministic detection of malicious manipulation throughout all intermediate protocol states.</p> <h2 class='paper-heading' id='empirical-observations-and-practical-relevance'>8. Empirical Observations and Practical Relevance</h2> <p>Experiments conducted on MNIST vectors demonstrate:</p> <ul> <li><strong>Malicious deviation detection</strong>: 100$$N-1$$coalition attacks, corresponding to the negligible collision probability of the employed hash functions.</li> <li><strong>Abort behavior</strong>: Reliable protocol halt at the first honest client post-deviator, ensuring no partial data leakage.</li> <li><strong>No information leakage</strong>: Empirical adversarial advantage observed in challenge input distinguishability was below$$10^{-6}$, consistent with theoretical IND-CPA bounds.

CPPDD's unanimous-release confidentiality supports secure atomic collaboration in domains such as consortium federated learning, blockchain escrows, secure voting, and geo-information aggregation, with strong resistance to collusion and minimal overhead even in resource-constrained or regulated settings (Panth et al., 1 Jan 2026).