Secure outsourced computation (SOC) provides secure computing services by taking advantage of the computation power of cloud computing and the technology of privacy computing (e.g., homomorphic encryption). Expanding computational operations on encrypted data (e.g., enabling complex calculations directly over ciphertexts) and broadening the applicability of SOC across diverse use cases remain critical yet challenging research topics in the field. Nevertheless, previous SOC solutions frequently lack the computational efficiency and adaptability required to fully meet evolving demands. To this end, in this paper, we propose a toolkit for TEE-assisted (Trusted Execution Environment) SOC over integers, named TRUST. In terms of system architecture, TRUST falls in a single TEE-equipped cloud server only through seamlessly integrating the computation of REE (Rich Execution Environment) and TEE. In consideration of TEE being difficult to permanently store data and being vulnerable to attacks, we introduce a (2, 2)-threshold homomorphic cryptosystem to fit the hybrid computation between REE and TEE. Additionally, we carefully design a suite of SOC protocols supporting unary, binary and ternary operations. To achieve applications, we present \texttt{SEAT}, secure data trading based on TRUST. Security analysis demonstrates that TRUST enables SOC, avoids collusion attacks among multiple cloud servers, and mitigates potential secret leakage risks within TEE (e.g., from side-channel attacks). Experimental evaluations indicate that TRUST outperforms the state-of-the-art and requires no alignment of data as well as any network communications. Furthermore, \texttt{SEAT} is as effective as the \texttt{Baseline} without any data protection.

翻译：安全外包计算（SOC）通过利用云计算的计算能力与隐私计算技术（如同态加密）提供安全计算服务。扩展加密数据上的计算操作（例如，直接在密文上执行复杂计算）以及拓宽SOC在不同应用场景中的适用性，仍然是该领域关键且具有挑战性的研究课题。然而，现有的SOC解决方案往往缺乏充分满足不断演进需求所需的计算效率与适应性。为此，本文提出一个面向整数的TEE（可信执行环境）辅助SOC工具包，命名为TRUST。在系统架构层面，TRUST仅需单一配备TEE的云服务器，通过无缝整合REE（富执行环境）与TEE的计算实现。考虑到TEE难以永久存储数据且易受攻击，我们引入一种(2, 2)-门限同态密码系统以适应REE与TEE间的混合计算。此外，我们精心设计了一套支持一元、二元及三元运算的SOC协议。为实现应用落地，我们基于TRUST提出了安全数据交易系统\texttt{SEAT}。安全分析表明，TRUST能够实现SOC，避免多云服务器间的合谋攻击，并缓解TEE内部潜在的秘密泄露风险（例如来自侧信道攻击）。实验评估显示，TRUST性能优于现有最优方案，且无需数据对齐及任何网络通信。此外，\texttt{SEAT}在无需任何数据保护的情况下，其效果与无保护的\texttt{Baseline}方案相当。