You are here

A Collusion-Resistant Distributed Scalar Product Protocol with Application to Privacy-Preserving Computation of Trust

TitleA Collusion-Resistant Distributed Scalar Product Protocol with Application to Privacy-Preserving Computation of Trust
Publication TypeConference Paper
Year of Publication2009
AuthorsMelchor, CA, Ait-Salem, B, Gaborit, P
Conference NameNetwork Computing and Applications, 2009. NCA 2009. Eighth IEEE International Symposium on
Date PublishedJuly
Keywordscollaboration, collusion-resistant distributed protocol, Computer applications, computer networks, cryptographic protocols, cryptography, data privacy, distributed computing, homorphic encryption computation, Laboratories, Portable media players, privacy-preserving computation, Privacy-preserving computation of trust, private multiparty summation protocol, scalar product protocol, secure multi-party computation, Secure scalar product, security, Superposed sending., Telephony, trust computation
Abstract

Private scalar product protocols have proved to be interesting in various applications such as data mining, data integration, trust computing, etc. In 2007, Yao et al. proposed a distributed scalar product protocol with application to privacy-preserving computation of trust [1]. This protocol is split in two phases: an homorphic encryption computation; and a private multi-party summation protocol. The summation protocol has two drawbacks: first, it generates a non-negligible communication overhead; and second, it introduces a security flaw. The contribution of this present paper is two-fold. We first prove that the protocol of [1] is not secure in the semi-honest model by showing that it is not resistant to collusion attacks and we give an example of a collusion attack, with only four participants. Second, we propose to use a superposed sending round as an alternative to the multi-party summation protocol, which results in better security properties and in a reduction of the communication costs. In particular, regarding security, we show that the previous scheme was vulnerable to collusions of three users whereas in our proposal we can t isin [1..n - 1] and define a protocol resisting to collusions of up to t users.

DOI10.1109/NCA.2009.48
AttachmentSize
PDF icon CollusionResistant2009Melchor.pdf267.31 KB