Smart contracts are becoming more and more popular in financial scenarios like medical insurance. Rather than traditional schemes, using smart contracts as a medium is a better choice for both participants, as it is fairer, more reliable, more efficient, and enables real-time payment. However, medical insurance contracts need to input the patient's condition information as the judgment logic to trigger subsequent execution. Since the blockchain is a closed network, it lacks a secure network environment for data interaction with the outside world. The Data feed aims to provide the service of the on-chain and off-chain data interaction. Existing researches on the data feed has solved the security problems on it effectively, such as Town Crier, TLS-N and they have also taken into account the privacy-preserving problems. However, these schemes cannot actually protect privacy because when the ciphertext data is executed by the contract, privacy information can still be inferred by analyzing the transaction results, since states of the contract are publicly visible. In this paper, based on zero-knowledge proof and Hawk technology, a on-and-off-chain complete smart contract data feed privacy-preserving scheme is proposed. In order to present our scheme more intuitively, we combined the medical insurance compensation case to implement it, which is called MIPDF. In our MIPDF, the patient and the insurance company are parties involved in the contract, and the hospital is the data provider of data feed. The patient's medical data is sent to the smart contract under the umbrella of the zero-knowledge proof signature scheme. The smart contract verifies the proof and calculates the insurance premium based on the judgment logic. Meanwhile, we use Hawk technology to ensure the privacy of on-chain contract execution, so that no information will be disclosed due to the result of contract execution. We give a general description of our scheme within the Universal Composability (UC) framework. We experiment and evaluate MIPDF on Ethereum for in-depth analysis. The results show that our scheme can securely and efficiently support the functions of medical insurance and achieve complete privacy-preserving.

The development of educational informatization makes data privacy particularly important in education. With society's development, the education system is complicated, and the result of education evaluation becomes more and more critical to students. The evaluation process of education must be justice and transparent. In recent years, the Onscreen Marking (OSM) system based on traditional cloud platforms has been widely used in various large-scale public examinations. However, due to the excessive concentration of power in the existing scheme, the mainstream marking process is not transparent, and there are hidden dangers of black-box operation, which will damage the fairness of the examination. In addition, issues related to data security and privacy are still considered to be severe challenges. This paper deals with the above problems by providing secure and private transactions in a distributed OSM assuming the semi-trusted examination center. We have implemented a proof-of-concept for a consortium blockchain-based OSM in a privacy-preserving and auditable manner, enabling markers to mark on the distributed ledger anonymously. We have proposed a distributed OSM system in high-level, which provides theoretical support for the fair evaluation process of education informatization. It has particular theoretical and application value for education combined with blockchain.

We have utilized single-pixel imaging and deep-learning to solve the privacy-preserving problem in gesture recognition for interactive display. Silhouette images of hand gestures were acquired by use of a display panel as an illumination. Reconstructions of gesture images have been performed by numerical experiments on single-pixel imaging by changing the number of illumination mask patterns. For the training and the image restoration with deep learning, we prepared reconstructed data with 250 and 500 illuminations as datasets. For each of the 250 and 500 illuminations, we prepared 9000 datasets in which original images and reconstructed data were paired. Of these data, 8500 data were used for training a neural network (6800 data for training and 1700 data for validation), and 500 data were used to evaluate the accuracy of image restoration. Our neural network, based on U-net, was able to restore images close to the original images even from reconstructed data with greatly reduced number of illuminations, which is 1/40 of the single-pixel imaging without deep learning. Compared restoration accuracy between cases using shadowgraph (black on white background) and negative-positive reversed images (white on black background) as silhouette image, the accuracy of the restored image was lower for negative-positive-reversed images when the number of illuminations was small. Moreover, we found that the restoration accuracy decreased in the order of rock, scissor, and paper. Shadowgraph is suitable for gesture silhouette, and it is necessary to prepare training data and construct neural networks, to avoid the restoration accuracy between gestures when further reducing the number of illuminations.

Collecting and analyzing personal data is important in modern information applications. Though the privacy of data providers should be protected, the need to track certain data providers often arises, such as tracing specific patients or adversarial users. Thus, tracking only specific persons without revealing normal users' identities is quite important for operating information systems using personal data. It is difficult to know in advance the rules for specifying the necessity of tracking since the rules are derived by the analysis of collected data. Thus, it would be useful to provide a general way that can employ any data analysis method regardless of the type of data and the nature of the rules. In this paper, we propose a privacy-preserving data analysis construction that allows an authority to detect specific users while other honest users are kept anonymous. By using the cryptographic techniques of group signatures with message-dependent opening (GS-MDO) and public key encryption with non-interactive opening (PKENO), we provide a correspondence table that links a user and data in a secure way, and we can employ any anonymization technique and data analysis method. It is particularly worth noting that no “big brother” exists, meaning that no single entity can identify users who do not provide anomaly data, while bad behaviors are always traceable. We show the result of implementing our construction. Briefly, the overhead of our construction is on the order of 10 ms for a single thread. We also confirm the efficiency of our construction by using a real-world dataset.

We propose a privacy-preserving machine learning scheme with encryption-then-compression (EtC) images, where EtC images are images encrypted by using a block-based encryption method proposed for EtC systems with JPEG compression. In this paper, a novel property of EtC images is first discussed, although EtC ones was already shown to be compressible as a property. The novel property allows us to directly apply EtC images to machine learning algorithms non-specialized for computing encrypted data. In addition, the proposed scheme is demonstrated to provide no degradation in the performance of some typical machine learning algorithms including the support vector machine algorithm with kernel trick and random forests under the use of z-score normalization. A number of facial recognition experiments with are carried out to confirm the effectiveness of the proposed scheme.

Secure multi-party computation (MPC) allows a set of parties to compute a function jointly while keeping their inputs private. MPC has been actively studied, and there are many research results both in the theoretical and practical research fields. In this paper, we introduce the basic matters on MPC and show recent practical advances. We first explain the settings, security notions, and cryptographic building blocks of MPC. Then, we show and discuss current situations on higher-level secure protocols, privacy-preserving data analysis, and frameworks/compilers for implementing MPC applications with low-cost.

We propose an image identification scheme for double-compressed encrypted JPEG images that aims to identify encrypted JPEG images that are generated from an original JPEG image. To store images without any visual sensitive information on photo sharing services, encrypted JPEG images are generated by using a block-scrambling-based encryption method that has been proposed for Encryption-then-Compression systems with JPEG compression. In addition, feature vectors robust against JPEG compression are extracted from encrypted JPEG images. The use of the image encryption and feature vectors allows us to identify encrypted images recompressed multiple times. Moreover, the proposed scheme is designed to identify images re-encrypted with different keys. The results of a simulation show that the identification performance of the scheme is high even when images are recompressed and re-encrypted.

A privacy-preserving support vector machine (SVM) computing scheme is proposed in this paper. Cloud computing has been spreading in many fields. However, the cloud computing has some serious issues for end users, such as the unauthorized use of cloud services, data leaks, and privacy being compromised. Accordingly, we consider privacy-preserving SVM computing. We focus on protecting visual information of images by using a random unitary transformation. Some properties of the protected images are discussed. The proposed scheme enables us not only to protect images, but also to have the same performance as that of unprotected images even when using typical kernel functions such as the linear kernel, radial basis function (RBF) kernel and polynomial kernel. Moreover, it can be directly carried out by using well-known SVM algorithms, without preparing any algorithms specialized for secure SVM computing. In an experiment, the proposed scheme is applied to a face-based authentication algorithm with SVM classifiers to confirm the effectiveness.

Location sharing services have recently gained momentum over mobile online social networks (mOSNs), seeing the increasing popularity of GPS-capable mobile devices such as smart phones. Despite the convenience brought by location sharing, there comes severe privacy risks. Though many efforts have been made to protect user privacy during location sharing, many of them rely on the extensive deployment of trusted Cellular Towers (CTs) and some incur excessive time overhead. More importantly, little research so far can support complete privacy including location privacy, identity privacy and social relation privacy. We propose SAM, a new System Architecture for mOSNs, and P3S, a Privacy-Preserving Protocol based on SAM, to address the above issues for privacy-preserving location sharing over mOSNs. SAM and P3S differ from previous work in providing complete privacy for location sharing services over mOSNs. Theoretical analysis and extensive experimental results demonstrate the feasibility and efficiency of the proposed system and protocol.

Both placing responsibility of message sending on every IoT object and obfuscating the object's location from other objects are essential to realize a secure and privacy-preserved communication service. Two or more short-lived link identifiers (or pseudonyms) authorized by a trustable authority are often used in related studies, instead of a persistent or long-term use link identifier (i.e. vendor assigned MAC address). However, related studies have limitations in terms of frequently changing pseudonyms to enhance location privacy because the cryptographic algorithms used in them fixedly couple object's identifiers with its security keys. To overcome those limitations, we present a new pseudonym and key management scheme that enables dynamic coupling of pseudonym and key pairs without incurring any adverse impacts. Furthermore, we propose two lightweight pseudonym allocation protocols to effectively reduce the volume of message carrying the allocation parameters. Through qualitative analyses, we verify that the proposed scheme is more scalable than related approaches as it can efficiently allocate enough number of pseudonym/key pairs by reducing the control message overhead by more than 90%.

This paper proposes a novel secure biometric authentication scheme. The scheme deals with fingerprint minutiae as the biometric feature and the matching is checked by a widely used technique. To discuss security, we formalize the model of secure biometric authentication scheme by abstracting the related and proposed schemes. The schemes which satisfy all the proposed security requirements are guaranteed to prevent leakage of biometric information and impersonation. In particular, the definition captures well-known and practical attacks including replay attacks and hill-climbing attacks. We prove that the proposed scheme achieves all the requirements if the additive homomorphic encryption scheme used in the scheme satisfies some additional properties. As far as we know, the proposed scheme is the first one that satisfies all the requirements. Also, we show that modified Elgamal cryptosystem satisfies all the properties under the decisional Diffie-Hellman assumption.

PPDP (Privacy-Preserving Data Publishing) is technology that discloses personal information while protecting individual privacy. k-anonymity is a privacy model that should be achieved in PPDP. However, k-anonymity does not guarantee privacy against adversaries who have knowledge of even a few uncommon individuals in a population. In this paper, we propose a new model, called k-presence-secrecy, that prevents such adversaries from inferring whether an arbitrary individual is included in a personal data table. We also propose an algorithm that satisfies the model. k-presence-secrecy is a practical model because an algorithm that satisfies it requires only a PPDP target table as personal information, whereas previous models require a PPDP target table and almost all the background knowledge of adversaries. Our experiments show that, whereas an algorithm satisfying only k-anonymity cannot protect privacy, even against adversaries who have knowledge for one uncommon individual in a population, our algorithm can do so with less information loss and shorter execution time.

With the popularization of Internet of things (IoT), the interaction between human and IoT has become a daily life. In this interaction, the objects of IoT usually require access to personal data, which are often sensitive. We propose a lightweight privacy-preserving model based on the trust evaluation that it can effectively protect privacy based on simple threshold detection. The key issue we address in this work is how to construct trust model so that non trusted objects were prevented from accessing private data. This work can be considered as a lightweight approach to access control for privacy-preservation. The main algorithm in the proposed model is a kind of dynamic self-adjusting trust evaluation mechanism that uses a combination of interaction information occurs between the human and the Internet of things, between the human and the human. According to the given threshold, the trust model can determine the data level of object access in the IoT. We have implemented a prototype of the proposed scheme, thereby demonstrating the feasibility of the proposed scheme on resource-constrained devices.

In a previous work [1], Wang et al. proposed a privacy-preserving outsourcing scheme for biometric identification in cloud computing, namely CloudBI. The author claimed that it can resist against various known attacks. However, there exist serious security flaws in their scheme, and it can be completely broken through a small number of constructed identification requests. In this letter, we modify the encryption scheme and propose an improved version of the privacy-preserving biometric identification design which can resist such attack and can provide a much higher level of security.

This paper propose a novel method for obtaining statistical results such as averages, variances, and correlations without leaking any raw data values from data-holders by using multiple pseudonyms. At present, to obtain statistical results using a large amount of data, we need to collect all data in the same storage device. However, gathering real-world data that were generated by different people is not easy because they often contain private information. The authors split the roles of servers into publishing pseudonyms and collecting answers. Splitting these roles, different entities can more easily join as pseudonym servers than in previous secure multi-party computation methods and there is less chance of collusion between servers. Thus, our method enables data holders to protect themselves against malicious attacks from data users. We also estimated a typical problem that occurred with our method and added a pseudonym availability confirmation protocol to prevent the problem. We report our evaluation of the effectiveness of our method through implementation and experimentation and discuss how we incorporated the WebSocket protocol and MySQL Memoty Storage Engine to remove the bottleneck and improve the implementation style. Finally, we explain how our method can obtain averages, variances, and correlation from 5000 data holders within 50 seconds.

A decentralized secure protocol for casting trust rating in reputation systems (StR protocol) is lately proposed by Dimitriou and Michalas, and the StR protocol is verified to be faster than the previous work providing anonymous feedback. In this letter, we present new enhanced scheme of StR. Compared with StR protocol, our new approach attains the exactly same security, but requires less processing time and about half communication overheads. Therefore, we improve the performance without sacrificing any security, especially the communication delay is dramatically reduced.

In the Cloud computing era, users could have their data outsourced to cloud service provider (CSP) to enjoy on-demand high quality service. On the behalf of the user, a third party auditor (TPA) which could verify the real data possession on CSP is critically important. The central challenge is to build efficient and provably secure data verification scheme while ensuring that no users' privacy is leaked to any unauthorized party, including TPA. In this paper, we propose the first identity-based public verification scheme, based on the identity-based aggregate signature (IBAS). In particular, by minimizing information that verification messages carry and TPA obtains or stores, we could simplify key management and greatly reduce the overheads of communication and computation. Unlike the existing works based on certificates, in our scheme, only a private key generator (PKG) has a traditional public key while the user just keeps its identity without binding with certificate. Meanwhile, we utilize privacy-preserving technology to keep users' private data off TPA. We also extend our scheme with the support of batch verification task to enable TPA to perform public audits among different users simultaneously. Our scheme is provably secure in the random oracle model under the hardness of computational Diffie-Hellman assumption over pairing-friendly groups and Discrete Logarithm assumption.

In the Naive Bayes classification problem using a vertically partitioned dataset, the conventional scheme to preserve privacy of each partition uses a secure scalar product and is based on the assumption that the data is synchronized amongst common unique identities. In this paper, we attempt to discard this assumption in order to develop a more efficient and secure scheme to perform classification with minimal disclosure of private data. Our proposed scheme is based on the work by Vaidya and Clifton [2], which uses commutative encryption to perform secure set intersection so that the parties with access to the individual partitions have no knowledge of the intersection. The evaluations presented in this paper are based on experimental results, which show that our proposed protocol scales well with large sparse datasets*.

We present a privacy preserving method based on inserting dummy data into original data on the data structure called Zero-suppressed BDDs (ZDDs). Our task is distributed itemset mining, which is frequent itemset mining from horizontally partitioned databases stored in distributed places called sites. We focus on the fundamental case in which there are two sites and each site has a database managed by its owner. By dividing the process of distributed itemset mining into the set union and the set intersection, we show how to make the operations secure in the sense of undistinguishability of data, which is our criterion for privacy preserving based on the already proposed criterion, p-indistinguishability. Our method conceals the original data in each operation by inserting dummy data, where ZDDs, BDD-based directed acyclic graphs, are adopted to represent sets of itemsets compactly and to implement the set operations in constructing the distributed itemset mining process. As far as we know, this is the first technique which gives a concrete representation of sets of itemsets and an implementation of set operations for privacy preserving in distributed itemset mining. Our experiments show that the proposed method provides undistinguishability of dummy data. Furthermore, we compare our method with Secure Multiparty Computation (SMC), which is one of the well-known techniques of secure computation.

Secure computation of the set intersection functionality allows n parties to find the intersection between their datasets without revealing anything else about them. An efficient protocol for such a task could have multiple potential applications in commerce, health care, and security. However, all currently known secure set intersection protocols for n > 2 parties have computational costs that are quadratic in the (maximum) number of entries in the dataset contributed by each party, making secure computation of the set intersection only practical for small datasets. In this paper, we describe the first multi-party protocol for securely computing the set intersection functionality with both the communication and the computation costs that are quasi-linear in the size of the datasets. For a fixed security parameter, our protocols require O(n2k) bits of communication and Õ(n2k) group multiplications per player in the malicious adversary setting, where k is the size of each dataset. Our protocol follows the basic idea of the protocol proposed by Kissner and Song, but we gain efficiency by using different representations of the polynomials associated with users' datasets and careful employment of algorithms that interpolate or evaluate polynomials on multiple points more efficiently. Moreover, the proposed protocol is robust. This means that the protocol outputs the desired result even if some corrupted players leave during the execution of the protocol.