Research on the Millionaires’ Problem under the Malicious Model Based on the Elliptic Curve Cryptography

Liu, Xin; Xu, Yang; Xu, Gang; Li, Baoshan

doi:https://doi.org/10.1155/2022/6923610

Security and Communication Networks

On this page

Abstract Introduction Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Advances in Security and Performance of Blockchain Systems

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 6923610 | https://doi.org/10.1155/2022/6923610

Research on the Millionaires’ Problem under the Malicious Model Based on the Elliptic Curve Cryptography

Xin Liu,¹Yang Xu,¹Gang Xu,^2,3and Baoshan Li¹

Academic Editor: Xin-Yi Huang

Received22 Oct 2021

Accepted10 Feb 2022

Published24 Mar 2022

Abstract

With the rapid development of blockchain, big data, cloud computing, and artificial intelligence, the security of multisource data collaborative computing has become increasingly prominent. Secure multiparty computing has become the core technology of privacy collaborative computing. Millionaires’ problem is the cornerstone of secure multiparty computation. Firstly, this paper proposes a 0-1 coding rule, which is used to solve the millionaires’ problem under the semihonest model. Aiming at the possible malicious behaviors of the protocol under the semihonest model, the millionaires’ problem protocol under the malicious model based on the elliptic curve cryptography is designed by using cryptographic tools such as the zero-knowledge proof and the cut-choose method. This protocol not only can effectively solve the millionaires’ problem but also can safely and effectively prevent malicious behaviors. Meanwhile, the security ordering designed by the protocol can be effectively applied to a quality evaluation in the blockchain.

1. Introduction

Secure multiparty computation (SMC) is the core technology to achieve collaborative computing for the privacy of multisource data in recent years. The idea of SMC is proposed by Professor Yao Qizhi in 1982 [1], and then Goldreich [2, 3] began to do more in-depth research on SMC. SMC has been widely used in the blockchain [4–6], data mining [7–9], privacy computing [10, 11], medical [12, 13].

The millionaires’ problem is one of the most classic problems in SMC. Many cryptographers have been working on it. Reference [14] presents a protocol for solving the millionaires’ problem based on the exchange cryptosystem, oblivious transfer method. Based on the Goldwasser–Micali (GM) cryptography, reference [15] proposed a protocol to solve the problem of socialist millionaires. Reference [16] proposed a protocol to solve the problem of the millionaires’ problem by using the shift registers and the property of probability encryption. Reference [17] presents a protocol based on the Paillier cryptosystem. The existing schemes have the disadvantage of inefficiency, and most of them are only suitable for the semihonest model and cannot resist malicious attacks. To solve the above problems, this paper studies the millionaires’ problem under the malicious model in depth and presents the millionaires’ problem protocol based on the elliptic curve cryptography.

Elliptic curve cryptography (ECC) is a traditional encryption method that has the advantage of high computational efficiency and is based on the elliptic curve discrete logarithm problem, and it has been widely used because of its short key [18–20]. Using ECC, the protocol designed in this paper has more efficient operation efficiency and security. The main contributions are as follows:(1)First, a 0-1 encoding rule for ECC is proposed, and then a millionaires’ problem protocol under the semihonest model is designed(2)With the help of some cryptographic tools such as the zero-knowledge proof and cut-choose method, a protocol is designed to resist the attacks of malicious opponents(3)Finally, an ideal-practical example method is used to prove the security of the protocol under the malicious model

2. Preliminary Knowledge

2.1. Elliptic Curve Cryptography

Elliptic curve cryptography (ECC) is a public-key cryptosystem based on discrete logarithmic problems of point groups of elliptic curves. For example, an elliptic curve is defined as , two points and on the curve, a straight line through and , an intersecting elliptic curve at point, and a line perpendicular to axis through point. An intersecting elliptic curve at another point is defined as , as shown in Figure 1.

When , the tangent of the point intersects , and then the point makes a straight line perpendicular to the -axis, intersecting the elliptic curve at another point . When identical are added, they are counted as , such as . Elliptic curves make use of the mathematical problem of discrete logarithm in the above operations, that is, when , and are known, and is easily obtained. But it is very difficult to find and when is known.

In cryptography systems, if there is an elliptic curve and a base point , a random number is generated as the private key, and the datum is computed times to get the public key . In ECC, the private key is easy to get the public key ; the public key cannot get the private key .

Compared with the traditional public key algorithms, elliptic curve cryptography has the following advantages [19, 20]:(1)higher security performance. For example, 160 bit ECC has the same security strength as 1024 bit RSA and DSA algorithms.(2)small amount of computation and fast processing speed. ECC is much faster than RSA and DSA in the processing speed of private key (decryption and signature).(3)The storage space occupation is small. Compared with RSA and DSA, the key size and system parameters of ECC are much smaller, so the storage space occupation is much smaller.(4)ECC has a wide application prospect because of its low bandwidth requirements.

2.1.1. ECC Encryption

(1)Elliptic curve , a base point , private key , and public key (2)Encode a plaintext to a point on the elliptic curve and select a random number (where is the order of base point )(3)Encryption: , (4)Decryption:

2.1.2. Additive Homomorphism of ECC

(1)Encryption: encode a plaintext onto a point of the elliptic curve , use the private key to generate the public key , select a random number , and calculate and (2)Addition operation: all ciphertexts are added to obtain ciphertexts , where and (3)Decryption: compute and finally decode to obtain the plaintext

2.2. Zero-Knowledge Proof

Zero-knowledge proof [21] means that the prover can make the verifier believe that a conclusion is correct without providing any useful information to the verifier. The prover proves to the verifier and makes him believe that he knows or owns a certain message, but the certification process cannot disclose any information about the proved message to the verifier. A large number of facts have proved that the zero-knowledge proof is very useful in cryptography. If the zero-knowledge proof can be used for verification, many problems can be effectively solved.

2.3. Cut-Choose Method

In cryptography, we encrypt the information that can be sent into messages using different random numbers. The receiver selects of them to verify their correctness and then selects one of the remaining for the remaining protocol steps. The cut-choose method can minimize the malicious input probability of the protocol and make the transmission of information more secure [22].

2.4. Security Definition of a Protocol under the Malicious Model

To prove that a protocol is secure under the malicious model, it must satisfy the security definition under the malicious model. If the actual protocol achieves the same security as the ideal protocol, then the protocol is secure [3].

Alice owns , and Bob owns . They compare by calculating function with a trusted third party (TTP). At the end of the protocol, both parties get and without leaking and . The ideal model is as follows:(1)The honest participant always provides or to the TTP, while the malicious participant may decide not to execute the protocol based on or or provide a false input or to the TTP when the protocol is executed.(2)TTP sends the result to Alice. After TTP gets input pair , is calculated, and is sent to Alice; otherwise, the special symbols are sent to Alice.(3)TTP sends the result to Bob, and if Alice is a malicious participant, it may no longer contact with TTP after receiving . In this case, TTP sends Bob a special symbol ; otherwise, TTP sends to Bob.

The ideal protocol is the safest protocol because participants cannot get any information except their from TTP. If an actual protocol achieves the same security as the ideal protocol, we say that the actual protocol is secure.

If the participant in the ideal model has an auxiliary information and the process of calculating in combination with policy is , it is defined as the adversary evenly choosing a random number and to make , where is defined as follows (note: if both parties under the malicious model are malicious, it is impossible to design an SMC protocol; we do not consider this case):(1)If Alice is honest, there is , where .(2)If Bob is honest:

In both cases, .

Definition 1. Security for the malicious model.
If, in the ideal model, an acceptable policy pair in the actual protocol can be found, there is an acceptable policy pair , such thatSo this protocol can calculate securely.

3. The Protocol under the Semihonest Model

3.1. Solution Ideas

Alice owns , and Bob owns . Alice and Bob want to compare the relationship: , , , while they do not want to leak their and , respectively. The solution is to code and as a set consisting of 1 and 0 and use ECC to design an efficient protocol.

The 0-1 encoding rule: encode into a set , where and

The comparison rule: based on the position of in : if , then ; if , then ; and if , then . Define the following formula to judge the relationship between and :

For example: Alice’s data is 5, which is encoded into a new set , and Bob calculates with three different data . This is shown in Table 1.

3.2. Specific Protocol

Alice owns data , and Bob owns data , and both parties compute securely to determine the relationship. Using the above 0-1 encoding rule, Algorithm 1 under the semihonest model is designed based on ECC homologous encryption.

Input: Alice owns data , and Bob owns data .
Output: .
(1)	Alice encodes into a set , where and .
(2)	Alice chooses an elliptic curve , the base point , and the private key ; then calculates as the public key ; and publishes the public key and the base point .
(3)	Alice encodes the plaintext one by one onto point on the elliptic curve (the encoding method is not unique [18], which is not discussed here). She chooses random numbers and encrypts each element one by one using the public key of ECC, that is, , . She gets , which is sent to Bob.
(4)	Bob calculates based on the position of data in , where and . He sends to Alice.
(5)	Alice decrypts with the private key to get , where , and decodes the point to get . If , ; if , ; and if , . Alice tells Bob the result.
	The protocol ends.

Algorithm 1 is secure under the semihonest model, but if one of Alice and Bob is a malicious participant, the protocol is no longer secure. The following section will improve the protocol to make it safe and feasible under the malicious model.

4. The Protocol under the Malicious Model

4.1. Solution Ideas

Firstly, we analyze the possible malicious attacks in Algorithm 1. Then the solutions to these malicious attacks are proposed. Finally, the possible malicious attacks cannot be implemented or found when they are committed. The following malicious attacks may exist in Algorithm 1 as follows:(1)In Algorithm 1, Alice has both the public key and the private key , but Bob only has the public key , so the final result can only be calculated unilaterally by Alice, which is unfair to Bob. (2) In steps 3 and 4, if the ciphertext sent by Alice and Bob to each other is wrong so that neither party can get the correct result. (3) In step 5, Alice tells Bob the wrong result after decrypting, which leads to a wrong conclusion for Bob. For the above malicious attacks, a new protocol must be designed to find or render them impossible to implement. (Note: Before designing the protocol under the malicious model, we need to be clear that some malicious behaviors cannot be prevented in the ideal protocol. For example, if you enter wrong inputs in the ideal model, no matter how you detect and verify, you cannot get the correct results; similarly, if you refuse to carry out the protocol, we cannot get the results, either. Therefore, we will not consider the following behaviors when designing the protocol under the malicious model: (1) refusing to carry out the protocol, (2) inputting false data, and (3) one party terminating the protocol after obtaining the information he wants to prevent other participants from carrying out the protocol.)

To design a secure, fair, and correct protocol under the malicious model, the solution is to use cryptographic tools such as the zero-knowledge proof and cut-choose method to prevent malicious attacks that may exist in Algorithm 1. The final results are calculated by both parties at the same time.

4.2. Specific Protocol

Based on the malicious attacks that may occur in Algorithm 1 under the semihonest model, we use the above 0-1 encoding rule to design the millionaires’ problem algorithm under the malicious model using the zero-knowledge proof and cut-choose method. The framework of Algorithm 2 under the malicious model is outlined in Algorithm 3.

Input: Alice owns , and Bob owns .
Output: .
Prepare:
(1)	Alice and Bob jointly select an elliptic curve and a base point . Alice and Bob separately select their own private key . Then Alice and Bob calculate their public keys and and and , respectively. Finally, Alice and Bob exchange and .
	Alice and Bob construct their own new sets and through and , where: .
	Start:
(1)	Alice encodes the plaintext onto the point of the elliptic curve ; selects random numbers ; encrypts each element one by one with the public key , that is, calculates the , where: and ; obtains ; and finally, sends to Bob.
(2)	Bob encodes the plaintext onto the point of the elliptic curve ; selects random numbers ; encrypts each element one by one by using the public key , that is, calculates the , where: and ; obtains ; and finally, sends to Alice.
(3)	Alice calculates according to the position of data in , where and , and sends to Bob.
	Bob calculates according to the position of data in , where and , and sends to Alice.
(4)	Alice decrypts using the private key , that is, calculates to obtain point. Bob decrypts using the private key , that is, calculates to obtain point .
(5)	Alice selects random numbers () to calculate . Bob selects random numbers () to calculate . Finally, Alice and Bob exchange and .
(6)	With the help of the cut-choose method, Alice randomly selects the groups from the groups sent by Bob and publishes it and requires Bob to publish the corresponding . Alice verifies: . If the verification is passed, they continue the protocol or else terminate.
	Bob randomly selects the groups from the group sent by Alice and publishes it and requires Alice to publish the corresponding . Bob verifies: . If the verification is passed, they continue the protocol or else terminate.
(7)	Alice and Bob randomly select one and from the remaining and , respectively. Meanwhile, Alice selects two random numbers and , and Bob selects two random numbers and . Alice calculates , , ; Bob calculates , , and . Then Alice and Bob send and to each other.
(8)	After both parties receive information from each other, Alice calculates and and sends them to Bob. Bob calculates and and sends them to Alice.
(9)	Alice uses the zero-knowledge proof to verify that the sent by Bob is correct, that is, to prove that Bob does get the by multiplying his private key with his , that is, to judge whether is true. Bob uses the zero-knowledge proof to verify that the sent by Alice is correct, that is, to prove that Alice does get the by multiplying her private key with her , that is, to judge whether is true. The party who fails is malicious.
(10)	Alice can get by calculating . If , then ; Bob can get by calculating . If , then . If , it proves that the results required by both parties are correct and identical; otherwise, the protocol shall be terminated.
(11)	Finally, Alice and Bob get and by decoding points and , respectively. If , then ; if , then ; and if , then .
	The protocol ends.

A specific protocol is as follows:

Input: : Alice’s input; : Bob’s input; : the base point of the elliptic curve ; : encode inputs into a degree 0-1 codes; : Alice’s private key; : Bob’s private key; : encrypt. : Alice’s random number; and : Bob’s random number
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)	Exchange , .
(14)
(15)
(16)
(17)
(18)	Exchange ,
(19)
(20)	and
(21)
(22)	Alice verifies if and then continues or else terminates
(23)	Bob verifies if and then continues or else terminates
(24)
(25)
(26)
(27)	Exchange ,
(28)
(29)	Exchange ,
(30)
(31)
(32)	if , then
	and
	if , then
	else if , then
	else
	else terminate
	Output:

4.3. Correctness Analysis

(1)The steps and positions for both Alice and Bob to execute the protocol in Algorithm 2 are identical, so we only demonstrate the possible malicious behaviors of Alice. The security analysis of the protocol is as follows: In step (5), if Alice selects that is the wrong random number, Bob happens not to choose the wrong random number out of selected, that is, no wrong random number is detected, but in the following step (7), it happens to be selected by Bob, and Bob calculates the wrong result. The probability of success is analyzed as follows:①If Alice uses the above method to commit a malicious attack, the most likely scenario for successful execution of such malicious attacks is that Alice mixes one wrong in random , which maximizes the likelihood that the malicious attack will succeed. The probability of deception success in this case is .②If , Alice mixes one wrong in random . The probability of deception success in this case is , but if Alice mixes 10 wrong in random , the probability of deception success in this case is , in which case the probability of success is even smaller or negligible.③If Alice mixes random with more than wrong random numbers, it will be discovered in the subsequent verification phase.(2)In step (4), both Alice and Bob decrypt point and point using their respective private keys and as follows:(3)The and published in step (5) do not leak any information because their own random numbers are added.(4)In step (7), Alice and Bob calculate as follows: Alice and Bob then send and to each other.(5)In step (10), Alice and Bob get the right results. Alice uses the zero-knowledge to prove that the sent by Bob is correct; the result obtained by calculating is correct, that is, After Bob uses zero-knowledge to prove that the sent by Alice is correct; the result obtained by calculating is correct, that is:(6)In step (11), Alice and Bob decode point and point to get and , respectively.(7)The encoding of plaintexts on points and in steps (1) and (2) and the decoding of points and in step (11) can be referred to reference [23].(8)The whole process does not leak any confidential information, and both parties can obtain results independently, avoiding unfairness caused by one party telling the other party the result.(9)In many cases, the data range is known to all parties in reality. For example, if two students want to compare their grades, then the data range is , that is known to all parties; if two companies at the same level want to compare their assets, the data range may be , but a company’ assets are often sparsely rather than densely distributed on the data range. Assets can only be a few scales, and the data range is very small. Therefore, they know the data range. The data range does not leak any information about its private data. Generally speaking, all the numbers compared in SMC are comparable. If these figures are comparable, both parties will know their scope. Ordinary companies will never compare their assets with Microsoft because they are not comparable. However, we have to say that although the data range is known, if the data range is large, the computational complexity of the protocol will be very high, so the protocol becomes impractical.

4.4. Security Proof

Algorithm 2 under the malicious model is proved as follows.

Definition 2. Algorithm 2 is secure under the malicious model.

Proof. This proving process borrows a trusted third party (TTP). We set the actual policy pair as , the ideal policy pair as , as the output, and as the message sequence received by in the zero-knowledge proof process. We want to prove that the security of the protocol under the malicious model is to prove that when Algorithm 2 is executed, the implementation of malicious behaviors in the actual protocol calculation will not affect the correct output, that is:In Algorithm 2, the malicious behaviors are not allowed for both Alice and Bob at the same time, so there are two scenarios: Alice or Bob is honest. Here, and represent Alice and Bob, respectively.(1)If is honest and is dishonest, then:①Since is honest, sends a correct to TTP, and the protocol will be executed correctly.②What sends to TTP depends on the actual selection of . sends to under the ideal model. sends to in the practical cases, and sends to TTP. Finally, TTP outputs .③Ideally, uses the sent by TTP to try to get that is indistinguishable from the calculated by in practice and make it the output of in the practical cases. That is, selects to make , performs all the calculations in Algorithm 2, obtains and , and records the received sequence in the zero-knowledge proof. Thus, the protocol proceeds, and we get Because ciphertexts are encrypted ideally and practically using the same probability algorithm, there are and . The random number is indistinguishable from , so .(2)If is dishonest and is honest, there are two situations: Actually, completes the zero-knowledge proof and publishes the results: Actually, does not publish the results or execute the zero-knowledge proof:①Because is honest, will send correct to TTP, and the protocol will be carried out correctly.②What will send to TTP depends on the choice of in the practical situation. Ideally, sends to ; practically, sends to , and sends to TTP. Finally, TTP outputs .③If does not publish the results or do not conduct the zero-knowledge proof in practice, in the ideal model will get from TTP.④Ideally, uses the sent by TTP to try to obtain that is indistinguishable from calculated by in the practical situation and to make it to be the output of in the practical situation.That is, selects to make . And Algorithm 2 is carried out. Finally, under the ideal model, obtains and and records the sequence received through the zero-knowledge proof. In this way, we get the following.
Ideally, when does not publish results to via TTP:Ideally, when announces results to via TTP:where , and are encrypted by the same ECC encryption algorithm. and are computed by both random numbers and constant operations. The zero-knowledge proof guarantees . Therefore, for any algorithm in the practical protocol , there exists in the ideal protocol, which makesThus, the protocol’s security is proven.

5. Efficiency Analysis

5.1. Computational Complexity

Reference [24] proposed a protocol to solve the millionaires’ problem based on the decision Diffie–Hellman hypothesis (DDH) and performed modular multiplications. Reference [25] designed a millionaires’ problem comparison protocol with 0-1 coding rules based on ElGamal encryption, which needs modular multiplications. Reference [22] designed an antimalicious millionaires’ problem protocol based on the Paillier encryption and performed modular multiplications.

During the execution of Algorithm 1, the computational complexity mainly includes: times ECC encryption operations of Alice and 1 time ECC decryption operation of Bob, with a total of modular multiplications. During the execution of Algorithm 2, the computational complexity mainly includes: times ECC encryption operations and 1 time ECC decryption operation of Alice and several modular multiplication operations during message verification. A total of modular multiplications are performed, and the rest are ordinary multiplication and addition operations, which can be ignored.

5.2. Communication Complexity

There are two rounds of communication in Algorithm 1; reference [24] carried out three rounds of communication; reference [25] carried out three rounds of communication; reference [22] carried out three rounds of communication; and Algorithm 2 carried out six rounds of communication, as shown in Table 2.

5.3. Experimental Simulation

To verify the validity of the above protocols more intuitively, we compare Algorithm 2 with reference [22, 24, 25]. The experimental environment is Windows10 (64 bit) operating system, Intel (R) Core (TM) i7-5500U CPU @ 2.40 GHz processor, 8.00 GB memory, and the experiment is carried out by Python language.

The Paillier encryption, ElGamal encryption, and GM encryption have the same size of inputs in the experiment, and the time of protocol preprocessing is ignored in the experiment. Figure 2 is a comparison of the protocol time consumption in experiment 1 with the increase of modulus. The data held by each participant in experiment 1 is an integer from 0 to 100 (set length is set to 100). The average execution time (the ordinate coordinate) of the four protocols is calculated under 128, 256, 512, and 1,024 bit modules (the horizontal coordinate). As can be seen from Figure 2, the time consumed by Algorithm 2 is lower than those of other references.

Figure 3 is a comparison of the execution time of experiment 2 with the increase of data range. In experiment 2, each participant held the input data in the range of 0–100, 100–200, 200–300, 300–400, 400–500, 500–600, 600–700, 700–800, 800–900, and 900–1,000 under the same module. As can be seen from Figure 3, Algorithm 2 takes less time in different data ranges than other protocols, and the time consumption is relatively stable.

The results show that under the same security performance, Algorithm 2 is slightly more efficient than reference [24] and has obvious advantages than Reference [22, 25]. Algorithm 2 can resist malicious attacks and has higher security and greater practical value. (Note: For Algorithm 2, increased the bitcoin commitment, cut-choose, and zero-knowledge proof methods will result in significantly higher computational complexity and lower execution efficiency, making malicious model protocols no more efficient than semihonest model protocols. However, preprocessing or computing outsourcing can be used to improve efficiency, and both methods are available in Algorithm 2).

5.4. Applications

This paper uses efficient ECC encryption to design and study the classic millionaires’ problem in SMC. It not only solves the problem of comparison between two numbers but also distinguishes whether two numbers are equal or not. The protocol can be widely applied to sort confidentially. Alice has ; Bob has ; Bob wants to query the ranking position of in ; and both sides do not want to expose any information about and . This problem is an important application of SMC in data query and has wide application prospects, such as secret ranking of college entrance examination results: after the college entrance examination, candidates want to check their ranking in the reported candidates, and the school does not want to disclose any information about other candidates. The problem can be solved by our protocol.

The same method can be applied to the smart contract quality evaluation in the blockchain. Blockchain technology is considered to be the next generation of disruptive core technology after steam engine, power, and Internet. In order to establish a high-quality blockchain application environment, excellent smart contract developers will be rewarded by obtaining some form, such as tokens. However, there is no good evaluation method for the quality of the smart contract. Most of them are sorted by the number of contract calls and the total amount of contract transactions. Therefore, using our protocol to construct the sorting method, the screened high-ranking users have strong authenticity and security and are not easy to forge.

6. Summary and Prospect

As the cornerstone of SMC, the millionaires’ problem is still under constant researches by experts and scholars. However, most of the schemes are designed under the semihonest model, which cannot resist malicious attacks and affect the practical application of the protocols. This paper uses the 0-1 encoding method and ECC encryption algorithm, first designs a semihonest model protocol, and then improves it for malicious behaviors. The millionaires’ problem protocol under the malicious model solves the problem of malicious attacks in practical applications. By comparing with the existing protocols, our protocol is more efficient and practical.

Data Availability

The algorithm data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This study was supported by the fund project, National Natural Science Foundation of China (92046001 and 61962046); Inner Mongolia Natural Science Foundation (2021MS06006); Baotou Kundulun District Science and Technology Planning Project (YF2020013); Inner Mongolia Discipline Inspection And Supervision Big Data Laboratory open project fund (IMDBD2020020); Major Science And Technology Projects in Inner Mongolia (2019ZD025); basic scientific research business fee project of Beijing Municipal Commission of education (110052972027); the Scientific Research Launch Funds of North China University of Technology (110051360002); and Beijing Urban Governance Research Base of North China University of Technology.

References

A. C. Yao, “Protocols for secure computations,” in Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164, IEEE press, Chicago, IL, USA, June 1982.
View at: Google Scholar
O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game,” in Proceedings of the 19th Annual ACM Symposium on Theory of Computing, ACM, pp. 218–229, Montreal, Canada, June 1987.
View at: Google Scholar
O. Goldreich, Foundations of Cryptography-Volume 2: Basic Applications, Cambridge University Press, Cambridge, UK, 2009.
T. Li, Z. Wang, G. Yang, and Y. Cui, “Semi‐selfish mining based on hidden Markov decision process,” International Journal of Intelligent Systems, vol. 36, 2021.
View at: Google Scholar
Y. Chen, J. Sun, Y. Yang, and T. Li, “PSSPR: a source location privacy protection scheme based on sector phantom routing in WSNs,” International Journal of Intelligent Systems, vol. 37, 2021.
View at: Google Scholar
T. Wang, W. Ma, and W. Luo, “Information sharing and secure multi-party computing model based on blockchain,” Computer science, vol. 46, no. 9, pp. 162–168, 2019.
View at: Google Scholar
J. Liu, Y. Tian, Y. Zhou, Y. Xiao, and N. Ansari, “Privacy preserving distributed data mining based on secure multi-party computation,” Computer Communications, vol. 153, pp. 208–216, 2020.
View at: Publisher Site | Google Scholar
G. Xu, Y. Cao, S. Xu et al., “A novel post-quantum blind signature for log system in blockchain,” Computer Systems Science and Engineering, vol. 41, no. 3, pp. 945–958, 2022.
View at: Publisher Site | Google Scholar
M. Blatt, A. Gusev, Y. Polyakov, and S. Goldwasser, “Secure large-scale genome-wide association studies using homomorphic encryption,” Proceedings of the National Academy of Sciences, vol. 117, no. 21, pp. 11608–11613, 2020.
View at: Publisher Site | Google Scholar
X. Liu, R. Zhang, G. Xu, X.-B. Chen, and N. N. Xiong, “Confidentially judging the relationship between an integer and an interval against malicious adversaries and its applications,” Computer Communications, vol. 180, pp. 115–125, 2021.
View at: Publisher Site | Google Scholar
L. Feng, Y. Jie, and L. Zhibin, “A secure multi-party computation protocol for universal data privacy protection based on blockchain,” Journal of Computer Research and Development, vol. 58, no. 2, p. 281, 2021.
View at: Google Scholar
D. Li, X. Liao, T. Xiang, J. Wu, and J. Le, “Privacy-preserving self-serviced medical diagnosis scheme based on secure multi-party computation,” Computers & Security, vol. 90, Article ID 101701, 2020.
View at: Publisher Site | Google Scholar
S. Parthasarathy, A. Harikrishnan, and G. Narayanan, “Secure distributed medical record storage using blockchain and emergency sharing using multi-party computation,” in Proceedings of the 2021 11th IFIP International Conference On New Technologies, Mobility And Security (NTMS), pp. 1–5, Paris, France, April 2021.
View at: Google Scholar
W. Liu, Y.-B. Wang, A.-N. Sui, and M.-Y. Ma, “Quantum protocol for millionaire problem,” International Journal of Theoretical Physics, vol. 58, no. 7, pp. 2106–2114, 2019.
View at: Publisher Site | Google Scholar
M. Hezaveh and C. Adams, “An efficient solution to the socialist millionaires’ problem,” in Proceedings of the 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE), pp. 1–4, IEEE, Windsor, Canada, April 2017.
View at: Google Scholar
S. Li and M. Zhang, “Efficient solutions to the problem of blind millionaires,” Journal of Computer Science, vol. 43, no. 9, pp. 1755–1768, 2020.
View at: Google Scholar
J. Zhang, H. Zheng, B. Ge, Y. Tang, and Q. Ye, “An efficient millionaire problem protocol and its application,” Computer Engineering, vol. 47, no. 2, pp. 168–175, 2021.
View at: Google Scholar
S. Ibrahim and A. Alharbi, “Efficient image encryption scheme using henon map, dynamic S-boxes and elliptic curve cryptography,” IEEE Access, vol. 8, pp. 194289–194302, 2020.
View at: Publisher Site | Google Scholar
F. De Rango, G. Potrino, M. Tropea, and P. Fazio, “Energy-aware dynamic internet of things security system based on elliptic curve cryptography and message queue telemetry transport protocol for mitigating replay attacks,” Pervasive and Mobile Computing, vol. 61, Article ID 101105, 2020.
View at: Publisher Site | Google Scholar
R. Qazi, K. N. Qureshi, F. Bashir, N. U. Islam, S. Iqbal, and A. Arshad, “Security protocol using elliptic curve cryptography algorithm for wireless sensor networks,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 1, pp. 547–566, 2021.
View at: Publisher Site | Google Scholar
A. De Santis, S. Micali, and G. Persiano, “Non-interactive zero-knowledge proof systems,” in Proceedings of the Conference on the Theory and Application of Cryptographic Techniques, pp. 52–72, Springer, Santa Barbara, CA, USA, August 1987.
View at: Google Scholar
S. Li, W. Wang, and R. Du, “Solutions to the millionaire problem against malicious enemies,” Chinese Science: Information Science, vol. 51, no. 1, pp. 75–88, 2021.
View at: Publisher Site | Google Scholar
B. Yang, Modern Cryptography, Tsinghua University Press, Beijing, China, pp. 124–128, 4th edition, 2017.
M. Liu, Y. Luo, P. Nanda, S. Yu, and J. Zhang, “Efficient solution to the millionaires’,” Computational Intelligence, vol. 35, no. 3, pp. 555–576, 2019.
View at: Publisher Site | Google Scholar
Z. Li, L. Chen, Z. Chen, Y. Liu, and T. Gao, “An efficient millionaire problem protocol based on 1-r coding and its application,” Acta cryptographica Sinica, vol. 6, no. 1, pp. 50–60, 2019.
View at: Google Scholar

Copyright

Copyright © 2022 Xin Liu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

382

Downloads

376

Citations