Privacy-preserving composite modular exponentiation outsourcing with optimal checkability in single untrusted cloud server

doi:10.1016/j.jnca.2018.06.003

Journal of Network and Computer Applications

Volume 118, 15 September 2018, Pages 102-112

https://doi.org/10.1016/j.jnca.2018.06.003 Get rights and content

Abstract

Outsourcing computing allows users with resource-constrained devices to outsource their complex computation workloads to cloud servers, which is more economical for cloud customers. However, since users lose direct control of the computation task, possible threats need to be addressed, such as data privacy and the correctness of results. Modular exponentiation is one of the most basic and time-consuming operations but widely applied in the field of cryptography. In this paper, we propose two new and efficient algorithms for secure outsourcing of single and multiple composite modular exponentiations. Unlike the algorithms based on two untrusted servers, we outsource modular exponentiation operation to only a single server, eliminating the possible collusion attack with two servers. Moreover, we put forward a new mathematical division method, which hides the base and exponent of the outsourced data, without exposing sensitive information to the cloud server. In addition, compared with other state-of-the-art algorithms, our scheme shows a remarkable improvement in checkability, enabling the user to detect any misbehavior with the optimal probability close to 1. Finally, we use our proposed algorithms as a subroutine to realize Shamir's Identity-Based Signature Scheme and Identity-Based Multi-Signatures Scheme.

Introduction

Cloud computing, a service for enabling convenient, on-demand network access to a shared pool of configurable computing resources, can be instantly deployed and released with minimal management effort. With the rapid development of cloud computing (Ren et al., 2012; Fu et al., 2018), a new paradigm has emerged: so-called outsourcing computing. It allows users with resource-constrained devices (such as smart phones and tablets) to outsource their complex computational tasks to cloud servers and enjoy unlimited computing resources in a convenient pay-per-use manner. In particular, due to mathematical and technological developments, cryptographic key sizes have been steadily increasing with the aim to ensure the data security. However, it becomes a big computational obstacle for the computationally limited devices. Therefore, the existing resource-constrained devices may be unable to ensure the desired level of security (Kuppusamy et al., 2016; Kiraz and Uzunkol, 2016). One solution is to update these devices with more powerful ones, which is costly and impractical. But outsourcing computation provides a better solution: more feasible, secure, and pragmatic.

Although outsourcing computation has enormous attractions for users with computationally-limited devices, it inevitably brings about two new security concerns and challenges (Liu et al., 2016a; Singh et al., 2016; Mollah et al., 2017; Yu, 2016; Li et al., 2017a). Firstly, outsourced computation tasks often contain sensitive information, such as personal medical records, personal income status and family member information, which should not be exposed to cloud servers. Therefore, how to protect users' sensitive input/output information is one of the biggest challenges with the progress of outsourcing data (Liu et al., 2016b, 2017; Gennaro et al., 2010; He et al., 2017; Wang et al., 2017). Secondly, since cloud servers are not fully trusted (Wang et al., 2015; Huang et al., 2017; Shen et al., 2017; Zhou et al., 2012), they may return incorrect results. For example, outsourcing calculations often need copious computing resources: if users cannot check the correctness of cloud servers’ outputs, cloud servers may be too “lazy” to save resources (Esiner and Datta, 2016; Wang, 2015; Yu et al., 2016; Fu et al., 2017). Besides, there may be software bugs and malicious attacks from adversaries, which may affect the correctness of calculation results. As a result, how to efficiently verify the outsourced computation results is another important security challenge with the progress of outsourcing data.

Faced with such problems, plenty of work has been done for secure outsourcing computing. As one of the basic time-consuming computations, securely outsource modular exponentiation has become a hot topic. The relevant schemes are divided into two classes: the Two-Untrusted-Server Algorithms and the Single-Untrusted-Server Algorithms. In 2005, based on two untrusted servers, the first secure outsourcing algorithm for modular exponentiation was introduced by Hohenberger et al. (Hohenberger et al., 2005). Then, more researches (Chen et al., 2014a; Ye et al., 2015, 2016; Ren et al., 2016; Kuppusamy et al., 2016) are proposed to solve the modular exponentiation problem based on two servers. These schemes definitely reduce the computational cost of resource-constrained users with privacy protection and verifiability, but they all have the same security hypothesis that there is no collusion between servers, which makes it impossible for the schemes to resist collusion attacks. Dijk et al. (2006) proposed the first single server based outsourcing scheme for modular exponentiation to avoid collusion attacks. Other researches (Ma et al., 2013; Wang et al., 2014; Chevalier et al., 2016; Kiraz and Uzunkol, 2016; Xiang and Tang, 2015) are also committed to handle the modular exponentiation outsourcing based on a single server with a higher checkability.

The existing algorithms in (Hohenberger et al., 2005; Chen et al., 2014a; Ye et al., 2015, 2016; Ren et al., 2016; Kuppusamy et al., 2016; Dijk et al., 2006; Ma et al., 2013; Wang et al., 2014; Chevalier et al., 2016; Kiraz and Uzunkol, 2016; Xiang and Tang, 2015) solve the need for secure outsourcing for prime modular exponentiations, but few algorithms offer a secure outsourcing algorithm for composite modular exponentiation. Though prime modular exponentiation has broad applications in engineering tasks, it is defenceless in the face of some encryptions and signatures such as RSA-based cryptographic protocols, where composite modular exponentiation plays an important role. Liu et al. (2013) proposed the only existing outsourcing protocol for composite modular exponentiation. However, Kiraz et al. (Kiraz and Uzunkol, 2016) pointed out that the checkability property of Liu et al.’s scheme fails. By using their notation, a malicious server can always tamper with the output without being detected by the client. Therefore, in this paper, we propose two new algorithms, named CMExp and MCMExp, for secure outsourcing of composite modular exponentiation and multiple composite modular exponentiations, based on a single untrusted program. Our main contributions are summarized as follows:

1)
We propose two new and efficient algorithms for secure outsourcing of composite modular exponentiation (CMExp) and multiple composite modular exponentiations (MCMExp) respectively. Importantly, they are both based on only one untrusted server. Compared to those based on two servers, our algorithms avoid the unrealistic assumption that servers will not collude.
2)
We utilize a new mathematical division method to protect the privacy of the data. With this method, the original data is logically split into random looking pieces, which hides the base and exponent of the outsourced data. Therefore, not only can it prevent the server from obtaining any privacy information about the client's outsourcing task, but also can make the scheme easier to implement.
3)
The checkability of the computing results shows a great improvement; the proposed algorithms CMExp and MCMExp enable the outsourcer to verify the results returned by the server with the probability close to 1. In the real world, this is desirable and practical, because the client almost can detect any misbehavior of the server.
4)
For multiple modular exponentiations, our algorithm MCMExp has a stable checkability. For outsourcing $\prod_{i = 1}^{n} u_{i}^{d_{i}},$ the checkability probability of (Wang et al., 2014) will decrease as the increase of n. For example, if n is larger than 2000, the checkability probability of (Wang et al., 2014) will be less than 1/2000. Instead, that of MCMExp is still close to 1, which is more efficient and practical.

The remainder of this paper is organized as follows: In Section 2 we discuss related work in detail. Section 3 introduces the system model and the security definition. The proposed algorithms of modular exponentiations are shown in Section 4. We provide the security analysis on the proposed algorithms in Section 5 and evaluate the performance of our algorithms in Section 6. Section 7 gives the applications of CMExp and MCMExp. Finally, this paper is concluded in Section 8.

Section snippets

Related work

Modular exponentiation is one of the most common and time-consuming operations in cryptosystems, and many public-key encryption and digital signature schemes need to use it (Borges et al., 2017). Accordingly, how to securely outsource expensive modular exponentiation computations has become an attractive research topic in the cryptographic community (Chaum et al., 1993; Hohenberger et al., 2005; Chen et al., 2014a; Ye et al., 2015, 2016; Ren et al., 2016; Kuppusamy et al., 2016; Dijk et al.,

System model and security definition

In this section, we first introduce our system model and then review the formal security definition of secure outsourcing.

Proposed algorithms of composite modular exponentions

In this section, we first present a new secure and efficient outsourcing algorithm named CMExp for composite modular exponentiation with a single untrusted model. In order to further improve the efficiency of outsourcing multiple modular exponentiations $(u_{1}^{d_{1}} u_{2}^{d_{2}} \dots u_{n}^{d_{n}}),$ we then propose a more efficient outsource algorithm, MCMExp, for multiple composite modular exponentiations.

Security evaluation

In this section, we provide the security analysis for the proposed algorithms CMExp and MCMExp in the one-malicious model and compare our algorithms with state-of-the-art algorithms.

Performance evaluation

We implement our proposed outsourcing algorithm using Java language. Our experiment is simulated on two machines with Intel Core i5 processors running at 3.20 GHz and 4G memory (cloud server), and Intel Core i5 processor running at 2.10 GHz and 2G memory (local user). The blinding factor t₁(t) in our algorithms and the blinding factor $χ$ in the scheme GExp (Wang et al., 2014) are all 64-bit long. Note that the blinding pairs (x,x^e) generated by the subroutine RandN should be prepared offline,

Application

Modular exponentiation has been widely used in cryptography. Many public-key encryption and digital signature schemes need to use it. However, modular exponentiation is a time-consuming operation. Therefore, users with resource-constrained devices (such as smart-phones and netbooks) cannot afford such expensive calculation. In order to solve the problem of Public Key Infrastructure (PKI) certificate management, Shamir (Shamir et al., 1984) proposed identity-based cryptography in 1984. An

Conclusions

In this paper, we propose two outsource-secure algorithms for single composite modular exponentiation and multiple modular exponentiations with only one untrusted server, which avoids collusion attack. Using new mathematical division method, the outsourcer can secretly split the original data into random looking pieces logically, protecting sensitive information. Moreover, our proposed algorithms enable the outsourcer to detect server misbehavior with the optimal probability close to 1.

Acknowledgements

We appreciate the anonymous reviewers for their valuable suggestions. This work is supported by The National Science Foundation of China (61572255, 61572460 and 61502237), The National Key R&D Program of China (2016YFB0800703), Six Talent Peaks Project in Jiangsu Province of China (XYDXXJS-032), The Open Project Program of the State Key Laboratory of Information Security, China (2017-ZD-01).

Anmin Fu is currently an associate professor and supervisor of Ph.D. students of Nanjing University of Science and Technology, China. He received his B.S. degree in Communication Engineering from Lanzhou University of Technology, China, in 2005. He received his M.S. and Ph.D. degrees in Cryptography and Information Security from Xidian University in 2008 and 2011, respectively. His research interests include cloud computing security and applied cryptography.

References (43)

F. Borges et al.
Parallel algorithms for modular multi-exponentiation
Appl. Math. Comput.
(2017)
E. Esiner et al.
Auditable versioned data storage outsourcing
Future Generat. Comput. Syst.
(2016)
A. Fu et al.
DIPOR: an IDA-based dynamic proof of retrievability scheme for cloud storage systems
J. Netw. Comput. Appl.
(2018)
D. He et al.
Privacy-preserving certificateless provable data possession scheme for big data storage on cloud
Appl. Math. Comput.
(2017)
Y. Li et al.
IPOR: an efficient IDA-based proof of retrievability scheme for cloud storage systems
IEEE ICC
(2017)
S. Li et al.
CExp: secure and verifiable outsourcing of composite modular exponentiation with single untrusted server
Digit. Commun. Network.
(2017)
X. Liu et al.
Efficient and privacy-preserving skyline computation framework across domains
Future Generat. Comput. Syst.
(2016)
M. Mollah et al.
Security and privacy challenges in mobile cloud computing: survey and way ahead
J. Netw. Comput. Appl.
(2017)
S. Singh et al.
A survey on cloud computing security: Issues, threats, and solutions
J. Netw. Comput. Appl.
(2016)
J. Wang et al.
Towards achieving flexible and verifiable search for outsourced database in cloud computing
Future Generat. Comput. Syst.
(2017)

M. Zhou et al.

Privacy enhanced data outsourcing in the cloud

J. Netw. Comput. Appl.

(2012)

M. Bellare et al.

Identity-based multi-signatures from RSA

V. Boyko et al.

Speeding up discrete log and factoring based schemes via precomputations

D. Chaum et al.

Wallet databases with observers

X. Chen et al.

New algorithms for secure outsourcing of modular exponentiations

IEEE Trans. Parallel Distr. Syst.

(2014)

X. Chen et al.

Secure outsourced attribute-based signatures

IEEE Trans. Parallel Distr. Syst.

(2014)

C. Chevalier et al.

Privately outsourcing exponentiation to a single server: cryptanalysis and optimal constructions

M. Dijk et al.

Speeding up exponentiation using an untrusted computational resource

Des. Codes Cryptogr.

(2006)

A. Fu et al.

NPP: a new privacy-aware public auditing scheme for cloud data sharing with group users

IEEE Trans. Big Data

(2017)

R. Gennaro et al.

Non-interactive verifiable computing: outsourcing computation to untrusted workers

S. Hohenberger et al.

How to securely outsource cryptographic computations

Cited by (20)

Clustered institutional investors, shared ESG preferences and low-carbon innovation in family firm
2023, Technological Forecasting and Social Change
As individual investors who act independently can generate only limited influence on corporate decisions, this paper considers clustered institutional investors connected through investor networks as salient external stakeholders and investigates whether shared preferences for environmental, social, and governance (ESG) among clustered institutional investors induce more low-carbon innovation of family firms. Using a dataset with 9249 observations over the period of 2007–2019 of Chinese family firms, we develop a novel measurement for the shared preferences for ESG activities among clustered institutional investors and find that such shared preferences are positively related to corporate low-carbon innovation. From a stakeholder perspective, we explore the moderating effects of green finance and family control. Our findings suggest that green finance strengthens the above relationship, but this positive moderating effect is significant only in the low-uncertainty economic context. We also find that as family control increases, the positive impact of the shared preferences for ESG among clustered institutional investors on low-carbon innovation becomes less pronounced, and such a negative moderating effect disappears if a family successor is present in the top management team.
Lattice-based weak-key analysis on single-server outsourcing protocols of modular exponentiations and basic countermeasures
2021, Journal of Computer and System Sciences
Citation Excerpt :
In this case, we can seek an alternative, such as Hohenberger and Lysyanskaya's TUS protocols [9], and Chevalier et al.'s SUS protocols [17]. For future direction, a natural idea is to apply a similar analysis to evaluate the security of other single-untrusted-server protocols, such as [19,20,22,41,42]. This is an interesting problem deserved for further research.
We investigate the problem of securely outsourcing the modular exponentiations in cryptography to an untrusted server, and analyze the security and the efficiency of three privacy-preserving outsourcing protocols for exponentiations proposed in Ding et al. (2017) [18]. Based on Coppersmith's lattice-based method, we present heuristic polynomial-time and ciphertext-only weak-key attacks on these protocols, which shows that the recommended size of the secret keys in their protocols can not assure the input privacy of the exponents. Correspondingly, we explicitly estimate the size of the secure secret keys to circumvent our attacks, and analyze the efficiency of the revised protocols with security settings. Our theoretical analysis and experimental results demonstrate that the protocol of single modular exponentiation is unavailable, the protocol of simultaneous modular exponentiations is not so efficient as claimed but still available, and the protocol of multiple modular exponentiations becomes more efficient as the number of exponentiations increases.
Multicopy provable data possession scheme supporting data dynamics for cloud-based Electronic Medical Record system
2021, Information Sciences
Citation Excerpt :
However, traditional computing platforms are unable to efficiently handle updating and sharing enormous EMR data. Cloud computing is an appealing option to tackle these challenges because of its various notable advantages, such as ample storage space, low management costs, and convenient data sharing service [6–9]. With a cloud-based EMR system, patients are enabled to access and share their medical records with doctors or specialists at anytime and anywhere.
In the era of big data, there are several insuperable research challenges in establishing Electronic Medical Record (EMR) for updating massive data with traditional methods. It is an attractive option to create the cloud-based EMR system, since cloud provides elastic and affordable data storage and management services. However, once the medical records are uploaded into the cloud, the owner will lose the control over the data, and sensitive contents might be accessed or modified by unauthorized entities. To address this issue, we propose a multicopy provable data possession for cloud-based EMR systems, which ensures the integrity and privacy of EMR data. In particular, to achieve data updates, we design a novel dynamic structure that improves the Merkle Hash Tree for multicopy storage, which achieves full dynamics efficiently and safely. Moreover, a random masking technique is employed in our proposal to generate distinguishable replica blocks of one block. Our construction prevents a verifier from obtaining medical records from challenge responses, but also eliminates exposing the content to unauthorized entities. Our security analysis shows that our scheme is provably secure. Evaluation experiments demonstrate that the proposal has lower communication and computation costs in comparison with the existing schemes.
RNN-DP: A new differential privacy scheme base on Recurrent Neural Network for Dynamic trajectory privacy protection
2020, Journal of Network and Computer Applications
Citation Excerpt :
Such information may include family address, hobbies, health status, and personal relationships. To resolve the information divulgation problem, researchers have proposed numerous privacy protection models (Xu et al., 2019), (Xu et al., 2016), utilizing anonymity, generalization, and frequency suppression (Fu et al., 2018a), (Kuang et al., 2019). Nonetheless, existing privacy protection achievements cannot fully protect trajectory privacy, since they assume that the attackers do not own any background knowledge, such as users’ occupation, sex, and age (Wang et al., 2020) (Zhou et al., 2018).
Mobile devices furnish users with various services while on the move, but also raise public concerns about trajectory privacy. Unfortunately, traditional privacy protection methods, such as anonymity and generalization, are not secure because they cannot resist attackers with background knowledge. The emergence of differential privacy provides an effective solution to this problem. Still, the existing schemes are almost designed based on the collected aggregate historical data (so-called static trajectory privacy protection), which are not suitable for real-time dynamic trajectory privacy protection of mobile users. Furthermore, due to the complexity and redundancy features of the full trajectory data, the efficiency and accuracy of the privacy protection model are significantly limited by the existing schemes. In this paper, we propose a new differential privacy scheme base on the Recurrent Neural Network for Dynamic trajectory privacy Protection (RNN-DP). We firstly introduce a recurrent neural network model to handle the real-time data effectively instead of the full data. Secondly, we novelty leverage the dynamic velocity attribute to form a quaternion to indicate the status of the users. Moreover, we design a prejudgment mechanism to increase the availability of differential privacy technology. Compared with the current state-of-the-art mechanisms, the experimental results demonstrate that RNN-DP displays excellent performance in privacy protection and data availability for dynamic trajectory data.
Data integrity verification of the outsourced big data in the cloud environment: A survey
2018, Journal of Network and Computer Applications
Citation Excerpt :
Is there an appropriate way to enable users to update the stored data effectively? All of the above problems can be addressed by data integrity verification technique (Fu et al., 2018b); that is, designing a mechanism that allows users to detect the integrity of the outsourced big data in the cloud environment. Traditional techniques for verifying data integrity, such as RSA (Rivest et al., 1978) and MD5 (The5 Message-Digest Al, 1321), require users to firstly download their entire data set from the cloud, and then compare the signatures or hash values of the downloaded data with those kept in local.
With the explosive growth of data and the rapid development of science technology, big data analysis has attracted increasing attention. Due to the restrictive performance of traditional devices, cloud computing emerges as a convenient storage and computing platform for big data analysis. Driven by benefits, cloud servers may intentionally delete or modify outsourced big data. Therefore, users need to make sure that the servers correctly store the outsourced big data prior to deploying the cloud computing applications in practice. To resolve the issue, many researchers have concentrated on enabling users to check the completeness of data with data integrity verification (DIV) technique. We have therefore collated a summary of the existing literature, aiming to present a solid and stimulating review of current academic achievements for interested readers. Firstly, we present a fundamental introduction by defining seven major topics in order to offer a summary of the existing research domain for DIV study. Secondly, we classify the state-of-the-art DIV solutions into four categories, and then we parse each category based on dynamics, providing a clear and hierarchical classification of forthcoming DIV efforts. Thirdly, we discuss the principal topics and technical means utilized to equip DIV schemes with different requirements. Finally, we discuss the issues and challenges anticipated in future work, thus suggesting possible directions for follow-up research.
EPVM: efficient and publicly verifiable computation for matrix multiplication with privacy preservation
2024, Cluster Computing

View all citing articles on Scopus

Shuai Li is currently a M.S. student in School of Computer Science and Engineering, Nanjing University of Science and Technology, China. He received his B.S. degree in Information and Computing Science from Northeast Forestry University, China, in 2015. His research interestincludes cloud computing.

Shui Yu is currently a Senior Lecturer of School of Information Technology, Deakin University. He is a Senior Member of IEEE, and a member of AAAS and ACM, the Vice Chair of Technical Committee on Big Data Processing, Analytics, and Networking of IEEE Communication Society. Dr Yu's research interest includes Cybersecurity, Networking Theory, Big Data, and Mathematical Modelling. He has published two monographs and edited two books on big data, more than 150 technical papers, including top journals and top conferences, such as IEEE TPDS, IEEE TCC, IEEE TCSS, IEEE TC, IEEE TIFS, IEEE TMC, IEEE TKDE, IEEE TETC, and IEEE INFOCOM. Dr Yu initiated the research field of Networking for Big Data in 2013. His h-index is 25. Dr Yu actively serves his research communities in various roles. He served IEEE Transactions on Parallel and Distributed Systems as an AE (2013–2015), and is currently serving the editorial boards of IEEE Communications Surveys and Tutorials (exemplary editor for 2014), IEEE Access, IEEE Internet of Thing Journal, IEEE Communications Letters (exemplary editor for 2016), and a number of other international journals. Moreover, he has organized several Special Issues either on big data or cybersecurity. He has served more than 70 international conferences as a member of organizing committee, such as publication chair for IEEE Globecom 2015 and IEEE INFOCOM 2016 and 2017, TPC co-chair for IEEE BigDataService 2015, IEEE ITNAC 2015, and General chair for ACSW 2017.

Yuqing Zhang is a professor and supervisor of Ph.D. students of Graduate University of Chinese Academy of Sciences, China. He received his B.S. and M.S. degrees in computer science from Xidian University, China, in 1987 and 1990 respectively. He received his Ph.D. degree in Cryptography from Xidian University in 2000. His research interests include cryptography and network security.

Yinxia Sun is currently an associate professor of Nanjing Normal University, China. She received her Ph.D. degree in Cryptography from Xidian University in 2011. Her research interests include public key cryptography and its applications.

View full text

Privacy-preserving composite modular exponentiation outsourcing with optimal checkability in single untrusted cloud server

Abstract

Introduction

Section snippets

Related work

System model and security definition

Proposed algorithms of composite modular exponentions

Security evaluation

Performance evaluation

Application

Conclusions

Acknowledgements

Appl. Math. Comput.

Future Generat. Comput. Syst.

J. Netw. Comput. Appl.

Appl. Math. Comput.

IEEE ICC

Digit. Commun. Network.

Future Generat. Comput. Syst.

J. Netw. Comput. Appl.

J. Netw. Comput. Appl.

Future Generat. Comput. Syst.

J. Netw. Comput. Appl.

Identity-based multi-signatures from RSA

Speeding up discrete log and factoring based schemes via precomputations

Wallet databases with observers

New algorithms for secure outsourcing of modular exponentiations

IEEE Trans. Parallel Distr. Syst.

Secure outsourced attribute-based signatures

IEEE Trans. Parallel Distr. Syst.

Privately outsourcing exponentiation to a single server: cryptanalysis and optimal constructions

Speeding up exponentiation using an untrusted computational resource

Des. Codes Cryptogr.

NPP: a new privacy-aware public auditing scheme for cloud data sharing with group users

IEEE Trans. Big Data

Non-interactive verifiable computing: outsourcing computation to untrusted workers

How to securely outsource cryptographic computations