The rise of cloud computing has spurred a trend of transferring data storage and computational tasks to the cloud. To protect confidential information such as customer data and business details, it is essential to encrypt this sensitive data before cloud storage. Implementing encryption can prevent unauthorized access, data breaches, and the resultant financial loss, reputation damage, and legal issues. Moreover, to facilitate the execution of data mining algorithms on the cloud-stored data, the encryption needs to be compatible with domain computation. The $k$-nearest neighbor ($k$-NN) computation for a specific query vector is widely used in fields like location-based services. Sanyashi et al. (ICISS 2023) proposed an encryption scheme to facilitate privacy-preserving $k$-NN computation on the cloud by utilizing Asymmetric Scalar-Product-Preserving Encryption (ASPE). In this work, we identify a significant vulnerability in the aforementioned encryption scheme of Sanyashi et al. Specifically, we give an efficient algorithm and also empirically demonstrate that their encryption scheme is vulnerable to the ciphertext-only attack (COA).
翻译:云计算的兴起推动了数据存储和计算任务向云端转移的趋势。为保护客户数据和企业细节等机密信息,在云端存储前对这些敏感数据进行加密至关重要。实施加密可以防止未经授权的访问、数据泄露以及由此造成的财务损失、声誉损害和法律问题。此外,为了能够对云端存储的数据执行数据挖掘算法,加密需要与域计算兼容。针对特定查询向量的$k$-最近邻($k$-NN)计算广泛应用于基于位置的服务等领域。Sanyashi等人(ICISS 2023)提出了一种加密方案,通过利用非对称标量积保持加密(ASPE)来在云端实现隐私保护的$k$-NN计算。在本研究中,我们发现了上述Sanyashi等人加密方案中的一个重大漏洞。具体而言,我们给出了一种高效算法,并通过实验证明其加密方案容易受到唯密文攻击(COA)。