New Cryptographic Technologies and Artificial Intelligence in Outsourced Data SecurityView this Special Issue
Efficient Noninteractive Outsourcing of Large-Scale QR and LU Factorizations
QR and LU factorizations are two basic mathematical methods for decomposition and dimensionality reduction of large-scale matrices. However, they are too complicated to be executed for a limited client because of big data. Outsourcing computation allows a client to delegate the tasks to a cloud server with powerful resources and therefore greatly reduces the client’s computation cost. However, the previous methods of QR and LU outsourcing factorizations need multiple interactions between the client and cloud server or have low accuracy and efficiency in large-scale matrix applications. In this paper, we propose a noninteractive and efficient outsourcing algorithm of large-scale QR and LU factorizations. The proposed scheme is based on the specific perturbation method including a series of consecutive and sparse matrices, which can be used to protect the original matrix and obtain the results of factorizations. The generation and inversion of sparse matrix has small workloads on the client’s side, and the communication cost is also small since the client does not need to interact with the cloud server in the outsourcing algorithms. Moreover, the client can verify the outsourcing result with a probability of approximated to 1. The experimental results manifest that as for the client, the proposed algorithms reduce the computational overhead of direct computation successfully, and it is most efficient compare with the previous ones.
At the era of big data, the exponential growth of data volume has attracted more and more attention. It is predicted that by 2021, every person will average generate about 1.7 MB of data per second. This presents an inevitable challenge, because the owners of data and analysts need to find a way to store and analyse enormous data properly and effectively.
During the processing of large-scale data, the storage capacity and computing power are closely related to the computer system hardware and available memory. Due to the limitations of the local computation resources, the client can neither be able to employ large-scale data tasks nor meet the requirements for calculation time. Therefore, a potential way to deal with the dilemma is to seek help from advanced computing facilities with great computational power. This promotes the motivation to develop outsourced computing server, also known as cloud server. In an outsourcing computation scheme, the clients only need to upload data and computation tasks to the cloud server, and the server provides on-demand resources. Outsourcing computation allows source-constrained client to the abundant computing resources and save abundant local memory space or computation overhead.
Matrix factorization is a data analysis technique and has been increasing prevalent several fields, such as regression analysis  and dimension reduction . QR factorization  is one of the basic methods for matrix factorization, and it implements a way of decomposing an original matrix into the product of two specific matrices which satisfy the orthogonality and upper triangular properties, respectively, so that some useful properties of the original matrix can be extracted further. It is common to utilize QR factorization to analyse real-world data analysis problems; for instance, it is always used to employ singular value decomposition  and utilized to solve least squares problems  as well. Lower-upper (LU) factorization is a means of taking the matrix as the product of the lower triangular matrix and the upper triangular matrix, it is used wildly in numerical analysis and linear algebra fields, computers usually use LU factorization to solve the square system of linear equations, and it is also an essential step when calculating the inversion of a matrix and the determinant of a matrix.
Notice that QR and LU factorizations have been widely used in many fields, the requirement of conducting QR and LU factorizations on large-scale matrix becomes increasingly common, however, it will cost computational complexity of when conducting QR or LU factorizations of a matrix, as the dimension increases, the computation overhead expands sharply, and for resource-constrained clients such as individuals or small companies, the enormous computation and storage overheads are beyond their computing capabilities when dealing with a large-scale matrix. To address this problem, our goal is to design an efficient outsourcing algorithm of large-scale QR and LU factorizations while preserving noninteractive performance, which will help the clients take use of notable advantages of the cloud server to complete complicated task.
In order to achieve our design goals, we need to pay attention to potential menace and several challenges. More precisely, the first is the security issue , and the data outsourced to the cloud may be private and sensitive, which means the clients are undesirable to leak their data; our proposed algorithms will take actions based on matrix permutation techniques to transform the original data, to prevent the semi-trustful or even malicious cloud server from deducing the client’s data and inferring the behaviour information; besides, our proposed algorithms are designed under one cloud server and avoid the strict security precondition of all the cloud servers must be noncolluding. Another challenge is the correctness of calculations, and the client should check the correctness of results of outsourcing computation, so in our proposed algorithms, we have designed a subalgorithm to determine whether the calculation tasks outsourced to the cloud server are performed correctly or return invalid results simply. In addition, efficiency is also a vital challenge, it is required that the computational overheads locally should be remarkably less than the computational expenses without outsourcing, we utilize a special matrix generation technique with little cost, and only sparse matrix multiplication is required in encryption and decryption algorithms; vector-matrix multiplication is required in the verification algorithm, which lessens the computational burden on the client side successfully. Moreover, the client employs our algorithms without interaction between the client and the cloud server, thereby reducing clients’ communication overhead and minimizing the risks of destroying data security and privacy during the interaction process.
In this paper, we put forward a secure and noninteractive outsourcing algorithm of large-scale QR and LU factorizations. Concretely, our algorithm utilizes special sparse matrices to encrypt the original matrix. The client first generates transform matrices for outsourcing QR and LU factorizations at the low computational cost and then encrypts the original matrix to hide the original data through matrix multiplication. After that, the cloud conducts the QR factorization and LU factorization on the transformed matrix without interaction between the clients and sends the computation results back to the client. Once getting the results, the decomposition results will be verified through the Freivalds algorithm by the client. If the results are proved to be correct, the client recovers the desired factor matrices in the way of computing the product of returned results and the inverse of the permutation matrix.
We have summarized all the contributions of our work as follows:(1)We propose an efficient and noninteractive outsourcing algorithm for large-scale QR and LU factorizations. In terms of complexity, our proposed algorithms realize the reduction of the computational overhead from to on the client side, where denote the dimension of the matrix. Compared with the previous ones, it is the most efficient outsourcing scheme for the client.(2)The proposed QR and LU factorization algorithms are also noninteractive which achieves small communication overheads, where several interactions between the client and the cloud server are required in the previous algorithms.(3)The proposed algorithms use a matrix transform method based on a series of particular and sparse matrices in both encryption and decryption stage, and we prove our method can satisfy the demand of the privacy security for outsourcing.(4)The verifiability of the results is realized in our proposed scheme, which allows the client to judge whether the results of the outsourcing computation are correct with a probability of close to 1.
The structure of this paper is arranged as follows. Section 3presents the preliminaries including concrete QR and LU algorithms and system architecture. In Section 4, we will introduce the proposed algorithm for secure and noninteractive outsourcing of large-scale QR and LU factorizations in detail. A comprehensive theoretical analysis will be shown in Section 5. We provide the experimental data including the performance of our algorithms and the comparison in Section 6and summarize the algorithms in our paper in Section 7.
2. Related Work
In recent years, driven by the widespread application of the large-scale matrix , there exists some outsourcing algorithms for the matrix operations at present, which are designed for complicated matrix computations such as multiplication, matrix inversion, matrix eigenvalue evaluation, and matrix decomposition. These algorithms can be divided into two categories: algorithms based on cryptographic technology and those based on linear transformation. For the former, many scholars propose to use traditional encryption techniques such as homomorphic encryption  to protect the client’s data privacy. For the latter, scholars proposed data transformation techniques to transform the original data. When it comes to the outsourcing of matrix multiplication calculation, as discussed by Atallah , they commenced the research on outsourcing algorithms through mapping the random permutation matrix to transform the original matrix. Benjamin and Atallah  proposed a secure outsourcing scheme of matrix multiplication through employing homomorphic encryption to the original matrix. As for matrix inversion, Mohassel  proposed a secure outsourcing algorithm firstly, and due to the constraints of efficiency, their algorithm failed to be practical in applications. A scheme for outsourcing matrix inversion computation based on the novel transformation method is introduced in Lei . Chen et al.  further put forward a matrix inversion outsourcing scheme without the precondition that the original matrix must be invertible.
In recent years, the research on matrix factorization outsourcing has attracted considerable attention. An outsourcing protocol for matrix factorization based on the fully and partially homomorphic encryptions is presented in Kim . Duan et al.  proposed an outsourcing scheme of computation-intensive nonnegative matrix, which uses multiplication of permuted matrices. As discussed by Fu , they used two cloud servers which are noncollusion to outsource nonnegative matrix factorization and take effective encryption measures based on Paillier homomorphism to protect data privacy. Zhou et al.  proposed an outsourcing scheme for matrix eigenvalue decomposition and matrix singular value decomposition, which achieved the verifiability of the results. Luo et al.  proposed a secure large-scale QR and LU decomposition outsourcing algorithm and protected the original matrix by utilizing specific matrix transformations, which greatly reduces the client’s local computing overhead. However, their algorithm requires additional interaction between the client and cloud, which results in high communication overhead. Zhang et al.  presented the implementation of QR decomposition based on a ring-LWE homomorphic encryption and reduced the number of interactions between the client and cloud. As we know, the plaintexts to be encrypted can only be integers and the data should round to the nearest integers, and so the accuracy of the scheme cannot be guaranteed. Moreover, the experimental stage of the scheme does not include the performance when the scheme is applied to large-scale matrices. Simultaneously, neither of the above two schemes can provide verification of the outsourced results.
In previous related research, Luo et al.  transform the original matrix by multiplying it with two random and dense matrices, one of them is an orthogonal matrix, and when it comes to the orthogonal matrix, it takes computational complexity to generate a random orthogonal matrix and takes computational complexity to get the inversion of this orthogonal matrix, so their scheme chooses to outsource this progress. As for transforming the original matrix, includes dense matrix multiplication, this takes complexity . Because dense matrix multiplication and matrix inversion computation require huge resources, they also need to outsource. In a word, they choose to outsource these computations in an interactive way, and every matrix for interaction still needs to be encrypted for enhanced privacy protection, which results in a lot of communication overhead on the client.
In this section, we will provide the details concerning QR and LU factorizations and describe the system model and the threat model.
3.1. Householder-Based QR Factorization
The well-known QR factorization of a matrix will decompose matrix A into the form of the product of an orthogonal matrix and an upper triangular matrix, let A be a real matrix (), and A may be decomposed into the product on the formwhere is the () orthogonal (), and is the () upper triangular; they are obtained by the use of a sequence of Householder transformations, and this type of transformation conducts the QR decomposition using elementary orthogonal Householder matrices, such aswhere is an orthogonal and symmetric matrix called the Householder transformation matrix, and it is obtained by the following formula:where is a column vector and is the identity matrix of order size , note that is the first column vector of original matrix , we can get by substituting into equation (3), and then multiply by , and is the second column vector of new matrix , we can get by substituting into equation (3), is the third column vector of new matrix , following the same process, is the th column vector of the corresponding matrix, can be obtained by substituting into equation (3), and continue this process until it reaches .
And the matrix is not given explicitly as
Since is an orthogonal matrix, we can derive as
3.2. Gauss Elimination-Based LU Factorization
The well-known LU factorization refers to decompose a matrix into two factors, a lower triangular matrix and an upper triangular matrix . Assume is a real matrix (), and it may be decomposed into the product on the formwhere is the () lower triangular and is the () upper triangular which means all the elements below the diagonal are zero, and is obtained with the use of a sequence of Gauss transformations :where is obtained by the following formula:
Note that , where , is the th element of the first column of matrix B, and is the identity matrix of order size ; let , and we can get by substituting and into equation (8). After getting a new matrix by multiplying by , then we use th element of the second column of matrix to calculate ; let , and can be obtained by substituting and into equation (8). Following the same process, once the last Gauss transformations are reached. Finally, we can get from equation (7) and the matrix is computed bywhere .
3.3. Security Requirements
3.3.1. System Model
The architecture of our proposed efficient and noninteractive outsourcing of the large-scale QR and LU factorization algorithm is illustrated in Figure 1, involves two main different entities: the client and the cloud server with excellent computational ability and significant storage capacity. Due to the inability to carry out the matrix factorizations when the size of this matrix is too large, the client would like to outsource this task to the cloud server. The client only needs to complete these processes locally include key generation, encryption, decryption, and verification. As for the cloud server, it will conduct QR and LU factorizations on the encrypted matrix. There is no extra interaction between two entities in our proposed algorithm.
The implementation of our proposed algorithm consists of five subalgorithms. The concrete definitions of these algorithms are shown as follows:(1): with the input of a security parameter , this algorithm will generate a secret key which will be further used for matrix encryption and matrix decryption, and the secret key is stored by the client.(2): with the input of an original matrix , this algorithm is executed by the client to output the encrypted matrix , and the data are encrypted by the secret key .(3): receiving the computation task and the corresponding matrix , this algorithm is executed by the cloud to complete the task and output the result and , which are two factor matrices of .(4): receiving the result and from the cloud, this algorithm is executed by the client to verify the correctness of the answer and detect the incorrect answer. If the result passes the verification algorithm, the client accepts the returned results (). Otherwise, the algorithm returns .(5): after verifying the result and , this algorithm is executed by the client, and the client utilizes the secret key to decrypt the returned result, to recover and output two factor matrices and for the original matrix .
3.3.2. Threat Model
As we know, the client can benefit from outsourcing computation, but it still causes challenges and threats during data treatments. We think about the security challenges and threats from two kinds of servers in generic outsourcing frameworks, one is from external attackers, it means the cloud server and the stored data might suffer from external attacks, and this situation is not considered in this paper; in addition, another security threat is from internal participants, it means that the threats to information confidentiality exactly come from the cloud server, and we consider two kinds of threat models which are classified depending on the cloud’s behaviour: one is named the “honest-but-curious” , the cloud server may be curious and take action to infer confidential information from the original data or the intermediate results, although the cloud server follows the protocol specification and execute the computation faithfully, the second is “malicious” model, and this cloud server may deceive the client and return the client with incorrect answers on purpose in order to save computational resources. And we assume that the cloud is malicious in our proposed scheme.
3.3.3. Design Goals
In this section, we formulate these design goals of our proposed outsourcing algorithm as follows:(A)Correctness: assume that the client and the cloud server execute the outsourcing scheme faithfully, and the client can recover the result of the computation and then get the correct result.(B)Input and output privacy: it is required that the adversary cannot get any knowledge from client’s data during the process of carrying out the scheme. In our paper, for making sure the security of outsourcing algorithm, we introduce the formal security definitions of indistinguishability in value under a chosen-plaintext attack (CPA) . All personal information will be considered confidential if for any probabilistic polynomial time adversary , there exists a negligible function , and the ’s advantage in winning the experiment is where is an initial parameter, , and the experiment we will proceed further which is explained in Algorithm 1.
4. Efficient Noninteractive Outsourcing of QR and LU Factorizations
As described before, it will waste too much resources in computation and communication aspects in work [18, 19], we should make progress that the client completes the operation for the original matrix with the least computational complexity. Based on these considerations, we decide to use the sparse matrices to execute matrix multiplication operation. It is necessary to protect the confidentiality of the input/output data simultaneously, we take an efficient encryption method on the original data, the client transforms the original matrix by multiplying a series of particular matrices, these appropriate matrices all are sparse enough to ensure efficiency, and ensure data security at the same time; in this way, the client only needs to turn to the cloud one time and receive results, and the interactions are no longer needed. We use these particular matrices due to the specific forms of the factor matrices after decomposing. Because and are both upper triangular matrices, either QR or LU outsourcing factorizations will use a random upper triangular matrix to encrypt data, and the generation of encryption matrix in will be similar partly. Another encryption matrix will be related to outsourcing algorithms, they are the orthogonal matrix and the lower triangular matrix, respectively.
In this section, we describe noninteractive and efficient outsourcing of large-scale QR and LU factorizations, including the following steps: the client generates a secret key which comprises stochastic parameters with input security parameter, then the client employs some encryption steps to transform original matrix, the client sends the encrypted matrix which is exactly blind to the cloud server to the cloud, next, the complicated decomposing computation on the encrypted matrix will be completed by the cloud, and the client utilizes the key which is saved on his own to recover the results if the results after decomposing pass the verification. We will illustrate every step concretely as follows.
4.1. Efficient Noninteractive Outsourcing of Large-Scale QR Factorizations
Given a valid large-scale input matrix , the client wants to accomplish the QR factorizations with the assistance of the cloud server, and QR factorization will decompose matrix into a product of an orthogonal matrix and an upper triangular matrix , i.e., .
As mentioned before, this algorithm is conducted on the client side, which can produce a secret key and generate an orthogonal matrix and an upper triangular matrix .
Specifically, for perturbing all elements in original matrix in an effective way, we take the novel transform based on Givens matrix , and the orthogonal matrix is composed of Givens matrices aswhere is a Givens matrix (), and the detailed generation of is shown in Algorithm 2; the client can construct an orthogonal sparse matrix by substituting certain elements located in positions of the identity matrix with some certain random parameters respectively. And the structure of can be expressed as
The detailed generation of is presented in Algorithm 2 as follows:
Concretely, we have . Since every is an orthogonal and sparse matrix, we can draw the conclusion that the permutation matrix is an orthogonal matrix certainly, and it is easy to get the inversion of on the client side, instead of the outsourcing algorithm for matrix inverse in .
Next, let us focus on the generation of the upper triangular matrix . The client can construct a sparse and upper triangular matrix by multiplying a series of random, consecutive upper triangular matrix. is composed of elementary matrices as
Concretely, the structure of is as follows:where is an elementary matrix, and the detailed generation of is shown in Algorithm 3; we can see that the all nondiagonal elements of are zero except , and the row index of the element is bigger than the column index of ; note that the element is randomly picked within the interval . Therefore, is a random variable with its probability density function defined asand the matrices and are kept by the client secretly.
Considering the existence of malicious servers, it is necessary to ensure the confidentiality of the original matrix and the output matrices as well, and we propose to execute a secure and efficient matrix transforming method. A concise way to encrypt is multiplying by and on both the left and right sides simultaneously. Then, the client can obtain the final ciphertext matrix as
In conclusion, the algorithm is completed by multiplying a series of consecutive matrices. In virtue of the property of these sparse matrices, the computation overhead required in this algorithm is affordable.
Once the client gets the ciphertext matrix , the client will send it to the cloud. Afterwards, the cloud server computes the QR factorization which is based on Householder reflection; after the computation, the original matrix can be decomposed into the product of and , i.e.,and then the cloud returns to the client.
This algorithm is always utilized to verify whether the cloud server follows the specification and executes the computation faithfully. After receiving the results including , the client needs to determine whether is an upper triangular matrix; if do not satisfy the correctness of the structure, the algorithm returns .
With a certain constant , , the client generates two column vectors randomly and and then computes and , in detail; these equals are used to judge whether is an orthogonal matrix and whether is equal to . If two column vectors and both equal to 0, it means that the result is correct, and the algorithm outputs . Else, the algorithm returns .
Once the client affirms that the encrypted QR decomposition result has passed the verification, it will commence this algorithm to decrypt the and obtain the results . Intuitively, the recover algorithm can be accomplished by multiplying the result with the inverse of the corresponding permutation matrix:
The inversion of can be computed easily due to the properties of orthogonal matrix, and it means . When it comes to the matrix , we can express as , and these sparse matrices all are elementary matrix, so the inversion of these matrices is very convenient to get, as .
4.2. Efficient Noninteractive Outsourcing of Large-Scale LU Factorizations
Similarly, as for the outsourcing algorithm designed for LU factorization, the encryption method for matrix is similar to the previous one, through multiplying it with two random matrices which have a specific form on both the left and right sides simultaneously, and we will explain each subalgorithm in the following part.
This algorithm is executed by the client to generate two permutation matrices and . The lower triangular matrix can be formed of a series of random elementary matrices aswhere the structure of is as follows:
We can know that every is not only a random elementary matrix, but also a lower triangular matrix, the detailed generation of is demonstrated in Algorithm 4, note that the element is randomly selected from the interval , and therefore, is also a random variable and the probability density function of satisfies the following equation:
Similarly, we can generate an upper triangular matrix aswhere every is not only a random elementary matrix which is an upper triangular matrix as well, and the detailed generation of is demonstrated in Algorithm 3.
The client permutates the original matrices through multiplying the secret matrices and , and then the client can obtain ciphertext matrix after the conversion as
Once the client completes the encryption algorithm and gets matrix , the client will turn to the cloud. Then, the cloud server will use its powerful resources to accomplish the LU factorization, after the computation, the original matrix can transfer into the product of and , i.e.,and then the cloud returns to the client.
After getting the returned from the cloud, determining whether is a lower triangular matrix and whether is an upper triangular matrix will be the first step; if do not satisfy the correctness of the structure, the algorithm returns .
Then, input a certain constant , and , the client generates a random column vector and then computes ; in detail, this equal is used to determine whether is equal to . If the result of equals to 0, it means that the result is correct, and the algorithm outputs . Else, the algorithm returns .
Once the client ensures that the encrypted LU decomposition result is correct, it will conduct this algorithm to decrypt the and obtain the final results . Intuitively, the decryption algorithm can be accomplished by multiplying the result with the inverse of the corresponding permutation matrix:
5. Theoretical Evaluations
In this section, the elaborate theoretical analysis of our proposed algorithm and efficiency comparisons will be shown.
5.1. Security Analysis
Theorem 1. For any valid large-scale input matrix , our proposed outsourcing algorithms are correct exactly.
Proof. If the cloud server performs the task correctly, we can get which satisfy , , because cloud performs the QR factorization by Householder reflection, and we can know that the result of QR factorization is unique. So, we can get and , when we use equation (18) to decrypt and , and the results of are correct exactly. As for LU outsourcing factorization, we can get and when the cloud server performs the task correctly, which satisfy and , because cloud performs the LU factorization by Gauss elimination, and we can know that the result of LU factorization is unique. So, we can obtain and through equation (25). Above all, we can say our proposed outsourcing algorithms are correct exactly.
5.1.2. Privacy Security
Theorem 2. For any valid large-scale input matrix , the encrypted matrices and are computationally indistinguishable under chosen-plaintext attack, and or is computationally indistinguishable from a random matrix, respectively, which means that our proposed algorithm satisfies the security definition of data privacy.
Proof. We consider the input privacy firstly, and in other words, it means the probability that an adversary can infer the information of the original matrix from is negligible, where . In the algorithm, and are permutation matrices, is an orthogonal matrix based on Givens matrix, and is an upper triangular matrix specially, where and ; we can know each processes two rows of and each processes one column of . We assume that . The elements in th row and the th row of matrix can be described as follows, which is concealed by arbitrary parameters , where ,By the next encryption step, the elements of are easy to deduce thatAs we mentioned before, these parameters are chosen by the client randomly and all are blind to adversary , in order to recover , the adversary needs to access and even if the adversary knows the encryption algorithm , however, the number of unknown variables is more than the number of equations, so it is actually impossible to recover from , in terms of the algorithm, the client generates encryption matrices by and , due to all in satisfy the uniform distribution of , the random parameterin is selected from the interval randomly, the total probability that an adversary can recover form is the product of the probability of recovering and and also need to get the position of another element , so the success probability of an adversary is by launching a brute-force attack to obtain the two sets and , and it is small enough that an adversary can recover is definitely impossible.
Now, we consider the input privacy of ; in other words, we need to prove that the probability that an adversary can infer the information of the original matrix from is negligible, where . In the algorithm, and are elementary permutation matrices, where and ; we can know that each processes one row of and each processes one column of , so we can say that the elementary permutation matrices will process rows and columns of the original matrix in total. We assume that . The elements in th row and the th row of matrix can be described as follows, which is concealed by arbitrary parameters, where :By the next encryption step, the elements of are easy to deduce thatBecause these parameters are chosen by the client randomly and all are blind to adversary , and the random parameters in and are selected from the interval randomly, the total probability that an adversary can recover form is the product of the probability of recovering and and also need to get the position of another element , so the success probability of an adversary is by launching a brute-force attack to obtain the two sets and , and it is small enough that an adversary can recover is definitely impossible.
If there is no oracle , we can say that the advantage of adversary can be neglected actually. As for a CPA indistinguishability experiment, an adversary outputs two different integers , and is picked randomly, and is calculated and given to adversary ; predicts with the access to the oracle and eventually outputs , if , it means adversary succeeds, and the successful prediction mainly relies on the following cases: Case1: the oracle chooses the to answer at least one of ’s queries. Because will be randomly chosen for each query, the probability is . Thus, adversary can tell and get correctly. Case2: the oracle never chooses the to answer at least one of ’s queries. As the output after the algorithm is random, obtains nothing about which of its values was transformed, and it leads to the probability that is no more than .The probability of successful prediction can be deduced as follows:As discussed before, the advantage can be neglected actually, it means that this encrypted matrix is computationally indistinguishable from the matrix generated stochastically and the cloud server cannot get any individual private knowledge contained in the original matrix from . Thus, we can draw the conclusion that the input privacy is well protected.
Theorem 3. For any encrypted matrix and , after the cloud server conducts the QR and LU factorization and gets the factor matrices and , the adversary cannot obtain any private information from original matrices and .
Proof. Based on the previous analysis, matrices O and S are generated and kept by the client secretly, so the adversary cannot obtain matrices O and S; it is undoubted that O-1 and S-1 cannot be obtained, so we can say the adversary is unable to recover the factor matrices according to equation (18) without matrices O-1 and S-1. As for LU outsourcing factorization, since the adversary cannot obtain the encrypted matrices K and V and cannot obtain K-1 and V-1 as well, so it is obvious that the adversary is unable to recover L and U according to equation (25) without and can the adversary recover the result according to equation (25). All these lead up to that our proposed algorithm satisfies the security definition of data privacy including input privacy and output privacy.
Theorem 4. For any valid large-scale matrix , our proposed algorithm is verifiable exactly with a probability of approximated to 1.
Proof. The vectors are generated in our concrete method of verification. However, is used to analyse whether is an orthogonal matrix as we need. So, we simply consider the scenario where the equality , where . is the number of columns in the matrix . Assume that the answer from the server is wrong, we can get the inequality , which further results in , it means that there will be at least one nonzero element in , and we assume that the nonzero element locates in th row, , i.e., . We can obtainBecause the above process will be conducted times independently, soThe same procedure may be easily adapted to obtainWe can draw the conclusion that the incorrect result is impossible to pass the verification, and our proposed algorithm is verifiable exactly with a probability of approximated to 1.
For any valid large-scale input matrix , client performs QR and LU factorizations on its own requires and computational complexity by employing Householder reflection and Gauss elimination methods, respectively. Considering enormous data in practice, the values of and will be large extremely, which leads to the high computational complexity which is unacceptable for the client. In our proposed algorithms, the total complexity of the client is much less than . Now, we analyse the time cost in our outsourcing algorithms executed by the client thoroughly.
In the subalgorithm, and are permutation matrices generated by client, is an orthogonal matrix, and is an upper triangular matrix specially, the detailed generative process is shown in Algorithm 2 and Algorithm 3, and the total cost is .
In the subalgorithm, client performs the low-complexity matrix transformation to encrypt with where. The matrix multiplication between two dense matrices can be avoided due to and are two sparse matrices. The complexity of is no more than .
In the subalgorithm, the cloud completes QR factorization on ciphertext matrix which takes computations with complexity.
In the subalgorithm, client needs to calculate vector-matrix multiplication instead of calculate matrix-matrix multiplication, and the verification process needs to be performed at most times. Due to the subalgorithm only includes vector-matrix multiplication and , the overall complexity of on the client side is .
In the subalgorithm, we only need the inversion of and to decrypt the results which are received from cloud when the results have passed the process. And as we talked in Section 4, the inversion matrices of and are both convenient to generate. Hence, the only contains the sparse matrix-matrix multiplication, and we can know that the complexity of decryption is .
The efficiency analysis of LU factorization is similar, and we list the concrete computational complexity of each subalgorithm in the next section. To sum up, our proposed scheme requires computational complexity of , which is less than the computational complexity of of conducting QR or LU factorization, so it is fully in line with the design goals of efficiency.
5.2. Efficiency Comparisons
In this section, we further compare our scheme with those of the most related schemes mentioned in Section 2. We demonstrate the concrete analysis in Tables 1 and 2. These tables show the comparison regarding the computation complexity at each step and the whole communication overhead of the proposed outsourcing algorithm for QR and LU factorization, respectively, and other properties as well.
When calculating the complexity of the QR decomposition outsourcing scheme in work , which is using homomorphic encryption (HE), the parameter denotes the polynomial modulus and is always a power of two, such as 1024, 2048, and 4096. And we assume that the computational complexity of modular multiplication is equal to multiplication, but in real scenario, the time complexity of modular multiplication operations is greater than that of multiplication operation.
As we discussed before, we demonstrate the computation complexity in each stage. And we can observe that the computational complexity in each stage in our scheme is smaller than other works, the computational complexity in the subalgorithm is affordable as for the client, and the total communication overhead in our scheme only includes the overhead of sending the encryption matrix to the cloud server and receiving the results from the cloud. Our proposed scheme realizes the reduction of the computational overhead from to on the client side.
Specifically speaking, compared with the scheme in , the client needs to outsource large-scale matrix multiplication and large-scale matrix inversion, more than outsourcing QR and LU factorizations, which inevitably lead to an increase in computation and communication overhead for the client. Meanwhile, their scheme requires many interactions with the cloud, and every matrix for interaction still needs to be encrypted for enhanced privacy protection, which cause the high communication overhead on the client. However, our proposed scheme is noninteractive, so the client only needs to send matrix and receive results, the interactions are no longer needed, and the client can complete outsourcing process locally with little cost by employing our scheme, which not only guarantees the privacy security but also reduces the client’s computation and communication overhead.
In , they presented the implementation of QR factorizations through a homomorphic encryption method based on ring learning with errors, note that the plaintexts to be encrypted should only be integers, if the inputs are decimals or floating numbers, they first need be enlarged by a scaling factor, rounded to the nearest integers, only in this way, the inputs can accomplish the homomorphic processing, and their algorithm is subject to low efficiency. Furthermore, the experiment in their scheme has not applied to large-scale matrices and fails to be practical in applications, so we cannot evaluate the performance of their scheme. Compared with the existing scheme , our scheme does not require additional data operations, and our scheme has more accuracy and efficiency and fulfills extra verification function as well.
To sum up, as for the client, the client has already outsourced the most complex matrix operation to the cloud and enjoys significant cost savings by deploying our proposal, and the detailed experimental results will be presented in the next section. One can see that regarding computational complexity and communication overhead, the proposed scheme reduces the computational overhead of direct computation successfully, and it has considerably better performance than the existing research.
6. Experimental Evaluation
In this section, we provide a concrete experimental analysis on the performance of the proposed algorithms in a real-world scenario. Our experiments are carried out on the computer with 2.7 GHz Intel Core i5-6400 and the memory of 8 GB to simulate the client side, and another computer with an Intel i7-10700 processor running at 2.8 GHz and 16 GB memory is utilized to simulate the cloud server. We implement the proposed algorithms in Matlab.
We implement our proposed algorithms on different data scale by experiment to evaluate the running time for QR and LU factorizations, respectively, and we record and provide the running time in each different situation. Besides, we assume that the time spent for interaction between the client and the cloud can be proximately neglected. Tables 3 and 4 present the processing time overhead for performing QR and LU factorizations, respectively, and we set the size of the original matrix we construct randomly varies from 500 300 to 7500 5000, and we simulate in the subalgorithm to make a tradeoff between the efficiency and security.
To make our experiment result more concise and intuitive, we pay more attention to the whole treatment time on the client side and the execution time on the cloud server, so we use these parameters. denotes the execution time for the client locally employing QR and LU factorizations without the assistant of the cloud. is represent for the execution time for the client to apply our proposed algorithms, including the client’s time cost of accomplishing the subalgorithms on its own. denotes the execution time for the cloud to accomplish QR and LU factorizations. We will take the execution time as the performance metric, and we can describe the performance gain by ; this value is utilized to measure the resources saved for the client when employing the outsourcing algorithm; generally, the larger the value is, the more computing resources can be saved. In the experiment result shown in the tables, we will focus on this performance metric.
And the computation time of matrix of different dimension is demonstrated in Figure 2.
Table 4 presents the processing time (in seconds) and performance gain for solving LU factorizations of different scale.
And the processing time of matrix of different dimension is demonstrated in Figure 3.
We can see that the client enjoys significant cost savings by deploying our proposed scheme, and the required time of the proposed outsourcing scheme increases as the size of the input matrices increase. As can be seen from two tables above, which is represented for the resource advantage of the client is up to 1816.67, and it can be considered as our outsourcing scheme has significant computing savings compared to the situation performing QR and LU factorizations on its own.
To validate the efficiency of our scheme sufficiently, we simulate the outsourcing schemes in prior work on our computer and compare the execution time with respect to dimension of input matrix in Tables 5 and 6.
As for the outsourcing of QR factorizations, the scheme in work  requires interactions with the cloud, and every matrix for interaction still need to be encrypted for enhanced privacy protection; it causes a lot of computational overheads on the client side undoubtedly, and the operations for the elements of matrix in work  are so complicated that the execution time is the longest among all the works. We can see that of our scheme is significantly less than others even though our scheme requires additional overhead of verification, compared to work  and work , and we can say that our scheme is highly efficient.
According to the tables and figures above, we can conclude that our proposed scheme achieves considerable savings in terms of computation and communication overhead on the client side, and the client resource advantage, i.e., , improves generally related to the increasing size of the matrix as illustrated in tables and figures above, which fulfills totally the design goals for outsourcing large-scale matrix. More importantly, the experiment shows that the proposed scheme needs fewer computing resources than the prior works, and the client employs our algorithm without interaction, thereby reducing clients’ communication overhead and minimizing the risks of destroying data security and privacy during the interaction process. In summary, the experiment validates the efficiency of proposed outsourcing scheme by numerical experiments.
As the emergence of the big data and cloud computing era, secure outsourcing services are inevitably becoming prevalent, which allows a resource-constrained client moves the heavy computation to the cloud server which has outstanding performance. Considering that QR and LU factorizations have made noticeable contributions in many fields, but they take too much burden and overhead for the client when the dimension of the input matrix is large extremely. To this end, we propose an efficient and noninteractive outsourcing scheme of large-scale QR and LU factorizations. Specially, we take an efficient encryption method on the original data that the client transforms the original matrix by multiplying a series of particular matrices, these matrices all are sparse enough to ensure efficiency and ensure data security at the same time, this techniques can not only lessen the computational overhead of encryption and decryption stage but also deal with serious potential security menace, then the cloud performs matrix factorizations on the transformed matrix, the client just needs to send matrix and receive results, and the interactions are no longer needed, which brings benefit of reducing communication overhead. Our proposed scheme can fulfill the design goals of correctness, privacy preserving, efficiency, and verifiability, and we provide a concrete experimental result on the performance on large-scale matrices. The evaluation results show that regarding computational complexity and communication overhead, our proposed scheme has considerably better performance than the existing research studies.
No data were used to support the findings of this study.
Conflicts of Interest
The authors declare that there are no conflicts of interest regarding the publication of this paper.
The work described in this paper was supported by the National Natural Science Foundation of China (grant no. 62072295) and Natural Science Foundation of Shanghai (20ZR1419700).
G. H. Golub and C. F. V. Loan, Matrix Computations, Johns Hopkins University Press, Baltimore, MD, USA, 4th edition, 2013.
A. R. Benson, D. F. Gleich, and J. Demmel, “Direct QR factorizations for tall-and-skinny matrices in MapReduce architectures,” in Proceedings of the 2013 IEEE International Conference on Big Data, pp. 264–272, Silicon Valley, CA, USA, October 2013.View at: Google Scholar
D. Benjamin and M. J. Atallah, “Private and cheating-free outsourcing of algebraic computations,” in Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust, pp. 240–245, Fredericton, Canada, October 2008.View at: Google Scholar
P. Mohassel, “Efficient and secure delegation of linear algebra,” IACR Cryptology ePrint Archive, p. 605, 2011.View at: Google Scholar
Z. Chen, A. Fu, K. Xiao, M. Su, Y. Yu, and Y. Wang, “Secure and verifiable outsourcing of large-scale matrix inversion without precondition in cloud computing,” in Proceedings of the 2018 IEEE International Conference on Communications (ICC), pp. 1–6, Kansas City, MO, USA, May 2018.View at: Google Scholar
S. Kim, J. Kim, D. Koo, Y. Kim, H. Yoon, and J. Shin, “Efficient privacy preserving matrix factorization via fully homomorphic encryption,” in Proceedings of the ACM AsiaCCS’16, pp. 617–628, Xi’an, China,, May-June 2016.View at: Google Scholar
J. Duan, J. Zhou, and Y. Li, “Secure and verifiable outsourcing of nonnegative matrix factorization (NMF),” in Proceedings of the ACM IH & MMSEC, pp. 63–68, Vigo, Spain, June 2016.View at: Google Scholar
L. Zhou and C. Li, “Outsourcing eigen-decomposition and singular value decomposition of large matrix to a public cloud,” IEEE Access, vol. 4, pp. 869–879, 2017.View at: Google Scholar
C. Luo, K. Zhang, S. Salinas, and P. Li, “SecFact: secure large-scale QR and LU factorizations,” IEEE Transactions on Big Data, p. 1, 2017.View at: Google Scholar
Y. Zhang, P. Zheng, and W. Luo, “Privacy-Preserving outsourcing computation of QR decomposition in the encrypted domain,” in Proceedings of the 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 389–396, Rotorua, New Zealand, August 2019.View at: Google Scholar
O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game,,” in Proceedings of the STOC ACM, New York, NY, USA, January 1987.View at: Google Scholar
J. Katz and Y. Lindell, Introduction to Modern Cryptography, CRC Press, Boca Raton, FL, USA, 2015.
S. Zhang, S. Pan, W. Wang, and Q. Wang, “A fast secure outsourcing of ridge regression based on singular-value decomposition,” in Proceedings of the 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC), pp. 1–8, Orlando, FL, USA, November 2018.View at: Google Scholar