Privacy Preserving Inner Product of Vectors in Cloud Computing

The problem of privacy preserving inner product of vectors has been widely studied. Much work has been done on the scenario of two parties involved in the computation. In this paper, we consider the scenario where three parties are involved in the computing process of cloud computing. We propose a new privacy preserving scheme for inner product of two vectors in the cloud and give the correctness analysis and performance analysis for the scheme. The proposed scheme is based on homomorphic encryption, and the security can be guaranteed. Experiments show the efficiency of the scheme.


Introduction
The computation of inner product of vectors is a fundamental mathematical operation. The inner product of vectors has found wide application in the research field of computer science, such as cooperative statistical analysis [1], data mining [2], and similarity computation [3]. The model depicted in Figure 1 is adopted in much work, where two parties, that is, the server and the client, are involved. The server owns a large amount of data, and the client may issue query to the server. In Model 1, the problem of data privacy preservation is one of the most important security issues. The problem of privacy preserving inner product of vectors has gained thorough research, and much work has been done on it, such as [1][2][3][4][5][6][7].
When the server possesses particularly large amounts of data or the amount of query from the clients is considerably abundant, the server may be overburdened. Now, the cloud computing has gained wide research and many applications have been deployed in the cloud. Three parties are generally involved in the cloud computing model [8]. The existing work on privacy preserving inner product of vectors between two parties cannot work well any longer.
A secure privacy preserving scheme was presented for inner product of vectors in cloud computing in [9]. The scheme is effective and achieves the goal of data privacy preservation. However, it is the array that acts as the shared secret key between the data owner and the client. The array may be large when the vector has big size of dimensionality. It is inconvenient for the data owner to update the secret key when there are many clients.
We propose a new scheme on the basis of homomorphic encryption, which aims at the problem of privacy preserving inner product of vectors in cloud computing. Our proposed scheme can work seamlessly with the other secure scheme of inner product of vectors, such as correctness verification of inner product of vectors [10].
The rest of this paper is organized as follows. Section 2 describes the background knowledge, including the inner product of vectors, homomorphic encryption, and the system model and threat model. Section 3 summarizes the existing works on privacy preserving inner product of vectors. Section 4 introduces our proposed scheme for privacy preserving inner product of vectors in the cloud. Following that, experimental results are given in Section 5. Finally, Section 6 concludes the paper.

Background
2.1. Inner Product of Vectors. Let = ( 1 , 2 , . . . , ) and V = (V 1 , V 2 , . . . , V ) be two vectors, where is a positive integer and denotes the dimensionality of the vectors, and and V (1 ≤ ≤ ) are vector elements. The inner product of and V is the sum of the products of the corresponding elements; that is, where the symbol "⋅" denotes the mathematical operation of computing the inner product between two vectors.

Homomorphic Encryption.
Let (pk, sk) be a key pair for a public key encryption scheme, where pk is the public key for encrypting data and sk is the secret key for decrypting. An encryption scheme is called homomorphic if it holds the following two properties simultaneously: where 1 , 2 , and are plain data, pk ( 1 ), pk ( 2 ), and pk ( ) are the ciphertext of 1 , 2 , and with pk as the encryption key, respectively, and ⊕ is an operation on the ciphertext and is a positive integer.
For convenience, we introduce a symbol Sum, which denotes the result of operation ⊕ on multiple homomorphic ciphertexts. Sum is defined as The Paillier's homomorphic encryption is adopted in the following [11].

System and Threat Models.
A simplified architecture of cloud computing is given in Figure 2. Three parties are involved in Model 2, that is, the data owner, the service provider, and the client. The data owner holds large quantities of data. The data owner outsources the heavy data management task to the service provider to reduce the total cost. The service provider is a specific cloud service provider, which possesses rich resources, including hardware, software, and network. The service provider provides the users with the services of storage, computation, and so forth. The authorized client may issue a request to the service provider. Here, the user may be a company, an organization, or an individual, who makes use of the cloud service. The data owner and the client are both users. The client is a specific user, which refers to the party that can only issue query to the service provider.
In the above model, the data owner, who is the owner of the data stored on the service provider side, is honest. The service provider and the client are both semihonest. The service provider attempts to obtain the original data of the data owner and the client. The client attempts to get the original data of the data owner. Suppose that the data are transferred between the three parties through secure channel.

Related Works
A privacy preserving scheme of inner product of vectors was proposed for privacy preserving data mining between two parties in [2], in which the matrix multiplication operation was adopted. The privacy of the input data and the obtained result was preserved simultaneously. A state-ofthe-art overview of the privacy preserving inner product of vectors problem and the properties of some solutions were given in [4], where the scheme proposed in [2] was analyzed and proved to be not secure, and a new scheme was presented based on the homomorphic encryption, which has strong security guarantee.
For the purpose of detecting similar documents as well as preserving data privacy between two parties, two privacy preserving schemes for inner product of vectors, that is, the random array scheme and the homomorphic encryption scheme, were utilized in [3]. Privacy preserving inner product of vectors was applied to determine the relative position of two spatial geometric objects in [12].
An efficient and secure inner product protocol in the presence of malicious adversaries was presented in [6]. The protocol was based on the proof of knowledge of a discrete logarithm and the verifiable encryption.
Secure two-party inner product of vectors was extended to the quantum field in [7]. The given protocol was built upon quantum entanglement and quantum measurement.
The problem of correctness verification of inner product of vectors was studied in the cloud computing scenario in [9], in which the array multiplication operation was adopted to preserve the data privacy.
International Journal of Distributed Sensor Networks

The Proposed Scheme
Suppose the data owner holds a vector V = (V 1 , V 2 , . . . , V ) and the request vector of the client is = ( 1 , 2 , . . . , ), where is a positive integer and denotes the dimensionality of the vectors. Our proposed privacy preserving scheme for inner product of vectors in the cloud consists of five algorithms, that is, KeyGen, Encrypt, Request, Compute, and GetResult. 4.1. Overview. In our scheme, three parties are involved in the computation. Data privacy of each party needs to be preserved. The privacy preserving scheme for inner product of vectors in the cloud scenario works as follows.
(1) KeyGen. First of all, the data owner and the client generate the necessary keys, respectively, and share the keys with the related party.
(2) Encrypt. The data owner encrypts the original vector to obtain the ciphertext and sends it to the service provider. The service provider receives the data from the data owner and monitors the query request from the client.
(3) Request. The client encrypts the original request vector to get the transformed vector and sends it to the service provider.

Details.
In this section, we describe the design details of each algorithm.
(1) KeyGen. Whatever encryption scheme or data processing algorithm is chosen, the key(s) is (are) necessary. The keys are generated on the data owner side and client side, respectively, which are given as follows.
(1) The data owner randomly generates a key pair (pk, sk) for homomorphic encryption scheme, where pk is the public key and sk is the secret key. pk is published publicly and sk is shared with the client through secure channel.
(2) The client randomly generates an × /2 array and shares it with the service provider through secure channel, where = ( ) .
(2) Encrypt. Aiming at privacy preservation of the data, the data owner encrypts each element V ( = 1, 2 . . . , ) of vector V in turn using the homomorphic encryption scheme with public key pk. The obtained ciphertext of V is denoted as pk (V), where pk (V) = ( pk (V 1 ), pk (V 2 ), . . . , pk (V )). Then pk (V) is sent to the service provider.
(3) Request. Before issuing the request to the service provider, it is necessary for the client to transform the request data to preserve privacy. The data transformation on the client side works as follows.
Let be denoted as = ( 1 , 2 , . . . , ). Then, we have It is vector that is sent to the service provider, which cannot reveal the value of . Though the service provider holds and , it cannot detect and via solving the system of linear equations. Thus, the data privacy of the client is preserved through mathematical transformation.
(5) GetResult. Based on the returned results and from the service provider, the client first computes Then, the client computes which is just the inner product of and V, where pr ( ) denotes decrypting with secret key sk. Thus, the final result is obtained; that is,

Correctness Analysis.
In this section, we illustrate the correctness of our proposed scheme. In the algorithm Compute, the service provider obtains as the intermediate result. By (1) and (6), we have By (5) and (11), we have Along with , the service provider obtains a vector = ( 1 , 2 , . . . , /2 ) in the algorithm Compute. By (1) and (7), for = 1, 2, . . . , /2, we have In the algorithm GetResult, the client computes and gets = Sum /2 =1 ( ) . Then, by (13), we have Thus, in the algorithm GetResult, when the client computes pr ( ) − pr ( ), by (12) and (14), we have In the end, the client obtains the deserved result ⋅ V, which is the inner product of and V.

Performance Analysis.
In this section, we give the performance analysis of each algorithm.
(1) In the algorithm Encrypt, each vector element V (1 ≤ ≤ ) is encrypted in turn on the data owner side. The time complexity of algorithm Encrypt is ( ).
(2) In the algorithm Request, the original user request vector is transformed into on the client side, where matrix multiplication is used. The time complexity of algorithm Request is ( 2 ).
(3) In the algorithm Compute, and are obtained on the service provider side, where = Sum =1 ( pk (V )) , and = ( 1 , 2 , . . . , /2 ) with = Sum =1 ( pk (V )) , . The time complexity of algorithm Compute is ( 2 ). It is worth mentioning especially that magnitude of the time complexity of algorithm Request and that of Compute are different. Homomorphic encryption is performed on exponents in the algorithm Encrypt, and multiplication and addition are performed on integers in the algorithm Request. The actual time cost is quite different, though the time complexity of both Request and Compute is ( 2 ).

Security Analysis.
In this subsection, we give the security analysis, which is presented from three aspects, that is, data privacy preservation of the data owner, the client, and the result.

Data
In (16), there are equations and + /2 unknown variables, and it is impossible for the service provider to solve the system of linear equations to get the value of . Thus, the data privacy of the client is preserved.
Data Privacy of the Result. In our proposed scheme, the result of inner product of vectors is not given directly. The result is given by the intermediates and , which are both encrypted by homomorphic encryption scheme. The security of and can be guaranteed by the homomorphic encryption scheme. Thus, the data privacy of the result is preserved.

Experiments
We now evaluate the performance overhead of our proposed scheme for privacy preserving inner product of vectors in cloud computing. We use a Pentium Dual E2200 2.20 GHz PC with 1.99 GB RAM. Code is developed in C using the MIRACL library. Synthetic 5-dimensional data are used, which are integers generated randomly within [1,10000000] with even distribution. Four algorithms of Encrypt, Request, Compute, and GetResult are implemented respectively, whose running results on the given data are shown in Figure 3.
As can be seen in Figure 3, the performance overhead of each algorithm is consistent with the performance analysis in Section 4.4. Homomorphic encryption is utilized in the algorithms of Encrypt, Compute, and GetResult, where the operation is performed on exponents. The actual time cost of the algorithm Compute is the highest, and that of the algorithm Encrypt is the second among the four algorithms, which is shown in Figure 3(a).
In Section 4.4, we have mentioned that the actual time cost of algorithm Request and Compute is quite different, though the time complexity of the two algorithms is ( 2 ). Figure 3(a) demonstrates that is true. The actual time cost of the algorithm Compute is far higher than that of the algorithm Request.
The actual time cost of the algorithms Request and GetResult is so small compared with the algorithms Encrypt and Compute that they cannot be distinguished from each other clearly. The performance of the algorithms Request and GetResult is shown again in Figure 3(b), where it demonstrates that the time cost of the algorithm Request is higher.

Conclusion
Aiming at the problem of privacy preservation of inner product of vectors in cloud computing, a new scheme is presented with the homomorphic encryption as the fundamentals. The scheme is applicable for the cloud scenario where three parties are involved in the computation.
In future work, we plan to consider the case where the service provider of the cloud is malicious. Another interesting direction is access control of the client when there are multiple clients with different access permissions.