Verifiable secure computation of linear fractional programming using certificate validation

Nedal M. Mohammed1, Laman R. Sultan2, Ahmed A. Hamoud3, Santosh S. Lomte4 Department of Computer Science, Dr. Babasaheb Ambedkar Marathwada University, Aurangabad, India Department of Power Mechanics, Basra Technical Institute, Southern Technical University, Al-Basrah, Iraq Department of Mathematics, Dr. Babasaheb Ambedkar Marathwada University, Aurangabad, India Department of Computer Science, Taiz University, Taiz, Yemen.


INTRODUCTION
The powerful advantage of cloud computing is called outsourcing, where the customers with limited computing resource and storage devices can outsource the sophisticated computation workloads into powerful service providers. Despite the tremendous benefits, there are many challenges and security concerns because the cloud server and customer are not in the same trusted domain, to avoid these problems [1][2][3][4]. First, to combat the security concern is applying encryption techniques to customer's sensitive information before outsourcing to the cloud but still, there is a challenge how makes the task of computation over encrypted data [5,6]. Second, no guarantee from the cloud on the quality of the computed data and results. For instance, solving financial linear programs is useful for optimizing global profits confidentiality is important because the inputs are sensitive information from multiple companies but correctness is important because the outcome represents financial value.
In theory, correctness and privacy can be achieved by producing cryptographic proofs of correctness in a multi-party way [7,8]. In [9] They achieved Correctness by replicating a computation and comparing the results this done against uncorrelated failure. Without assuming uncorrelated failure or trusted hardware the correctness can be done e.g., [10] by instead producing cryptographic proofs of correctness. Also, privacy can be done when the computation achieved by multiple computation parties using multiparty computation protocols e.g. [11,12].
In this paper, we want to be sure that the results are correct and with the multiple mutually distrusting in putters, also we want to guarantee the privacy of the inputs. We present certificate validation as a general technique for achieving verifiable secure computation of linear fractional programming. We use of El-Gamal encryption [13][14][15] by combining the computation stage and the validation stage rather than using expensive encryption schemes such as Paillier's cryptosystem.
The rest of the paper is organized as follows: section 2. Shows verifiable computation schema. In section 3. We describes the system model of our proposed Protocol for privacy-preserving outsourcing LFP. In section 4. We provide experimental result analysis for the proposed schema. At last the work conclusion is presented in section 5.

2.
VERIFIABLE COMPUTATION Verifiable computation has been studied by plenty of researchers in various application scenarios. They researched widely how to verify the correctness of computations performed by untrusted parties (without privacy) [16][17][18][19][20][21]. Verifiable computation schemes are normally based on either computation complexity theory or cryptographic algorithms. Data and computations can be outsourced to another party in order to obtain a processing result in return. However, whether the result is right or wrong could cause a potential risk for a data processing result requester. For outsourced data processing and computations, verification of the computation results is a critical issue to ensure the trust of Computation-as-a-Service [22].

PROTOCOL FOR PRIVACY-PRESERVING OUTSOURCING LINEAR FRACTIONAL PRO-GRAMMING
We present main protocol for privacy-preserving outsourcing with correctness guarantees. We compute a solution and a so-called certificate using normal multiparty computation, and then produce Ì ISSN: 2088-8694 a proof that the solution is valid with respect to the certificate using the El-Gamal-based proofs [23].

Functions of certificates and validating
To efficiently validate a computation result, we use certificates. In complexity theory, a certificate is a proof that a value lies in a certain set that can be verified in polynomial time.
Let S 1 , S 2 be sets and In our case, a computation is given by a computation function ϕ (y, a, r) , and a validating function ϕ (y, a, r) . Here, on input x, function f computes function output r and certificate a; validating function ϕ checks that r is a valid output with respect to x and a. We require that if (a, r) = f (y), then ϕ (y, a, r), but we do not demand the converse: the outcome of the computation might not be unique, and might merely check that some correct solution was found, not that it was produced according to algorithm f . (For instance, a square root finder may return the positive square root while negative square root is also valid.) In our case study, we use that the optimality of a solution to a LFP can be efficiently validated using a certificate.

The verifiable multiparty computation protocol by certificate validation
We present Verifiable Multiparty computation protocol by certificate validation (VerMPC) protocol to compute (a, r) = f (x), and prove this result X i is correct. We use passively secure multiparty computation protocols based on (t, n) Shamir sharing with n = 2t + 1. In these protocols, the input parties encrypt and announce their inputs, then makes a proof of knowledge of the corresponding plaintext then broadcast for this encryption and proof. Next, the parties provide the plaintext and randomness of the encryption to the two computation parties who will later prove the result is correct. The two computation parties check if the provided sharing of the input is consistent with the encryptions that were broadcast for preventing corrupted input parties learns information about both their encrypted and their secret shared inputs, this done by encrypting their shares of the inputs then using the homomorphic property of the cryptosystem for checking correctness. Then, the actual computation takes place in the third computation party. The two parties holding additive shares of the input Shamir-share them between all three computation parties, then the computation is performed between the three parties. These two of the computation parties produce the encrypted result and prove its correctness [24]. The computation parties send their additive shares of the result and the randomness of their encryption shares results to the resulting party (the encryptions of the certificate and proof of correctness) [13,[25][26][27]. The result party checks the proofs of knowledge provided by the in putters computes the encrypted results from its shares and use Verify algorithm to verify the correctness.

Secure and verifiable linear fractional programming
The LFP is a special class of mathematical optimization expressed in the following standard form [28]: where (1) the objective function is a linear fractional function (ratio of two linear functions) y is an n × 1 vector of variables which are to be determined, c and d are n × 1 column vectors of coefficients, and set of constraints are a system of linear equalities and inequalities (affine constraints) A is m × n matrix of coefficients, b is m × 1 column vector of coefficients and δ, ξ are constants. B is n × n nonsingular matrix. For instance, the LFP represents the problem to find x 1 , x 2 satisfying To find the optimal solution of a fractional linear program, typically an iterative algorithm called the simplex algorithm is used after convert LFP to LP [29].
Theorem: We prove that y it is optimal using the optimal solution p of the so-called dual LP maximise b · p such that A · p ≤ c, p ≤ 0.
Proof: The solutions ( y1 q , · · · , yn q ) and ( p1 q , · · · , pm q ) (y ∈ Z n , p ∈ Z m , q ∈ N + ) are both optimal if the following conditions hold: A · y ≤ q · b; y ≥ 0 ; Also, the simplex algorithm for finding y turns out to also directly give p. To turn the above criterion into a set of polynomial equations, we define the certificate to consist of bit decompositions of (q · b − A · y) i , y i , (q · c − A T · p) i , and − p i , and prove that each bit decomposition b 0 , b 1 , ... sums up to the correct value v (with equation v = b 0 + 2 · b 1 + · · · ) and contains only bits (with equations b i · (1 − b i ) = 0).

EXPERIMENTAL RESULT
The experimental results are the average of multiple trials. We design numerical experiments to evaluate the efficiency of the mechanism. We ran our mechanism on several LFPs. We measured the time to solve the LFP and to compute the certificate (this depends on the LFP size, number of iterations needed, and the bit length for internal computations), the time for PolyProve to produce a proof, and for PolyVer to verify it (this depends on the LFP size and bit length for the proof). Figure 3. Shows the performance numbers of our experiments.  For the LFPs in our experiments, we find that producing proof adds little overhead to compute the solution and that verifying the proof is much faster than participating in the computation. As a consequence, for the recipient, outsourcing both guarantees correctness and saves time compared to participating in the computation. In general, one expects the difference between computing the solution and proving its correctness to be more pronounced for larger problems: indeed, both the computation and the correctness verification scale in the size of the LFP, but computation additionally scales in the number of iterations needed to reach the optimal solution. This number of iterations typically grows with the LFP size. However, we only found this for the biggest LFP, where proving is over four times faster than computing, for the other programs, this factor was around two. An explanation for this is that also the bit length of solutions (which influences proving time) typically grows with the number of iterations.

CONCLUSION
In this paper, we combined passively secure three-party computation with El-Gamal-based proofs. We have shown how to use certificate validation to obtain correctness guarantees for privacy-preserving outsourcing of LFP. The security guarantees of our model lie in between passive security (that does not guarantee correctness in case of active attacks) and active security (that also guarantees privacy in this case). For LFP, verifying results takes much less time than participating in an actively secure computation; in fact, it even takes less time than participating in a passively secure computation without any correctness guarantees. Hence, for computations on inputs of mutually distrusting parties, privacy-preserving outsourcing with correctness guarantees provides a compelling combination of correctness and privacy guarantees.