Chuan Zhang,Chenfei Hu,Mingyang Zhao,Yulin Wu,Tong Wu

DOI: https://doi.org/10.1109/icdis55630.2022.00029

2022-01-01

Abstract:Geographic range query, as a basic query function, has been widely leveraged in location-based services. To adapt to the explosive growth of location data, more and more businesses and individuals choose to store their massive amounts of data on the powerful cloud, which however may raise severe threats to users' privacy. To resolve this problem, the location data is often encrypted before outsourcing, but this may sacrifice the availability and utility of the location data. In this paper, we design a geographic range query scheme to support efficient and privacy-preserving arbitrary geographic range queries over encrypted location data. Specifically, we first utilize the polynomial fitting technique to generate trapdoors for arbitrary geographic query ranges. Then, we design a randomizable matrix multiplication method based on matrix decomposition to achieve geographic range queries between data owners and data requesters. Through rigorous security analysis, we demonstrate the privacy of location data and queries is well protected in our scheme. Extensive experiments and performance evaluations show that our proposed scheme is highly efficient in terms of computational cost and communication overhead.

Jinfei Liu,Juncheng Yang,Li Xiong,Jian Pei

DOI: https://doi.org/10.1109/icde.2017.117

2017-01-01

Abstract:Outsourcing data and computation to cloud server provides a cost-e ective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and e cient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multicriteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semanticallysecure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of e ciency and scalability under di erent parameter settings, verifying the feasibility of our proposed solutions.

Fengwei Wang,Hui Zhu,Guozhang He,Rongxing Lu,Yandong Zheng,Hui Li

DOI: https://doi.org/10.1109/tifs.2023.3282133

IF: 7.231

2023-06-13

IEEE Transactions on Information Forensics and Security

Abstract:Location-based services (LBSs) provide enhanced functionality of mobile applications and convenience for mobile users, which plays a more and more remarkable role in people's daily life. In LBSs, spatial range query is an essential tool for users to find interesting points in a specific region. However, during spatial range query, it is necessary for data owners and query users to exchange their location data, and the leakage of private location information has drawn significant attention in both governmental and social aspects. Meanwhile, most existing location privacy protection schemes only focus on achieving regular geometry range query over static location datasets. In this paper, we present an efficient and privacy-preserving arbitrary polygon range query scheme, named EPAPRQ. With EPAPRQ, the arbitrary and fine-grained polygon range query can be executed over a dynamic and time-series location dataset with privacy protection. Specifically, in EPAPRQ, an arbitrary polygon range query algorithm is first introduced with sub-range query technique. Then, to protect the private location information of the data owner and query users, a series privacy-preserving data computation protocols are constructed with a symmetric homomorphic encryption algorithm, and a ciphertext-based location dataset updating strategy is also designed. Finally, we propose a double filtration method through combining the quadtree index structure and minimum bounded rectangle, which is able to greatly improve the query efficiency over ciphertexts. Detailed security analysis shows that the sensitive location information in EPAPRQ can be well protected. Furthermore, we evaluate the performance of EPAPRQ in the real map, and the results demonstrate that EPAPRQ is indeed efficient.

computer science, theory & methods,engineering, electrical & electronic

Jiachen Shen,Z. Cao,Zhihao Zheng

DOI: https://doi.org/10.1109/TrustCom50675.2020.00090

2020-12-01

Abstract:With the location-based services (LBS) booming, the volume of spatial data inevitably explodes. In order to reduce local storage and computational overhead, users tend to outsource data and initiate queries to the cloud. However, sensitive data or queries may be compromised if cloud server has access to raw data and plaintext token. To cope with this problem, searchable encryption for geometric range is applied. Geometric range search has wide applications in many scenarios, especially the circular range search. In this paper, a practical and secure circular range search scheme (PSCS) is proposed to support searching for spatial data in a circular range. With our scheme, a semi-honest cloud server will return data for a given circular range correctly without uncovering index privacy or query privacy. We propose a polynomial split algorithm which can decompose the inner product calculation neatly. Then, we define the security of our PSCS formally and prove that it is secure under same-closeness-pattern chosen-plaintext attacks (CLS-CPA) in theory. In addition, we demonstrate the efficiency and accuracy through analysis and experiments compared with existing schemes.

Computer Science

Hongcheng Xie,Xiaohua Jia,Yu Guo,Mingyu Wang

DOI: https://doi.org/10.1109/TCC.2022.3208711

IF: 5.697

2023-07-01

IEEE Transactions on Cloud Computing

Abstract:Encrypted range query schemes that enable range-based searches over encrypted data have become an effective solution for secure data outsourcing services. However, existing schemes are still inadequate on desired functionality and security. Specifically, supporting efficient multi-range queries while hiding the data ordering leakage remains a challenging research problem. Existing works on order-hiding query schemes only work for encrypted single-range search and incur significant computational overhead due to the protection of the ordering information. In this article, we present a privacy-preserving multi-range query scheme that can address the above problems simultaneously. It not only enables efficient multi-range queries over encrypted data but also guarantees the privacy of ordering information. To protect the ordering leakage, our design adopts an Order-hiding Encoding (OHE) scheme to support multi-range obfuscation. In addition, a novel order-hiding K-Dimensional tree (KD-tree) index structure is designed as the core technique underlying our scheme, which accelerates efficient multi-range queries and obfuscates ordering information of encrypted values. Finally, the formal security analysis confirms that our proposed multi-range query scheme is secure in the random oracle model. The extensive experimental results conducted on real-world datasets demonstrate the practicality of our design.

Computer Science

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Yanguo Peng,Long Wang,Jiangtao Cui,Ximeng Liu,Hui Li,Jianfeng Ma

DOI: https://doi.org/10.1109/tdsc.2020.2974218

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In the era of cloud computing, to achieve convenient location-based service (LBS), consumers such as users, companies, and organizations prefer subcontracting massive geographical data to public clouds after encryption for privacy and security. However, numerous harmful cyber-attacks happen on those public clouds in an unpredicted and hourly manner. To alleviate those concerns, various secure query schemes on the encrypted data have been proposed in the literature. As a fundamental query of LBSs, forward-secure range query has not been well investigated. To address this issue, we propose a lightweight and forward-secure range query (LS-RQ) on geographically encrypted data, which soundly balances between security and efficiency. Promisingly, we design an index mechanism to manage geographical data on the public clouds, while not compromising the privacy of data. Moreover, our LS-RQ schemes provide a convenient approach to range query on geographically encrypted data on-the-fly. We also rigorously prove that LS-RQ is forward-secure. Finally, extensive experimental studies are performed on both real and synthetic datasets. By observation, our LS-RQ schemes are highly efficient in realistic environments. Particularly, on encrypted datasets with about 1000000 geographical data, our solution to secure range query takes strictly less than a second.

computer science, information systems, software engineering, hardware & architecture

Kaiping Xue,Shaohua Li,Jianan Hong,Yingjie Xue,Nenghai Yu,Peilin Hong

DOI: https://doi.org/10.1109/TIFS.2017.2675864

2017-01-01

Abstract:Industries and individuals outsource database to realize convenient and low-cost applications and services. In order to provide sufficient functionality for SQL queries, many secure database schemes have been proposed. However, such schemes are vulnerable to privacy leakage to cloud server. The main reason is that database is hosted and processed in cloud server, which is beyond the control of data owners. For the numerical range query (“>,” “<,” and so on), those schemes cannot provide sufficient privacy protection against practical challenges, e.g., privacy leakage of statistical properties, access pattern. Furthermore, increased number of queries will inevitably leak more information to the cloud server. In this paper, we propose a two-cloud architecture for secure database, with a series of intersection protocols that provide privacy preservation to various numeric-related range queries. Security analysis shows that privacy of numerical information is strongly protected against cloud providers in our proposed scheme.

Songnian Zhang,Rongxing Lu,Hui Zhu,Yandong Zheng,Yunguo Guan,Fengwei Wang,Jun Shao,Hui Li

DOI: https://doi.org/10.1109/tifs.2024.3396384

IF: 7.231

2024-05-14

IEEE Transactions on Information Forensics and Security

Abstract:The increasing prevalence of cloud computing drives the exploration of various secure query schemes over encrypted data, among which secure spatial keyword query has drawn a great deal of attention due to its broad application in location-based services. However, most existing schemes are either limited to the boolean keyword test or incapable of protecting access pattern privacy. Although the state-of-the-art secure spatial keyword query scheme can support keyword similarity while preserving access pattern privacy, it is unable to cope with the arbitrary spatial range, which is more general, and has limitations in efficiency and security. In this paper, we propose a new secure spatial keyword similarity query scheme that can support arbitrary spatial ranges and enhance the efficiency and security of the state-of-the-art scheme at the same time. Specifically, we first present a new homomorphic encryption technique by improving the popular symmetric homomorphic encryption (SHE). After that, we propose a novel approach to make supporting arbitrary spatial ranges over encrypted data possible, in which a spatial encoding technique is designed to improve performance. Finally, by designing a pack-based solution to protect access pattern privacy, our proposed scheme can hide the number of query results while optimizing performance. We formally prove the security of our proposed scheme and conduct experiments to evaluate its performance. The results indicate that our proposed scheme outperforms the state-of-the-art scheme in both the computational costs and communication overhead.

computer science, theory & methods,engineering, electrical & electronic

Lili Sun,Yonggang Zhang,Yandong Zheng,Weiyu Song,Rongxing Lu

DOI: https://doi.org/10.1109/tsc.2023.3259642

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:The Internet of Things (IoT) boom has enabled Internet Service Providers (ISPs) to collect an enormous amount of high-dimensional data. Performing range queries on such data can effectively reuse them to help ISPs offer better services. Owing to the low cost and high resource utilization of cloud computing, an increasing number of ISPs are inclined to outsource data and services to it. However, as the cloud is not fully trusted, data need to be encrypted before being outsourced, which inevitably hinders many query services, e.g., range queries. Various schemes were proposed for privacy-preserving range queries, yet they struggled to extend to high-dimensional scenarios and did not support dimension selection. Aiming at this challenge, in this paper, we propose an efficient and privacy-preserving high-dimensional range query scheme (PHRQ) based on an iMinMax tree while supporting dimension selection. Specifically, we first build an iMinMax tree for high-dimensional data and utilize a symmetric homomorphic encryption technique to design a suite of privacy-preserving protocols to achieve secure high-dimensional range queries. Then, we design a sub-dimensional range determination protocol to support dimension selection. Further, based on the iMinMax tree and our privacy-preserving protocols, we propose our PHRQ scheme. Finally, security analysis shows that our scheme is privacy-preserving, and performance evaluation demonstrates that our scheme is efficient in high-dimensional range query processing.

computer science, information systems, software engineering

Zhuolin Mei,Huilai Zou,Jinzhou Huang,Caicai Zhang,Bin Wu,Jiaoli Shi,Zhengxiang Cheng

DOI: https://doi.org/10.4018/ijwsr.340391

2024-03-12

International Journal of Web Services Research

Abstract:In recent years, more and more data has been stored on the cloud to provide various services. These data often contain users' private information, which inevitably raises concerns about data security. Encryption before outsourcing is a direct solution to mitigate these concerns. However, traditional encryption schemes such as block encryption make basic data services hard to support. Therefore, this paper proposes a secure and fast range query scheme for encrypted multi-dimensional data, called SFRQ. The scheme constructs a secure index over the ciphertexts of multi-dimensional data, utilizing the R-tree index, Bloom filter, and 0-1 encoding techniques. This secure index enables the cloud to provide fast range query services over the ciphertexts of multi-dimensional data. The authors have evaluated SFRQ through extensive experiments, which demonstrate its high efficiency. Additionally, the security analysis shows that no external entity, including the cloud, can obtain additional information during the entire query process.

computer science, information systems, software engineering

Ningning Cui,Xiaochun Yang,Yunliang Chen,Jianxin Li,Bin Wang,Geyong Min,Yun Liang Chen

DOI: https://doi.org/10.1109/jiot.2021.3122991

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Spatial keyword query has attracted wide-spread academic and industrial concerns due to the popularity of location-based services and Internet of Things. To efficiently support the online query processing, the data owners need to outsource their data to cloud platforms. However, the outsourcing services may raise privacy leaking issues. Moreover, access control, another important security concern, is largely ignored. Therefore, we first propose and formalize the problem of secure boolean spatial keyword query under lightweight access control while guaranteeing the widely accepted adaptive indistinguishability against chosen keyword attack model. Then, we devise a novel hybrid Bloom filter encoding strategy, including a linear embedding and exponent-based transformation schemes and a secure index structure, called SAGTree. They can maintain both geo-text and access policy information together in a secure way while answering the encrypted queries under access control without decryption. Finally, we present the in-depth security analysis and demonstrate the performance of our proposed algorithms.

computer science, information systems,telecommunications,engineering, electrical & electronic

Anselme Tueno,Florian Kerschbaum

DOI: https://doi.org/10.48550/arXiv.1802.01138

2018-02-04

Cryptography and Security

Abstract:Order-preserving encryption allows encrypting data, while still enabling efficient range queries on the encrypted data. Moreover, it does not require any change to the database management system, because comparison operates on ciphertexts as on plaintexts. This makes order-preserving encryption schemes very suitable for data outsourcing in cloud computing scenarios. However, all order-preserving encryption schemes are necessarily symmetric limiting the use case to one client and one server. Imagine a scenario where a Data Owner encrypts its data before outsourcing it to the Cloud Service Provider and a Data Analyst wants to execute private range queries on this data. This scenario occurs in many cases of collaborative machine learning where data source and processor are different entities. Then either the Data Owner must reveal its encryption key or the Data Analyst must reveal the private queries. In this paper, we overcome this limitation by allowing the equivalent of a public-key order-preserving encryption. We present a secure multiparty protocol that enables secure range queries for multiple users. In this scheme, the Data Analyst cooperates with the Data Owner and the Cloud Service Provider in order to order-preserving encrypt the private range queries without revealing any other information to the parties. We implemented our scheme and observed that if the database size of the Data Owner has 1 million entries it takes only about 0.3 s on average via a loopback interface (1.3 s via a LAN) to encrypt an input of the Data Analyst.

Yinbin Miao,Guijuan Wang,Xinghua Li,Hongwei Li,Kim-Kwang Raymond Choo,Rebert H. Deng

DOI: https://doi.org/10.1109/tmc.2024.3482321

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:With the rapid development of mobile computing and the popularity of mobile devices equipped with GPS technology, massive spatial data have become available. Enterprises upload encrypted spatial data to the mobile cloud to save local storage and computation costs. However, the existing secure Geometric Range Search (GRS) solutions are inefficient in terms of building, updating index structure and querying processes. Moreover, the index structures of existing GRS schemes based on Order Preserving Encryption (OPE) leak location order, which may lead to reconstruction attacks. To solve these issues, we first propose an efficient and secure GRS scheme using Radix-Tree, namely GRSRT-I. Specifically, we construct an index structure based on Radix-tree to achieve efficient search and update, then use homomorphic encryption NTRU to resist chosen-plaintext attack, finally design a dual-server architecture to alleviate the burdens on mobile users caused by multiple rounds of interactions. Furthermore, we propose an enhanced scheme, GRSRT-II, by combining Order-Revealing Encryption and OPE, which greatly improves the search efficiency while slightly reducing the security. We formally prove the security of our proposed schemes, and conduct extensive experiments to demonstrate that GRSRT-I can improve the query efficiency by up to at least 1.5 times when compared with previous solutions and GRSRT-II can achieve a higher level of search efficiency.

Ellen Z. Zhang,Yunguo Guan,Rongxing Lu,Harry Zhang

DOI: https://doi.org/10.1109/jiot.2024.3371828

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Crowdsourcing, which is regarded as one of the most important data collection techniques in Internet of Things (IoT) and Big Data era, has received significant attention in recent years. However, privacy concerns persist across various crowdsourcing scenarios. In this paper, aiming to address users’ privacy issues in crowdsourcing scenarios, we propose an efficient and privacy-preserving range query scheme under Local Differential Privacy (LDP) setting. Specifically, given a domain V = {0, 1, 2, ..., d – 1} where d = 2w, our proposed scheme integrates binary heap tree, prefix encoding, randomized response, and pseudo-random number generator techniques to enable each user to report only w bits as a query response, which is sufficient for a server to efficiently compute the range query result for any range [a, b] in the domain V. Security analysis demonstrates that our proposed scheme can achieve ε-LDP, effectively preserving the privacy of users’ private items. In addition to its low communication overhead, performance evaluation also indicates our proposed scheme is computationally efficient when the pre-computation is implemented at the server. Furthermore, our proposed scheme exhibits higher accuracy compared to previously reported flat and tree-based methods, especially for a large domain size d and a large range length m = b – a + 1.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhuolin Mei,Jin Yu,Caicai Zhang,Bin Wu,Shimao Yao,Jiaoli Shi,Zongda Wu

DOI: https://doi.org/10.1016/j.is.2024.102343

IF: 3.18

2024-05-01

Information Systems

Abstract:Outsourcing data to the cloud offers various advantages, such as improved reliability, enhanced flexibility, accelerated deployment, and so on. However, data security concerns arise due to potential threats such as malicious attacks and internal misuse of privileges, resulting in data leakage. Data encryption is a recognized solution to address these issues and ensure data confidentiality even in the event of a breach. However, encrypted data presents challenges for common operations like access control and range queries. To address these challenges, this paper proposes Secure Multi-dimensional Data Retrieval with Access Control and Range Search in the Cloud (SMDR). In this paper, we propose SMDR policy, which supports both access control and range queries. The design of the SMDR policy cleverly utilizes the minimum and maximum points of buckets, enabling the SMDR policy is highly appropriate for supporting range queries on multi-dimensional data. Additionally, we have made modifications to Ciphertext Policy-Attribute Based Encryption (CP-ABE) to enable effective integration with the SMDR policy, and then constructed a secure index using the SMDR policy and CP-ABE. By utilizing the secure index, access control and range queries can be effectively supported over the encrypted multi-dimensional data. To evaluate the efficiency of SMDR, extensive experiments have been conducted. The experimental results demonstrate the effectiveness and suitability of SMDR in handling encrypted multi-dimensional data. Additionally, we provide a detailed security analysis of SMDR.

computer science, information systems

Lu Li,Xufeng Jiang,Fei Zhu,An Liu

DOI: https://doi.org/10.1007/978-981-15-3281-8_9

2020-01-01

Abstract:In the cloud computing paradigm, data owners could outsource their databases to the service provider, and thus reap huge benefits from releasing the heavy storage and management tasks to the cloud server. However, sensitive data, such as medical or financial records, should be encrypted before uploading to the cloud server. Unfortunately, this will introduce new challenges to data utilization. In this paper, we study the problem of skyline queries in a way that data privacy for both data owner and the client is preserved. We propose a hybrid protocol via additively homomorphic encryption system and Yao’s garbled circuits. By taking advantages of Yao’s protocol, we design a highly improved protocol which can be used to determine the skyline point and exclude the points dominated by others in an oblivious way. Based on this subroutine, we construct a fully secure protocol for skyline queries. We theoretically prove that the protocols are secure in the semi-honest model. Through analysis and extensive experiments, we demonstrate the efficiency and scalability of our proposed solutions.

Bharath K. Samanthula,Wei Jiang,Elisa Bertino

DOI: https://doi.org/10.48550/arXiv.1401.3768

2014-01-15

Cryptography and Security

Abstract:With the many benefits of cloud computing, an entity may want to outsource its data and their related analytics tasks to a cloud. When data are sensitive, it is in the interest of the entity to outsource encrypted data to the cloud; however, this limits the types of operations that can be performed on the cloud side. Especially, evaluating queries over the encrypted data stored on the cloud without the entity performing any computation and without ever decrypting the data become a very challenging problem. In this paper, we propose solutions to conduct range queries over outsourced encrypted data. The existing methods leak valuable information to the cloud which can violate the security guarantee of the underlying encryption schemes. In general, the main security primitive used to evaluate range queries is secure comparison (SC) of encrypted integers. However, we observe that the existing SC protocols are not very efficient. To this end, we first propose a novel SC scheme that takes encrypted integers and outputs encrypted comparison result. We empirically show its practical advantage over the current state-of-the-art. We then utilize the proposed SC scheme to construct two new secure range query protocols. Our protocols protect data confidentiality, privacy of user's query, and also preserve the semantic security of the encrypted data; therefore, they are more secure than the existing protocols. Furthermore, our second protocol is lightweight at the user end, and it can allow an authorized user to use any device with limited storage and computing capability to perform the range queries over outsourced encrypted data.

Ning Cao,Zhenyu Yang,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/ICDCS.2011.84

2011-01-01

Abstract:In the emerging cloud computing paradigm, data owners become increasingly motivated to outsource their complex data management systems from local sites to the commercial public cloud for great flexibility and economic savings. For the consideration of users' privacy, sensitive data have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. In this paper, for the first time, we define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing (PPGQ), and establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. Our work utilizes the principle of "filtering-and-verification". We prebuild a feature-based index to provide feature-related information about each encrypted data graph, and then choose the efficient inner product as the pruning tool to carry out the filtering procedure. To meet the challenge of supporting graph query without privacy breaches, we propose a secure inner product computation technique, and then improve it to achieve various privacy requirements under the known-background threat model.

Yulong Shen

DOI: https://doi.org/10.1109/tbdata.2017.2707552

2017-01-01

IEEE Transactions on Big Data

Abstract:The k-nearest neighbors (k-NN) query is a fundamental primitive in spatial and multimedia databases. It has extensive applications in location-based services, classification & clustering and so on. With the promise of confidentiality and privacy, massive data are increasingly outsourced to cloud in the encrypted form for enjoying the advantages of cloud computing (e.g., reduce storage and query processing costs). Recently, many schemes have been proposed to support k-NN query on encrypted cloud data. However, prior works have all assumed that the query users (QUs) are fully-trusted and know the key of the data owner (DO), which is used to encrypt and decrypt outsourced data. The assumptions are unrealistic in many situations, since many users are neither trusted nor knowing the key. In this paper, we propose a novel scheme for secure k-NN query on encrypted cloud data with multiple keys, in which the DO and each QU all hold their own different keys, and do not share them with each other; meanwhile, the DO encrypts and decrypts outsourced data using the key of his own. Our scheme is constructed by a distributed two trapdoors public-key cryptosystem (DT-PKC) and a set of protocols of secure two-party computation, which not only preserves the data confidentiality and query privacy but also supports the offline data owner. Our extensive theoretical and experimental evaluations demonstrate the effectiveness of our scheme in terms of security and performance.