Figures
Abstract
With the emergence and widespread application of cloud computing, the use of cloud platforms to solve the problem of secure multi-party computation has emerged as a new research direction. The traditional computation of a solid geometry is performed through mutual interactions between two parties, which is not suitable in an untrusted cloud computing environment. In this paper, we first design a basic protocol for a secure Euclidean distance calculation that is suitable for cloud platforms and can serve as a building block for other protocols on cloud platforms. Using the solution of the Euclidean distance problem as such a building block, we provide a new method that converts the problems of calculating solid triangular areas and solid tetrahedral volumes into the calculation of distances and determinants in three-dimensional space. Then, we discuss solid point-line distance calculations, which extent the idea of the spatial geometry security problem. We present protocols for the above problems and prove that the proposed protocols can resist conspiracy among users and the untrusted cloud platform so that they can effectively ensure the privacy of the users. We also analyze the performances of these solutions. The analysis results show that our scheme is more versatile.
Citation: Zhang J, Li L, Tang Y, Luo S, Yang Y, Xin Y (2019) Secure two-party computation of solid triangle area and tetrahedral volume based on cloud platform. PLoS ONE 14(6): e0217067. https://doi.org/10.1371/journal.pone.0217067
Editor: He Debiao, Wuhan University, CHINA
Received: January 24, 2019; Accepted: May 4, 2019; Published: June 13, 2019
Copyright: © 2019 Zhang et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
Data Availability: All relevant data are within the manuscript and its Supporting Information files.
Funding: This work is supported by the National Key R&D Program of China (Grant No. 2017YFB0802300), the Crypto Development Fund of China (Grant No. MMJJ20170122), the National Natural Science Foundation of China (Grant Nos. 61501284 and 61802117), the Key Scientific Research Project of Henan Province (Grant No. 18B520018) and the Innovative Research Team of HPU (No. T2018-1).
Competing interests: The authors have declared that no competing interests exist.
Introduction
Secure multi-party computation is an important cryptographic primitive in the fields of modern cryptography and communication. In 1982, Yao et al. [1] raised the question of a millionaire. After in-depth research, Goldreich et al. theoretically proved that all SMC problems are solvable, and they proposed a universal solution [2] [3]. Subsequently, many researchers focused on the study of SMC and obtained a rich variety of research results [4] [5] [6] [7] [8] [9]. Some schemes have be used to solve problems such as electronic voting, organizing business flows, network data flows, position determination, and medical information [10] [11] [12] [13].
With the rise of cloud computing applications, increasingly more users want to entrust cloud platforms to perform intersection computing on private information. For example, Bob has two mixtures ξ1 and ξ2, which contain components M1, M2 and M3. Alice needs a new mixture, ξ3, that contains components M1, M2 and M3. With the cloud server, Alice wants to determine if she can produce this mixture from the two mixtures possessed by Bob. However, she does not want to disclose her needs. Similarly, Bob does not want to disclose the contents of his mixtures. This problem can be transformed into a secure two-party triangle area calculation problem based on cloud computing. Specifically, the participant uploads private data after processing to the cloud and then performs the computation required by the users with the cloud server. During the implementation, the cloud server does not obtain any private information of any participant. However, the cloud cannot be completely trusted because an adversary may perform improper actions through the cloud platform such as tampering with the sensitive data of the client or with the calculation results. How to perform computations concerning the allocation of mixtures with an untrusted cloud while protecting the user’s privacy is a challenging problem.
Advantages of the scheme
In this paper, we move the traditional security computational geometry problem to the cloud platform, and we solve some solid geometry security problems. The main contributions of this study are as follows:
- (1). Designing a solution for the secure multiparty computation of the square of the Euclidean distance (SMC-SED) with a cloud platform. In this scheme, Boneh encryption and blind factor are used to protect the user’s privacy. The benefit here is that the private user data participate in the subsequent calculation in the form of a ciphertext. Security and experimental analyses prove that our scheme can resist collusion between users and untrusted cloud platforms and is optimal. This solution is a building block and can be regarded as a new cloud computing technology.
- (2). Focusing on the problem of triangular areas and that of tetrahedral volumes in three-dimensional space, we propose corresponding solutions, the Secure multiparty computation of triangle area calculation (SMC-TA) protocol and the Secure multiparty computation of tetrahedral volume calculation (SMC-TV) protocol. These new schemes convert the solid triangular area problem and the solid tetrahedral volume problem into the calculation of distances and determinants based on (1). Unlike traditional solutions, the cloud server is introduced as a third party to complete the core computing of the protocols. Even if an adversary were to break into the cloud server or compromise one of the users, he would not be able to obtain Bob’s private information. We prove the privacy-preserving property of these solutions using the security proof model, and we compare their performance with different schemes. The results show that our scheme is more versatile.
- (3). Based on the secure multiparty computation solution for the triangle area computation, we solve the secure multiparty problem of the relationship between a point and a line and propose corresponding solutions. The security of this scheme is based on SMC-TA.
Related work
The general SMC based on cloud services.
Maheshwari et al. [14] proposed SMC solution techniques that could be embedded while designing a cloud computing architecture, especially when multiple cloud users jointly compute some function on their private data inputs. Kamara et al. [15] proposed the formalized definition of server-assisted secure multi-party computation, which required that there was no collusion between an ordinary participant and the server. On this basis, Kamara et al. [16] presented the concept of the secure function calculation of cloud auxiliary, and they constructed a protocol for the secure function calculation of a single server auxiliary. Carter et al. [17] proposed an implementation mechanism for private data protection in a cloud environment based on the outsourcing technology of Oblivious Transfer. This mechanism effectively mitigated dishonest behavior by cloud service providers. Compared to Yao’s chaotic circuit technology, the structure of SMC based on a cloud service is more secure given the use of homomorphic encryption techniques. Asharov et al. [18]constructed a protocol for SMC based on cloud services with a threshold homomorphic encryption scheme. In this protocol, participants are only required to execute calculations associated with the protocol, and the secure computation was performed by the cloud server. Lopez-alt et al. [19] proposed a complete multi-key homomorphic encryption scheme, and based on this scheme, they constructed the On-the-Fly Multi-party Computation (OFMC) protocol, which was secure under malicious adversaries.
The special SMC based on cloud services.
Kerschbaum et al. [20] presented the non-interactive encrypted computation of the set intersection operation using an untrusted service provider. This service provider computed the intersection result after the users had submitted their encrypted sets to the service. The server could not obtain any information about the computation process. Kamara et al. [21] designed private set intersection (PSI) protocols in the server-aided setting, where the parties had access to a single untrusted server that made its computational resources available as a service. These protocols are secure in several adversarial models, and they address a range of security and privacy concerns such as fairness and leakage of the intersection size. Abadi et al. [22] designed a PSI on outsourced datasets based on a novel point-value polynomial representation, which ensured that intersections could only be calculated with the permission of all clients and that datasets and results remained completely confidential from the server. Veugen et al. [23] provided a generic framework that allowed an arbitrary number of users to securely outsource a computation to two non-colluding external servers with the help of a pre-processing phase that was independent of the inputs of the users. This approach was shown to be provably secure in an adversarial model. To address the inefficiency of previous schemes, Chen et al. [24] first transformed the original problem into a one-time evaluation problem for polynomials, and then, they designed four efficient and concise cloud computing environments to outsource the user set computing protocol. The analysis and comparison showed that these protocols were more efficient and concise than previously developed protocols. Chen et al. [25] transformed this traditional pattern into a cloud computation protocol that allowed an untrusted third party to be involved in the calculation process. They also designed a protocol for scalar product calculations applicable to cloud computing. On this basis, Chen the designed five solutions for spatial location relations. Although many researchers have begun to focus on SMC based on cloud services, fewer results on specific computing problems based on cloud services, especially for multi-party geometric computation, have been obtained. Research on such issues is attractive.
This paper focuses on some solid geometry problems based on cloud computing and their applications. We design the solution of secure multiparty computation of the square of the Euclidean distance using Boneh encryption. Using this solution as a building block, we solve the problem of triangular areas and that of tetrahedral volumes in three-dimensional space. On this basis, we give the protocol of the secure multiparty problem of the relationship between a point and a line.
Preliminaries
We briefly review the groups underlying our scheme.
Boneh encryption algorithm
Suppose that E is an encryption algorithm and that we are given the encryptions C1, C2 ∈ G of messages m1 and m2, respectively, where C1 = E(m1, r1) and C2 = E(m2, r2), in which r1, r2 are random numbers. We describe Boneh’s encryption algorithm and its homomorphic [26] as follows.
KeyGen (τ): Let N = pq, where p, q are two random primes. Generate a bilinear map e: (G1 × G1 → G), G1, G are groups with order N = p ⋅ q. Pick two random generators and set h = up. Then, h is a random generator of the subgroup of G with order p. The public key is PK = (G1, G, e, g, h, N), and the private key SK = q.
Encrypt (PK, m): Assume that the message space consists of integers in the set {0, 1, …, n − 1} with T < q2. To encrypt a message m (m < p) using the public key PK, pick a random number r ∈ ZN, compute c = gm hr ∈ G and output c as the ciphertext.
Decrypt(SK, c): To decrypt a ciphertext c using the private key SK = q1, observe that . Let . To recover m, it suffices to compute the discrete logarithm of base g′.
The Boneh encryption algorithm is clearly additively homomorphic. Suppose that m1 and m2 are messages. We have
Anyone can create a uniformly distributed encryption of m1 + m2 by the above formula for a random r.
More importantly, anyone can multiply two encrypted messages once using the bilinear map. Set e(g, g) = g, e(g, h) = h1, write h = gαp for some (unknown) α, and pick a random r; then, we obtain where r′ = m2r1 + m1r2 + αpr1r2+r is distributed uniformly.
Cayley-Menger determinant
The Cayley-Menger determinant is often used to address the Euclidean distance problem of an invariant space. This plays a fundamental role in the so-called “distance geometry” [27]. The Cayley-Menger bideterminant of two sequences with n vectors (p1, p2, …pn) and (q1, q2, …, qn) ∈ Rm is defined as where D(pk, ql) denotes the squared distance between pk and ql. In many cases, these two sequences are the same. Hence, it will be convenient to abbreviate D(p1, p2, …pn; q1, q2, …, qn) by D(p1, p2, …pn), which is simply called a Cayley-Menger determinant.
In m-dimensional Euclidean space, the rank of the matrix of Cayley-Menger determinants is no greater than m + 1. Specifically, D(p1, p2, …pn) = 0 when n >= m + 1. Let us show the geometric interpretation of Cayley-Menger determinants when n = 2, 3, 4 and m = 3.
For n = 2, where D(p1, p2) is the Euclidean distance between p1 and p2. Observe that the squared distance between p1 and p2 is consistent with the result of the Cayley-Menger determinant.
For n = 3, where A is the area of the triangle spanned by p1, p2, p3, and ‖‖ is the length of vector. Lij is the distance between pi and pj, i, j = 1, 2, 3.
For n = 4, where V is the volume of the tetrahedron spanned by p1, p2, p3, p4, and Lij is the distance between pi and pj, i, j = 1, 2, 3, 4.
Security proof in the semi-honest model
In the semi-honest model, the parties abide by the protocol. However, they keep a record of all the intermediate computations and expect to deduce the private inputs of other parties from the record. The security of secure two-party computations in the semi-honest model can be described as follows. There is a probability polynomial-time algorithm (referred to as a simulator). Using this simulator, any semi-honest participant can simulate the execution process of the protocol alone and obtain all the intermediate information using his own inputs and the final result from the protocol.
Definition 1 (The security of secure two-party computations in the semi-honest model) Let f: {0, 1}* × {0, 1}* → {0, 1}* × {0, 1}* be a functionality, where fi(x, y), i = 1, 2 is the ith element of f(x, y) and Π is a two-party protocol for computing f (denoted as f2). The view of the ith party during an execution of Π on (x, y), denoted as , is (x, r, m1, …, mt), where r represents the outcome of the ith party’s internal coin tosses, and mj represents the jth message that the ith party has received. Let be the ith output result. If there exists a probabilistic polynomial-time algorithm, denoted as S1 and S2, making (1) and (2) workable, we say that Π privately computes f. (1) (2)
Problems
This paper studies the following problems.
- Problem 1: Secure multiparty computation of the square of the Euclidean distance(SMC-SED). Alice has a private point PA = (x1, x2, …, xn), and Bob has a private point PB = (y1, y2, …, yn), where (n ≥ 3). Alice and Bob want to know the Euclidean distance between the points PA = (x1, x2, …, xn) and PB = (y1, y2, …, yn), where (n ≥ 3), denoted by D2(PA, PB), without disclosing PA or PB.
- Problem 2: Secure multiparty computation of the area of a triangle(SMC-TA). Alice has a private point PA = (xA, yA, zA), and Bob has private two points and . Alice and Bob want to know the area of the triangle formed by the points PA = (xA, yA, zA), , , denoted by , without disclosing PA, or .
- Problem 3: Secure multiparty computation of the volume of a tetrahedron(SMC-TV). Alice has a private point PA = (xA, yA, zA), and Bob has two private points , , and . Alice and Bob want to know the volume of the tetrahedron formed by the points PA = (xA, yA, zA), , , and denoted by , without disclosing PA, ,, or .
- Problem 4: The distance between a point and a line(SMC-DPL). Alice has a private point PA = (xA, yA, zA), and Bob has a private line
Alice and Bob want to know the distance between the point PA and the line L without disclosing PA and L.
In the next sections, we will give our solutions to the four problems in detail.
Building block
Alice has an n-dimensional point PA = (x1, x2, …, xn), and Bob has an n-dimensional point PB = (y1, y2, …, yn), where n ≥ 3. Alice and Bob want to compute the Euclidean distance without disclosing the messages of their points. We call this problem Secure multiparty computation of the square of Euclidean distance (SMC-SED). This problem is the building block of the other three problems. To solve this problem, we propose a protocol for the secure multiparty computation of the square of the Euclidean distance with the Boneh encryption algorithm. The solution transfers the main calculation to the cloud, which makes it possible for users to only perform encryption and other simple operations.
The solution of SMC-SED
The protocol for computing the square of the Euclidean distance is depicted in Fig 1. First, Alice and Bob encrypt their private values and then send their values to the server. To do so, Bob’s values are blinded so that the server cannot determine them, even if it colludes with Alice. Then, the server uses the Boneh algorithm to calculate c0, c1, and c2 and sends them to Bob. In the third step, Bob eliminates the blinding factors (r in the protocol and computes the cipher values. Therefore, Bob cannot decrypt the obtained information in this step. At the end of the protocol, Alice decrypts the cipher values and receives the square of the Euclidean distance. The protocol is described as follows.
Protocol 1. SMC-SED
Inputs: Alice’s input is PA = (x1, x2, …, xn). Bob’s input is PB = (y1, y2, …, yn), where (n ≥ 3).
Outputs: The square of the Euclidean distance formed by PA, PB.
- Step 1. Based on the Boneh encryption algorithm, Alice picks suitable parameters and generates the public-private key pair (PKA, SKA);
- Step 2. Alice computes , i = 1…n and sends it to the cloud server;
- Step 3. Bob picks a random number r(≠ 0) and computes , where i = 1…n. Then, Bob sends to the cloud server;
- Step 4. The cloud server obtains the messages that originated from Alice and Bob, and it performs the following calculations with the homomorphic property of the Boneh encryption algorithm:
Then, the cloud server sends c0, c1, c2 to Bob; - Step 5. Bob computes and sends R to Alice;
- Step 6. Alice computes and tells the result to Bob.
Security
As we know, the cloud sever is untrusted. Therefore, we have to consider the security of private information in the cloud and the complicity between the cloud and any participant. Therefore, the security model of the protocol is slightly different than the traditional model. This will be proved with five formulas in Table 1. [25]
Theorem 1. The SMC-SED protocol, denoted by Π, is private, where n ≥ 3.
Proof. We will prove this theorem by showing five simulators S1, S2, S3, S4, S5.
- (1). We first show the construction of S1. Based on the inputs PA = (x1, x2, …, xn) and LAB2, S1 proceeds as follows.
- S1 computes . Then, S1 chooses a point PB′ = (y1′, …, yn′) and a random number r′. It computes , where i = 1, …, n;
- S1 obtains , PB′ = (y1′, y2′, …, yn′), where i = 1, 2, 3…n, and performs the following calculations with the homomorphic property of the Boneh encryption algorithm:
Then, S1 computes - S1 decrypts the result ;
- S1 outputs the message list of Alice:
Note that in this protocol,
Because of the choice of PB′ = (y1′, y2′, …, yn′), and r′, it must hold that , and .
Thus, we have
- (2). Now, let us examine the construction of S2. Based on the inputs PB = (y1, y2, …, yn) and R, S2 proceeds as follows.
- S2 first chooses a random generator r and then computes Then, S2 chooses a point PA′ = (x1′, …, xn′) and computes , where i = 1…n;
- S2 performs the following calculations with the homomorphic property of the Boneh encryption algorithm:
- S2 computes .
- S2 outputs the message list of Bob as follows.
Note that in this protocol,
Because of the choice of the point PA′ = (x1′, x2′, …, xn′), it must hold that .
Thus, we have
- (3). Then, we verify the construction of S3. Based on the inputs , , c0, c1, and c2. S3 proceeds as follows.
- S3 chooses and a random number r′. S3 computes , , where i = 1, 2, 3…n.
- S3 computes
- S3 outputs the message list of cloud
Note that in this protocol, we have
Because of the choice of the points PA′, PB′ and r′, it must hold that
Obviously, .
Thus, we have
S3 proves that the cloud server can only calculate the values from Alice and Bob using its own input and output. Because the messages that it obtains are encrypted, the cloud server cannot decrypt them. Specifically, the cloud server cannot obtain any private information from Alice or Bob.
- (4). We prove the construction of S4.
When Alice conspires with the server, their inputs are
Combining with the construction of S1 and S3, we simulate S4 in a similar manner. S4 obtains the message list of Alice and the cloud server.
Clearly, Alice can decrypt all the ciphertexts coming from the information sequence with her own key pair. However, Alice still cannot obtain Bob’s private information through the above information. If she wants to obtain Bob’s private information, she has to solve the following problem:
The number of equations is less than the number of unknowns when i ≥ 3.
The view of Alice and the server is
Because of the choice of the point PB′ = (y1′, y2′, …, yn′), it must hold that
- (5). Similarly, S5 can be constructed.
S4 and S5 demonstrate that even if the cloud server and the participants conspire, they cannot obtain any private information about another participant.
In conclusion, the SMC-SED protocol is privacy preserving when n ≥ 3.
Performance analysis
In this section, the performance analysis of SMC-SED and other similar protocols will be discussed. For the convenience of comparison with SMC-SED, we choose protocols based on the privacy homeomorphism technique, including those documented in Refs. [28] [29] [30]. The comparison details are displayed in Table 2.
Communication round complexity: In SMC-SED, Alice and Bob communicate with each other one time in Step 4; thus, the communication round complexity is 1 round. Except for Rang’s protocol, whose communication cost is proportional to the original vector dimension n, all protocols have a communication efficiency of 2.
Computational complexity: We ignore the computational cost of creating random numbers and the key pair for homomorphic encryption, which can be completed in the preprocessing stage. Only the calculation phase, whose primary computational cost is a function of the dimensions and the complexity of homomorphic encryption, is considered. Let MN, ME, and MM represent the homomorphic encryption, modular exponentiation and modular multiplication, respectively. Different homomorphic algorithms are adopted by different protocols. The schemes in [28], [29], [30] adopted the Paillier homomorphic algorithm, whose modular operator p2q2, while SMC-SED adopts the Boneh homomorphic algorithm, whose modular operator is pq. For convenience of comparison, the modular operator of SMC-SED is MN. The modular operator of the other schemes is MN2.
In SMC-SED, to calculate a distance with n dimensions, Alice needs to perform n encryptions and one decryption, i.e., , i = 1…n, . Bob must perform n encryptions, 2 modular exponentiations and 2 modular multiplications, i.e., , i = 1…n, . Therefore, the computational complexity of SMC-SED can be simplified as (2n + 1)MN + 2ME + 2MM (the modular operator is N). Amirbekyan’s protocol needs 2n encryptions, n modular multiplications, and n decryptions, a total of 3nMN2 + nMM (the modular operator is N2). The computational complexity of Huang’s protocol is (n + 2)MN2 + 2ndME + nMM (modular operator is N2). Although Rane’s protocol has a similar to computational complexity to Huang’s protocol, it does not suffer an non-satisfactory communication round cost.
As observed in Table 2, SMC-SED does not possess a satisfactory computational complexity, but it achieves the lowest communication round complexity using the cloud server. However, in SMC-SED, the modular operator is N1 = pq, and the radix is g. In the other protocols, the modular operator is n2 = N12 = p2q2, and the radix is gm. Because N1 ≫ N2, gm > g, SMC-SED reduces the number of modular power operations at high orders of magnitude and reduces the users’ computing costs. Therefore, the computational complexity of SMC-SED is better than that of the other protocols.
Experimental analysis
Here, we give a quantitative analysis for our scheme and the other protocols. The runtime environment is an Intel Core i5 @CPU at 3.2GHz with 4.00 GB of RAM. The software runtime environment is Win10 64-bit and Python 3.6. The modulus N in the homomorphic algorithms is 256, 512, 1024 and 2048 bits. The times for modular exponentiation under the different modules and different exponential sizes are listed in Table 3.
From Table 3, we see that if the exponent size remains unchanged, the time will increase with increasing modulus, and the growth factor is approximately 2.1. According to Table 2, if we suppose that the time cost of SMC-SED is TA = (2n + 1)MN, the time cost of Amirbekyan’s protocol is TA ≈ 3n * 2.1 * MN, the time cost of Rane’s protocol is TR ≈ (n + 1) * 2.1 * MN, and the time cost of Huang’s protocol is TA ≈ (n + 2)*2.1*MN. Compared with MN, the cost of ME and MM is very small, and from Table 2, we can see that different protocol differ little in the cost of ME and MM. For convenience of calculation, we ignore the time cost of the modular exponentiation and the modular multiplication. Obviously, the overall computational cost of the secure computation protocols is consistent with that of modular exponentiation. Assume that the exponent size is 160, N is 256, 512, 1024 or 2048 and n = 3. We compare the trend of the time cost of the different protocol (see Fig 2). The horizontal axis is the bits of N, and the vertical axis is the time cost (ms).
It can be observed from Fig 3 that the actual experimental simulation is completely consistent with the theoretical analysis. SMC-SED indeed reduces the computing time for the users compared with the protocol in [28–30]. Therefore, SMC-SED is effective and efficient in a practical environment.
Solutions
In this section, we use SMC-SED as the basic subprotocol, and we solve the problems of the triangle area and volume calculations and give an extend protocol about the point-line distance.
SMC-TA
The problem of SMC-TA is as follows: Alice has a point PA = (xA, yA, zA), and Bob has two points . These three points can form a triangle in space. Alice and Bob want to know the area of the triangle without disclosing their private messages. To solve this problem, we first calculate the square of the Euclidean distances and , and then, we convert the problem of a triangle area into a determinant calculation about distances. The details of the protocol are as follows.
Protocol 2: Secure multiparty computation of the triangle area
Input: Alice’s input is PA = (xA, yA, zA), and Bob’s inputs are
Output: The area of the triangle is formed by PA,
SMC-TV
Similar to protocol 2, if Alice has a point PA = (xA, yA, zA) and Bob has three points , , . These four points form a tetrahedron in space. Alice and Bob want to know the volume of a tetrahedron without disclosing their private information. We call this problem the secure multiparty computation of the volume of a tetrahedron.
Protocol 3: Secure multiparty computation of the tetrahedron volume
Input: Alice’s input is PA, and Bob’s inputs are , , ;
Output: The volume of the tetrahedron is formed by PA, , ,
SMC-DPL
Using the SMC-TA as a building block, we further solve the problem of the secure multiparty computation of a point and a line. Specifically, Alice has a private point PA = (xA, yA, zA), and Bob has a private line
Alice and Bob want to know the distance between the point and the line without disclosing their private information.
We know that the area of the triangle equals half the base of the triangle times the height. If we can determine the area of the triangle using SMC-TA and the base of the triangle, the height of the triangle is exactly the distance between the point and the line. It is easy for us to obtain the distance as follows.
Protocol 4: Secure multiparty computation of the point-line distance
Input: Alice’s input is PA = (xA, yA, zA). Bob’s input is
Output: The distance between PA and L.
- Step 1. Bob randomly chooses on line L. Bob computes the distance between these two points, defined as .
- Step 2. Alice and Bob use SMC-TA to compute the area privately.
- Step 3. Bob computes with and . Then, Bob sends the result to Alice.
The security of the protocol follows from Theorem 1.
In the same way as [6], if we use the solution of SMC-TV as a building block, we can also solve other geometric security problems such as point-line, point-surface, and line-line problems.
Security
Theorem 2. In the semi-honest model, SMC-TA is private.
Proof: The protocol security is that the parties cannot use the intermediate results to obtain private information about each other. In our protocol, Alice obtains , , and . However, if Alice wants to obtain Bob’s private information, she has to find two points on the concentric circle with radii and , where the distance between these two points is . Specifically, Alice must solve the following problem:
Clearly, there are three equations. The number of equations is less than the number of unknowns. Therefore, it is difficult for Alice to obtain Bob’s private information. On the other side, Bob has and he can calculate the height of the triangle according to the formula for the area of a triangle However, Bob can only extrapolate the potential location of PA and not obtain the exact location.
The construction of simulators of the proof is similar to that of Theorem 1. Therefore, we construct the simulators S1, S2, S3, S4, and S5 as follows.
- The construction of the simulator S1
Based on PA and , S1 chooses two points , and computes ,,. Then, S1 computes by the Cayley-Menger determinant. S1 obtains the following list:
Note that in this protocol, we have
Because of the choice of the points , it must hold that
Thus, we have - Similarly, we can construct the other four simulators S2, S3, S4, and S5 and obtain the following formula.
Theorem 3. In the semi-honest model, SMC-TV, denoted by Π, is private.
Proof: In our protocol, Alice knows , , , , , and , which are the squares of the six sides of the tetrahedron. However, if Alice wants to obtain Bob’s private information, she has to find a triangle on the concentric sphere with radii , , , where the lengths of the three sides of this triangle are , , and . Thus, Alice should solve the following problem:
Clearly, the number of equations is less than the number of unknowns. Alice cannot determine Bob’s private information. On the other hand, Bob knows , , and . According to the relation between the area of a triangle and the volume of a tetrahedron, Bob can calculate the height of the tetrahedron. However, he cannot determine the exact location of PA. The construction of the simulators in theorem 3 is similar to that of theorem 2.
Theorem 4: The protocol for computing the point-line distance is private.
Proof:Protocol 4 is an extension of protocol 2; thus, its privacy is determined by Theorem 2.
Complexity and comparison
Complexity
Computational complexity: In SMC-TA, two parties utilize cooperation twice using SMC-SED. Alice and Bob can send the initial data to the cloud server once. In addition, the cloud server delivers the results to Bob when finishing its computation. In Step 2, Bob performs the normal addition operation 3 times and the normal multiplication operation 2 times. In Step 3, Alice performs a fourth-order matrix operation one time, the normal multiplication operation 3 times and the exponentiation operation one time. If we ignore the ordinary operations, the computational complexity of our protocol is 11MN + 3ME + 2MM. In SMC-TV, Bob computes the square of the Euclidean distance 3 times. Alice performs a fifth-order matrix operation one time, the common multiplication operation 3 times and the common exponentiation operation one time. Thus, the computational complexity of SMC-TV is 15MN + 6ME + 4MM. The computational complexity of SMC-DPL is the same as that of SMC-TA.
Communication complexity: In SMC-TA, Bob can keep the results of the distance calculation and send them to Alice in Step 2. Alice sends to Bob in Step 3. Thus, there are 2 rounds between Alice and Bob in our protocol. In the same way, in SMC-TV, the communication between two participants consists of 2 rounds. The communication complexity of SMC-DPL is the same as that of SMC-TA.
Comparison
This section provides comparisons of the complexity and performance of this protocol with the schemes in references [6]and [25]. We show the comparison of the complexity of our protocol with that of [6] in Table 4. In Table 5, we compare the performance of our protocol with the protocols in [6] and [25].
Complexity: Because the spatial location problems involved in the literature are not identical, to perform the comparison, we chose the volume protocol in [6] to make a comparison. In [6], Bob performs third-order matrix operations 4 times, and Alice performs common multiplication calculations 5 times. Thus, the computational complexity is 9M, where M represents the number of common multiplications. The computational complexity can be neglected. Our schemes use a homomorphic cipher algorithm to protect the user’s private information, and the encryption and decryption calculations need more time. From Table 4, we can see that our schemes have the same communication complexity as the protocol in [6]; the computational complexity of our schemes is not optimal.
Performance: In [6], Li et al. studied security geometry problems such as tetrahedral volumes, point-line distances, line-plane relationships and plane-plane relationships. However, the schemes in [6] did not concern problems about triangular areas and point-line distances. In [25], the protocol was extended with the help of a cloud platform. However, the protocol can only solve the point-line distance problem and the point-plane distance problem. In contrast, this paper solves the above six problems, i.e. the triangular area, tetrahedral volume, point-line distance, point-plane distance, line-plane relationship and plane-plane relationship problems, in the same way with the cloud platform. From Table 5, we can see that the solutions in [25] have the worst performance, and their application is limited. The method in [6] is not suitable for cloud platforms. Our schemes achieve the best performance.
From the above, the complexity of our solutions is not the most satisfactory, but our schemes represent a new technique for solving secure multi-party solid geometry computation problems and can be used to solve a wider range of problems while maintaining the same level of security and being more universal.
Application
To illustrate our motivation in developing these solutions, we present the following interesting scenario inspired by [6]: Bob has a mixture ξ1 that contains 10% of component M1, 25% of component M2 and 10% of component M3 and another mixture ξ2 that contains 2% of component M1, 11% of component M2 and 4% of component M3. Additionally, assume that Alice needs a mixture that contains 6% of component M1, 20% of component M2 and 3% of component M3. Alice wants to know if she can produce this mixture from the two mixtures that Bob has, but she does not want to disclose her needs. Similarly, Bob does not want to disclose the contents of his mixtures. If we represent the mixtures ξ1 and ξ2 by points in three-dimensional space, namely, by , (see Fig 3), we can produce the mixtures represented by any point on the line segment , by mixing ξ1 and ξ2 at various ratios. Thus, privately determining whether Alice can produce her mixture from Bob’s two mixtures can be reduced to privately determining whether the point that represents Alice’s mixture is on the line segment , . This computational geometry problem is called the point-inclusion problem.
How does one solve this problem? First, Alice and Bob use Protocol 1 to privately compute and , and they use Protocol 2 to privately compute . Then, Alice and Bob use Protocol 4 to privately determine d, the distance between point PA, which represents Alice’s mixture in three-dimensional space, and the line , determined by the two points that represent Bob’s two mixtures. If d ≠ 0, Alice cannot produce her mixture from the two mixtures that Bob has; otherwise, if d = 0, which implies that point PA is on the line determined by the two points that represent Alice’s two mixtures, then Alice and Bob can negotiate to project these points onto a line and to privately determine whether the projection of PA is inside the projection of the line segment . If the projection of PA is inside that of line segment , Alice can produce her mixture from Bob’s two mixtures; otherwise, Alice cannot produce her mixture from his mixtures. In this way, Alice and Bob can solve this problem while keeping their mixtures private.
If Alice has three mixtures, Alice and Bob first use Protocol 1 to privately compute , and , and they use Protocol 3 to privately compute . Then, Alice and Bob use Protocol 2 in [6] to determine the distance between point PA, which represents Alice’s mixture in three-dimensional space, and the line , , and is determined by the three points that represent Bob’s three mixtures (see Fig 3). If there are more than three components of interest in the mixtures, a similar analysis can be performed using a higher dimensional space.
Conclusion
With the emergence and widespread use of cloud computing, solving the problem of multi-party computing with cloud platforms has become a new research direction. The introduction of cloud computing resources has lead to changes in the secure multi-party computing model and solutions. However, the computational task of spatial geometry calculations in traditional problems is completed via mutual interactions between two parties. Therefore, it is difficult for these protocols to used in untrusted cloud computing environments. In this paper, we propose a more general solution to solve spatial geometry security problems using a cloud platform. First, we transform the problems into the calculation of a distance. Then, we design a security protocol to solve for the Euclidean distance. Based on the above protocol, we solve two problems concerning the calculations of triangular areas and tetrahedron volumes. We prove that our protocols can resist collusion between the parties and the untrusted cloud platform, and it effectively protects the users’ privacy. In addition, we note that the proposed protocol can be used for the calculation of spatial distances such as point-line, point-surface, and line-line distance. Because of the transformation of the problems, we can solve more spatial geometry security problems with a cloud platform. However, the complexity of the protocol should be improved. Therefore, as future work, we will attempt to reduce the computational complexity of the protocol.
References
- 1.
Yao ACC. Protocols for secure computations. In: FOCS. vol. 82; 1982. p. 160–164.
- 2.
Goldreich O, Micali S, Wigderson A. How to play any mental game. In: Proceedings of the nineteenth annual ACM symposium on Theory of computing. ACM; 1987. p. 218–229.
- 3. Goldreich O. Secure multi-party computation. Manuscript Preliminary version. 1998;78.
- 4.
Neugebauer G, Brutschy L, Meyer U, Wetzel S. Privacy-preserving multi-party reconciliation secure in the malicious model. In: Data Privacy Management and Autonomous Spontaneous Security. Springer; 2013. p. 178–193.
- 5.
Bogdanov D, Laur S, Talviste R. A practical analysis of oblivious sorting algorithms for secure multi-party computation. In: Nordic Conference on Secure IT Systems. Springer; 2014. p. 59–74. https://doi.org/10.1007/978-3-319-11599-3_4
- 6. Shundong L, Chunying W, Daoshun W, Yiqi D. Secure multiparty computation of solid geometric problems and their applications. Information Sciences. 2014;282:401–413.
- 7.
Ranbaduge T, Christen P, Vatsalan D. Tree based scalable indexing for multi-party privacy-preserving record linkage. 2014;.
- 8. Hazay C. Oblivious polynomial evaluation and secure set-intersection from algebraic PRFs. Journal of Cryptology. 2018;31(2):537–586.
- 9. Liu L, Chen X, Lou W. Secure three-party computational protocols for triangle area. International Journal of Information Security. 2016;15(1):1–13.
- 10.
Nair DG, Binu V, Kumar GS. An improved e-voting scheme using secret sharing based secure multi-party computation. arXiv preprint arXiv:150207469. 2015;.
- 11. Guanciale R, Gurov D, Laud P. Business process engineering and secure multiparty computation. Cryptology and Information Security. 2015;13:129–149.
- 12.
Aly A, Van Vyve M. Securely solving classical network flow problems. In: International Conference on Information Security and Cryptology. Springer; 2014. p. 205–221.
- 13.
Marwan M, Kartit A, Ouahmane H. Applying secure multi-party computation to improve collaboration in healthcare cloud. In: 2016 Third International Conference on Systems of Collaboration (SysCo). IEEE; 2016. p. 1–6.
- 14.
Maheshwari N, Kiyawat K. Structural framing of protocol for secure multiparty cloud computation. In: 2011 Fifth Asia Modelling Symposium. IEEE; 2011. p. 187–192.
- 15. Kamara S, Mohassel P, Raykova M. Outsourcing Multi-Party Computation. IACR Cryptology ePrint Archive. 2011;2011:272.
- 16.
Kamara S, Mohassel P, Riva B. Salus: a system for server-aided secure function evaluation. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM; 2012. p. 797–808.
- 17.
Carter H, Mood B, Traynor P, Butler K. Secure Outsourced Garbled Circuit Evaluation for Mobile Devices. In: Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13); 2013. p. 289–304.
- 18.
Asharov G, Jain A, López-Alt A, Tromer E, Vaikuntanathan V, Wichs D. Multiparty computation with low communication, computation and interaction via threshold FHE. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer; 2012. p. 483–501.
- 19.
López-Alt A, Tromer E, Vaikuntanathan V. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the forty-fourth annual ACM symposium on Theory of computing. ACM; 2012. p. 1219–1234.
- 20.
Kerschbaum F. Collusion-resistant outsourcing of private set intersection. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing. ACM; 2012. p. 1451–1456.
- 21.
Kamara S, Mohassel P, Raykova M, Sadeghian S. Scaling private set intersection to billion-element sets. In: International Conference on Financial Cryptography and Data Security. Springer; 2014. p. 195–215.
- 22.
Abadi A, Terzis S, Dong C. O-psi: delegated private set intersection on outsourced datasets. In: IFIP International Information Security and Privacy Conference. Springer; 2015. p. 3–17.
- 23. Veugen T, de Haan R, Cramer R, Muller F. A framework for secure computations with two non-colluding servers and multiple clients, applied to recommendations. IEEE Transactions on Information Forensics and Security. 2015;10(3):445–457.
- 24. Chen Z, Li S, Wang D, Huang Q, Zhang W. Secure Multiparty Computation of Set Membership and Its Applications. Tien Tzu Hsueh Pao/acta Electronica Sinica. 2017;45(5):1109–1116.
- 25. Chen ZH, Li SD, Huang Q, Ding Y, Sun . Privacy-preserving determination of spatial location relation in cloud computing. Chin J Comput. 2017;40(2):351–363.
- 26.
Boneh D, Goh EJ, Nissim K. Evaluating 2-DNF formulas on ciphertexts. In: Theory of Cryptography Conference. Springer; 2005. p. 325–341.
- 27. Thomas F, Ros L. Revisiting trilateration for robot localization. IEEE Transactions on robotics. 2005;21(1):93–101.
- 28.
Amirbekyan A, Estivill-Castro V. A new efficient privacy-preserving scalar product protocol. In: Proceedings of the sixth Australasian conference on Data mining and analytics-Volume 70. Australian Computer Society, Inc.; 2007. p. 209–214.
- 29.
Rane S, Sun W, Vetro A. Privacy-preserving approximation of L1 distance for multimedia applications. In: 2010 IEEE International Conference on Multimedia and Expo. IEEE; 2010. p. 492–497.
- 30. Huang H, Gong T, Chen P, Malekian R, Chen T. Secure two-party distance computation protocol based on privacy homomorphism and scalar product in wireless sensor networks. Tsinghua Science and Technology. 2016;21(4):385–396.