An Efficient Technique for Protecting Location Privacy of Cooperative Spectrum Sensing Users

An Efficient Technique for Protecting Location Privacy of Cooperative Spectrum Sensing Users

Mohamed Grissa, Attila Yavuz, and Bechir Hamdaoui
Oregon State University, grissam,yavuza,
©2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Cooperative spectrum sensing, despite its effectiveness in enabling dynamic spectrum access, suffers from location privacy threats, merely because secondary users (s)’ sensing reports that need to be shared with a fusion center to make spectrum availability decisions are highly correlated to the users’ locations. It is therefore important that cooperative spectrum sensing schemes be empowered with privacy preserving capabilities so as to provide s with incentives for participating in the sensing task. In this paper, we propose an efficient privacy preserving protocol that uses an additional architectural entity and makes use of various cryptographic mechanisms to preserve the location privacy of s while performing reliable and efficient spectrum sensing. We show that not only is our proposed scheme secure and more efficient than existing alternatives, but also achieves fault tolerance and is robust against sporadic network topological changes.

Location privacy, secure cooperative spectrum sensing, order preserving encryption, cognitive radio networks.

Digital Object Identifier 10.1109/INFCOMW.2016.7562209

I Introduction

Cooperative spectrum sensing is a key component of cognitive radio networks (s) essential for enabling dynamic and opportunistic spectrum access [1]. It consists of having secondary users (s) sense the licensed channels on a regular basis and collaboratively decide whether a channel is available prior to using it so as to avoid harming primary users (s). One of the most popular spectrum sensing techniques is energy detection, thanks to its simplicity and ease of implementation, which essentially detects the presence of  signal by measuring and relying on the energy strength of the sensed signal, commonly known as the received signal strength ([2].

Broadly speaking, cooperative spectrum sensing techniques can be classified into two categories: Centralized and distributed [1]. In centralized techniques, a central entity called fusion center () orchestrates the sensing operations as follows. It selects one channel for sensing and, through a control channel, requests that each  perform local sensing on that channel and send its sensing report (e.g., the observed  value) back it to. It then combines the received sensing reports, makes a decision about the channel availability, and diffuses the decision back to the s. In distributed sensing techniques, s do not rely on a  for making channel availability decisions. They instead exchange sensing information among one another to come to a unified decision [1]. This requirement makes distributed sensing techniques highly complex with respect to their centralized counterparts. Hence, centralized sensing techniques are considered more practical for real-life applications.

Despite its usefulness and effectiveness in promoting dynamic spectrum access, cooperative spectrum sensing suffers from serious security and privacy threats. One big threat to s, which we tackle in this work, is location privacy, which can easily be leaked due to the wireless nature of the signals communicated by s during the cooperative sensing process. In fact, it has been shown that  values of s are highly correlated to their physical locations [3], thus making it easy to compromise the location privacy of s when sending out their sensing reports. The fine-grained location, when combined with other publicly available information, could easily be exploited to infer private information about users [4]. Examples of such private information are shopping patterns, user preferences, and user beliefs, just to name a few [4]. With such privacy threats and concerns, s may refuse to participate in the cooperative sensing tasks. It is therefore imperative that cooperative sensing schemes be enabled with privacy preserving capabilities that protect the location privacy of s, thereby encouraging them to participate in such a key function, the spectrum sensing.

In this paper, we propose an efficient privacy-preserving scheme for cooperative spectrum sensing that exploits various cryptographic mechanisms to preserve the location privacy of s while performing the cooperative sensing task reliably and efficiently. We show that our proposed scheme is secure and more efficient than its existing counterparts, and is robust against sporadic topological changes and network dynamism.

I-a Related Work

Security and privacy in s have gained some attention recently. Yan et al. [5] discussed security issues in fully distributed cooperative sensing. Qin et al.[6] proposed a privacy-preserving protocol for  transactions using a commitment scheme and zero-knowledge proof.

Location privacy, though well studied in the context of location-based services (LBS) [7, 8], has received little attention in the context of [9, 10, 3]. Some works focused on location privacy but not in the context of cooperative spectrum sensing (e.g., database-driven spectrum sensing [9, 11] and dynamic spectrum auction [10]) and are skipped since they are not within this paper’s scope.

In the context of cooperative spectrum sensing, Shuai et al. [3] showed that s’ locations can easily be inferred from their  reports, and called this the SRLP (single report location privacy) attack. They also identified the DLP (differential location privacy) attack, where a malicious entity can estimate the  (and hence the location) of a leaving/joining user from the variations in the final aggregated  measurements before and after user’s joining/leaving of the network. They finally proposed , a protocol for cooperative spectrum sensing, to address these two attacks. Despite its merits,  has several limitations: (i) It needs to collect all the sensing reports to decode the aggregated result. This is not fault tolerant, since some reports may be missing due, for e.g., to the unreliable nature of wireless channels. (ii) It cannot handle dynamism if multiple users join or leave the network simultaneously. (iii) The pairwise secret sharing requirement incurs extra communication overhead and delay. (iv) The underlying encryption scheme requires solving the Discrete Logarithm Problem[12], which is possible only for very small plaintext space and can be extremely costly (see Table I). Chen et al. [13] proposed , a fault-tolerant and privacy-preserving data aggregation scheme for smart grid communications. , though proposed in the context of smart grids, is suitable for cooperative sensing schemes. But unlike ,  relies on an additional semi-trusted entity, called gateway, and like other aggregation based methods, is prone to the DLP attack. In our previous work [14] we proposed an efficient scheme called  to overcome the limitations that existent approaches suffer from.  combines order preserving encryption and yao’s millionaire protocol to provide a high location privacy while enabling an efficient sensing performance.

I-B Our Contribution

In this paper, we propose a new location privacy-preserving scheme that we call LP-3PSS (location privacy for 3-party spectrum sensing architecture), which harnesses various cryptographic primitives (e.g., order preserving encryption) in innovative ways along with an additional architectural entity (i.e., a gateway) to achieve high location privacy with a low overhead. That is, our proposed LP-3PSS scheme offers the following desirable properties:

  • Location privacy of secondary users while performing the cooperative spectrum sensing effectively and reliably.

  • Fault tolerance and robustness against network dynamism (e.g., multiple s join/leave the network) and failures (e.g., missed sensing reports).

  • Reliability and resiliency against malicious users via an efficient reputation mechanism.

  • Accurate spectrum availability decisions via half-voting rules while incurring minimum communication and computation overhead.

Note that for simplicity we use energy detection through  measurement for spectrum sensing in our scheme. However, our scheme can be applied with any other spectrum detection technique whose sensing reports may leak information about the location of the users.

Ii Preliminaries

We consider a cooperative spectrum sensing architecture that consists of a  and a set of s, where each  is assumed to be capable of measuring  on any channel by means of an energy detection method [2]. In this cooperative sensing architecture, the  combines the sensing observations collected from the s, decides about the spectrum availability, and broadcasts the decision back to the s through a control channel. This could typically be done via either hard or soft decision rules. The most common soft decision rule is aggregation, where  collects the  values from the s and compares their average to a predefined threshold, , to decide on the channel availability.

In hard decision rules, e.g. voting,  combines votes instead of  values. Here, each  compares its  value with , makes a local decision (available or not), and then sends to the  its one-bit local decision/vote instead of sending its  value.  applies then a voting rule on the collected votes to make a channel availability decision. However, for security reasons to be discussed shortly, it may not be desirable to share  with s. In this case,  can instead collect the  values from the s, make a vote for each  separately, and then combine all votes to decide about the availability of the channel.

In this work, we opted for the voting-based decision rule, with  is not to be shared with the s, over the aggregation-based rule. There are two reasons for choosing voting-based decision rule over the aggregation-based decision rule: (i) Aggregation methods are more prone to sensing errors; for example, receiving some erroneous measurements that are far off from the average of the  values can skew the computed  average, thus leading to wrong decision. (ii) Voting does not expose users to the DLP attack [3] (which is identified earlier in Section I-A). We chose not to share  with the s because doing so limits the action scope of malicious users that may want to report falsified  values for malicious and/or selfish purposes.

In this paper we investigate a 3-party cooperative sensing architecture, where a third entity, called gateway (), is incorporated along with the  and s to cooperate with them in performing the sensing task. As will be shown later, this additional gateway allows to achieve higher privacy and lesser computational overhead, but of course at its cost.

Ii-a Security Threat Model and Objectives

We consider a semi-honest threat model, where all the network parties (i.e., s, , and ) are assumed to be honest but curious in that they execute the protocol honestly but show interest in learning information about the other parties. This means that none of these entities is trusted. More specifically, we make the following assumptions:

Security Assumption 1.

No party in the system modifies maliciously (or nonmaliciously) the integrity of its input. That is, (i)  does not maliciously inject false ; and (ii) the s do not maliciously change their  values.

Security Assumption 2.

No party in the system colludes with any of the other parties. That is, (i)  does not collude with s; (ii) s do not collude with one another; and (iii)  does not collude with s or .

As mentioned before,  values are shown to be highly correlated to the s’ locations [3]. Therefore, if the confidentiality of the  values is not protected, then nor is the location privacy of the s. With this in mind, the security objectives of the proposed schemes are then:

Security Objective 1.

Keep the  value of each  confidential to the  only by hiding it from all other parties. This should hold during all sensing periods and for any network membership change.

Also, since s may rely on the threshold  to maliciously manipulate their s, our second objective is then to:

Security Objective 2.

Keep  confidential to the  only by hiding it from all other parties. This should hold during all sensing periods and for any network membership change.

Ii-B Half-Voting Availability Decision Rule

Our proposed scheme uses the half-voting decision rule, shown to be optimal in [15], and for completeness, we here highlight its main idea. Details can be found in [15].

Let and be the spectrum sensing hypothesis that  is absent and present, respectively. Let , and denote the probabilities of false alarm, detection, and missed detection, respectively, of one ; i.e., , , and .  collects the 1-bit decision from each   and fuses them together according to the following fusion rule [15]:


Note that  infers that  is present when at least  s are inferring . Otherwise,  decides that  is absent, i.e. . Note here that the OR fusion rule corresponds to the case where and the AND fusion rule corresponds to the case where . The cooperative spectrum sensing false alarm probability, , and missed detection probability, , are: and . Letting be the number of s, the optimal value of  that minimizes is , where and denotes the ceiling function. For simplicity, is denoted as throughout this paper.

Ii-C Reputation Mechanism

To make the voting rule more reliable, we incorporate a reputation mechanism that allows  to progressively eliminate faulty and malicious s. It does so by updating and maintaining a reputation score for each  to reflect the level of reliability the  has. Our proposed schemes incorporate the Beta Reputation mechanism, proposed and shown to be robust by Arshad et al. [16]. For completeness, we highlight its key features next; more details can be found in [16].

At the end of each sensing period ,  obtains a decision vector, with , where (resp. ) means that the spectrum is reported to be free (resp. busy) by  .  then makes a global decision using the fusion rule as follows:


where is the weight vector calculated by  based on the credibility score of each user, as will be shown shortly, and is the voting threshold determined by the Half-voting rule [15], as presented in Section II-B.

For each  ,  maintains positive and negative rating coefficients, and , that are updated every sensing period as: and , where and are calculated as

Here, (resp. ) reflects the number of times ’s observation, , agrees (resp. disagrees) with the ’s global decision, (t).

 computes then ’s credibility score, (t), and contribution weight, (t), at sensing period as:


Ii-D Cryptographic Building Blocks

Our scheme uses a well known cryptographic building block, which we define next before using it in the next section when describing our scheme so as to ease the presentation.

Definition 1.

Order Preserving Encryption : is a deterministic symmetric encryption scheme whose encryption preserves the numerical ordering of the plaintexts, i.e. for any two messages and , we have [17], with is order preserving encryption of a message under key , where is the block size of .

Note that communications are made over a secure (authenticated) channel maintained with a symmetric key (e.g., via SSL/TLS as in Algorithm 1) to ensure confidentiality and authentication. For the sake of brevity, we will only write encryptions but not the authentication tags (e.g., Message Authentication Codes [18]) for the rest of the paper.

Iii Lp-3pss

We now present our proposed scheme that we call LP-3PSS (location privacy for 3-party spectrum sensing architecture), which offers high location privacy and low overhead, and uses an additional entity in the network, referred to as Gateway () (thus ”3P” refers to the 3 parties: s, , and ).  enables a higher privacy by preventing  from even learning the order of encrypted  values of s which was allowed in  [14].  also learns nothing but secure comparison outcome of  values and , as in  but only using . Thus, no entity learns any information on  or  beyond a pairwise secure comparison, which is the minimum information required for a voting-based decision.

Intuition: The main idea behind LP-3PSS is simple yet very powerful: We enable  to privately compare  distinct  encryptions of  and  values, which were computed under  pairwise keys established between  and s. These  encrypted pairs permit  to learn the comparison outcomes without deducing any other information.  then sends these comparison results to  to make the final decision.  learns no information on  values and s cannot obtain the value of , which complies with our Security Objectives 1 and 2. Note that LP-3PSS relies only on symmetric cryptography to guarantee the location privacy of s. Hence, it is the most computationally efficient and compact scheme among all alternatives (see Section V), but with an additional entity in the system.

LP-3PSS is described in Algorithm 1 and outlined below.

1:Initialization: Executed only once.
2: sets energy sensing, optimal voting thresholds , , and weights vector , respectively.
3:Entities establish private pairwise keys and maintain authenticated secure channels (e.g., via SSL/TLS) as follows:
4:  between  and each user , .
5:  between  and each user , .
6:  between  and .
7: computes , and sends to .        
8:Private Sensing: Executed every sensing period
9: computes , and sends to .
10: obtains and , .
11:for  do
12:     if  then
13:     else      
14: computes and sends to .
15: decrypts and computes
16:if  then Channel busy
17:else Channel free
18: updates the credibility score and weight of each user as in equations 3 and 4 for return        
19:Update after Membership Changes or Breakdown:
20:If a user joins the network, it needs to establish a pairwise secret key with  and . If (s) join/leave or breakdown,  is updated as ’.
21:Follow the private sensing steps with new ’.
Algorithm 1 LP-3PSS Algorithm

 Initialization: Let be IND-CPA secure [18] block cipher (e.g. ) encryption/decryption operations.  establishes a secret key with each  and .  establishes a secret key with each .  encrypts  with  using , .  then encrypts  ciphertexts with  using and sends these s to , . Since these encryptions are done offline at the beginning of the protocol, they do not impact the online private sensing phase.  may also pre-compute a few extra encrypted values in the case of new users joining the sensing.

 Private Sensing: Each  encrypts with  using , which was used by  to  encrypt  value. then encrypts this ciphertext with  using key , and sends the final ciphertext to .  decrypts ciphertexts s and s with  using and , which yields  encrypted values.  then compares each  encryption of  with its corresponding  encryption of . Since both were encrypted with the same key,  can compare them and conclude which one is greater as in Step 12.  stores the outcome of each comparison in a binary vector , encrpyts and sends it to . Finally,  compares the summation of votes  to the optimal voting threshold  to make the final decision about spectrum availability and updates the reputation scores of the users.

 Update after Membership Changes or Breakdown: Each new user joining the sensing just establishes a pairwise secret key with  and . This has no impact on existing users. If some users leave the network,  and  remove their secret keys, which also has no impact on existing users. In both cases, and also in the case of a breakdown or failure,  must be updated accordingly.

Iv Security Analysis

Scheme Computation
TABLE I: Computational overhead comparison

We first describe the underlying security primitives, on which our schemes rely, and then precisely quantify the information leakage of our schemes, which we prove to achieve our Security Objectives 1 and 2.

Fact 1.

An  is indistinguishable under ordered chosen-plaintext attack (IND-OCPA) [17] if it has no leakage, except the order of ciphertexts (e.g. [20, 21]).

Let  and  be IND-CPA secure [18] and IND-OCPA secure symmetric ciphers, respectively. are  values and  of each and  for sensing periods in a group . are history lists, which include all values learned by entities ,  and , respectively, during the execution of the protocol for all sensing periods and membership status of . Vector  is a list of IND-CPA secure values transmitted over secure (authenticated) channels.  may be publicly observed by all entities including external attacker . Hence,  is a part of all lists . Values (jointly) generated by an entity such as cryptographic keys or variables stored only by the entity itself (e.g., , ) are not included in history lists for brevity.

Theorem 1.

Under Security Assumptions 1 and 2, LP-3PSS leaks no information on beyond IND-CPA secure , IND-OCPA secure pairwise order to  and to .

Proof: , where and are generated at the initialization and privacy sensing in Algorithm 1, respectively. History lists are as follows for each sensing period :

Variables in are IND-CPA secure and IND-OCPA secure, and therefore leak no information beyond the pairwise order of ciphertexts to  by Fact 1.

Any membership status update on requires an authenticated channel establishment or removal for joining or leaving members, whose private keys are independent from each other. Hence, history lists are computed identically as described above for the new membership status of , which are IND-CPA secure and IND-OCPA secure.

Corollary 1.

Theorem 1 guarantees that in our scheme, RSS values and  are IND-OCPA secure for all sensing periods and membership changes. Hence, our scheme achieves Objectives 1 and 2 as required.

V Performance Evaluation

We now evaluate our proposed scheme, LP-3PSS, by comparing it to existent approaches that we briefly explain below.

V-a Existing Approaches

 [3] uses secret sharing and the Privacy Preserving Aggregation (PPA) process proposed in [23] to hide the content of specific sensing reports and uses dummy report injections to cope with the DLP attack.  [14] also uses  but in a completely different way than how we use it in this paper. Users  encrypt their  values, send them to  which, based on the order of the encrypted s, performs at worst a logarithmic number of yao’s millionaires secure comparisons [24] between  and s and then makes a final decision about spectrum availability.  [13] combines Paillier cryptosystem [25] with Shamir’s secret sharing [26], where a set of smart meters sense the consumption of different households, encrypt their reports using Paillier, then send them to a gateway. The gateway multiplies these reports and forwards the result to the control center, which selects a number of servers (among all servers) to cooperate in order to decrypt the aggregated result.  requires a dedicated gateway, just like LP-3PSS, to collect the encrypted data, and a minimum number of working servers in the control center to decrypt the aggregated result.

V-B Performance Analysis and Comparison

We focus on communication and computational overheads. We consider the overhead incurred during the sensing operations but not that related to system initialization (e.g. key establishment), where most of the computation and communication is done offline. We model the membership change events in the network as a random process  that takes on 0 and 1, and whose average is . means that no change occurred in the network and means that some users left/joined the sensing task. Let (t) be a function that models the average number of users that join the sensing at the current sensing period , where

The execution times of the different primitives and protocols were measured on a laptop running Ubuntu 14.10 with 8GB of RAM and a core M 1.3 GHz Intel processor, with cryptographic libraries MIRACL [27], Crypto++ [28] and Louismullie’s Ruby implementation of  [29].

Computational Overhead: Table I provides an analytical computational overhead comparison including the details of variables, parameters and the overhead of building blocks.

In LP-3PSS,  requires only a small constant number of operations. An  requires one  and  encryptions of its . Finally,  requires one  operation per user and one  of vector . All computations in LP-3PSS rely on only symmetric cryptography, which makes it the most computationally efficient scheme among all alternatives.

For illustration purpose, we plot in Fig. 1(a) the system end-to-end computational overhead of the different schemes. Fig. 1(a) shows that LP-3PSS is several order of magnitudes faster than the other schemes including , that we proposed in a previous work, for any number of users.

Scheme Communication
TABLE II: Communication overhead comparison
(a) Computational overhead
(b) Communication overhead
Fig. 1: Performance compariosn, , ,

Communication Overhead: Table II provides the analytical communication overhead comparison. LP-3PSS requires (+1)  ciphertexts and single , which are significantly smaller than the ciphertexts transmitted in the other schemes.

We further compare our scheme with its counterparts in terms of communication overhead in Fig. 1(b). Fig. 1(b) shows that LP-3PSS has the smallest communication overhead since, again, it relies on symmetric cryptography only.  and  have a very high communication overhead due to the use of expensive public key encryptions (e.g., Pailler [25]).

Overall, our performance analysis indicates that LP-3PSS is significantly more efficient than all other counterpart schemes in terms of computation and communication overhead, even for increased values of the security parameters, but with the cost of including an additional entity.

Vi Conclusion

We developed an efficient scheme for cooperative spectrum sensing that protects the location privacy of s with a low cryptographic overhead while guaranteeing an efficient spectrum sensing. Our scheme is secure and robust against users dynamism, failures, and user maliciousness. Our performance analysis indicates that our scheme outperforms existing alternatives in various metrics.


This work was supported in part by the US National Science Foundation under NSF award CNS-1162296.


  • [1] I. F. Akyildiz, B. F. Lo, and R. Balakrishnan, “Cooperative spectrum sensing in cognitive radio networks: A survey,” Physical Communication, vol. 4, pp. 40–62, 2011.
  • [2] O. Fatemieh, A. Farhadi, R. Chandra, and C. A. Gunter, “Using classification to protect the integrity of spectrum measurements in white space networks.” in NDSS, 2011.
  • [3] S. Li, H. Zhu, Z. Gao, X. Guan, K. Xing, and X. Shen, “Location privacy preservation in collaborative spectrum sensing,” in INFOCOM, 2012 Proceedings IEEE.    IEEE, 2012, pp. 729–737.
  • [4] S. B. Wicker, “The loss of location privacy in the cellular age,” Communications of the ACM, vol. 55, no. 8, pp. 60–68, 2012.
  • [5] Q. Yan, M. Li, T. Jiang, W. Lou, and Y. Hou, “Vulnerability and protection for distributed consensus-based spectrum sensing in cognitive radio networks,” in INFOCOM, 2012 Proc. IEEE, March 2012.
  • [6] Z. Qin, S. Yi, Q. Li, and D. Zamkov, “Preserving secondary users’ privacy in cognitive radio networks,” in INFOCOM, 2014 Proceedings.
  • [7] D. Yang, X. Fang, and G. Xue, “Truthful incentive mechanisms for k-anonymity location privacy,” in INFOCOM, 2013 Proceedings IEEE.
  • [8] X. Zhao, L. Li, and G. Xue, “Checking in without worries: Location privacy in location based social networks,” in INFOCOM, 2013 Proceedings IEEE, April 2013, pp. 3003–3011.
  • [9] Z. Gao, H. Zhu, Y. Liu, M. Li, and Z. Cao, “Location privacy in database-driven cognitive radio networks: Attacks and countermeasures,” in INFOCOM, 2013 Proceedings IEEE.    IEEE, 2013, pp. 2751–2759.
  • [10] S. Liu, H. Zhu, R. Du, C. Chen, and X. Guan, “Location privacy preserving dynamic spectrum auction in cognitive radio network,” in Distributed Computing Systems (ICDCS), 2013 IEEE 33rd International Conference on.    IEEE, 2013, pp. 256–265.
  • [11] M. Grissa, A. A. Yavuz, and B. Hamdaoui, “Cuckoo filter-based location-privacy preservation in database-driven cognitive radio networks,” in Computer Networks and Information Security (WSCNIS), 2015 World Symposium on.    IEEE, 2015, pp. 1–7.
  • [12] K. S. McCurley, “The discrete logarithm problem,” in Proc. of Symp. in Applied Math, vol. 42, 1990, pp. 49–74.
  • [13] L. Chen, R. Lu, and Z. Cao, “PDAFT: A privacy-preserving data aggregation scheme with fault tolerance for smart grid communications,” Peer-to-Peer Networking and Applications, pp. 1–11, 2014.
  • [14] M. Grissa, A. A. Yavuz, and B. Hamdaoui, “Lpos: Location privacy for optimal sensing in cognitive radio networks,” in Global Communications Conference (GLOBECOM), 2015 IEEE.    IEEE, 2015.
  • [15] W. Zhang, R. K. Mallik, and K. Letaief, “Cooperative spectrum sensing optimization in cognitive radio networks,” in Communications, 2008. ICC’08. IEEE International Conf. on.    IEEE, 2008, pp. 3411–3415.
  • [16] K. Arshad and K. Moessner, “Robust collaborative spectrum sensing based on beta reputation system,” in Future Network & Mobile Summit (FutureNetw), 2011.    IEEE, 2011, pp. 1–8.
  • [17] A. Boldyreva, N. Chenette, Y. Lee, and A. O´neill, “Order-preserving symmetric encryption,” in Advances in Cryptology-EUROCRYPT 2009.
  • [18] J. Katz and Y. Lindell, Introduction to Modern Cryptography.    Chapman & Hall/CRC, 2007.
  • [19] “Cryptographic key length recommendation,”
  • [20] R. A. Popa, F. H. Li, and N. Zeldovich, “An ideal-security protocol for order-preserving encoding,” in Security and Privacy (SP), IEEE Symposium on.    IEEE, 2013, pp. 463–477.
  • [21] F. Kerschbaum and A. Schroepfer, “Optimal average-complexity ideal-security order-preserving encryption,” in Proc. of the SIGSAC Conf. on Computer and Comm. Security.    ACM, 2014, pp. 275–286.
  • [22] J. Daemen and V. Rijmen, “Aes proposal: Rijndael,” 1999.
  • [23] E. Shi, T.-H. H. Chan, E. G. Rieffel, R. Chow, and D. Song, “Privacy-preserving aggregation of time-series data.” in NDSS, vol. 2, no. 3, 2011.
  • [24] H.-Y. Lin and W.-G. Tzeng, “An efficient solution to the millionaires’ problem based on homomorphic encryption,” in Applied Cryptography and Network Security.    Springer, 2005, pp. 456–466.
  • [25] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in Advances in cryptology-EUROCRYPT’99, 1999.
  • [26] A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612–613, 1979.
  • [27] “Miracl library,”
  • [28] “Crypto++ library,”
  • [29] “Ruby ope implementation,”
Comments 0
Request Comment
You are adding the first comment!
How to quickly get a good reply:
  • Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
  • Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
  • Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters
Add comment
Loading ...
This is a comment super asjknd jkasnjk adsnkj
The feedback must be of minumum 40 characters
The feedback must be of minumum 40 characters

You are asking your first question!
How to quickly get a good answer:
  • Keep your question short and to the point
  • Check for grammar or spelling errors.
  • Phrase it like a question
Test description