A Privacy-Preserving and Verifiable Statistical Analysis Scheme for an E-Commerce Platform
Publication Name
IEEE Transactions on Information Forensics and Security
Abstract
To know the most recent market conditions, an e-commerce platform needs to be aware of the sales situation of its sellers' commodities. The most recent market conditions can help to forecast future market trends and develop policies to guide sellers in reasonably allocating their inventory proportion. Statistical analysis is a fundamental approach to studying the sales situation. However, the sales data of an e-commerce platform usually has a significant volume. Therefore, outsourcing statistical analysis to cloud servers is an effective method. Nevertheless, sellers do not want their sales data leaked to anyone or any other organization. Moreover, in many circumstances, we cannot fully trust cloud servers. Thus, we need to utilize cryptographic or non-cryptographic tools to realize the above outsourcing. Secret sharing is a lightweight and powerful non-cryptographic tool to realize privacy-preserving data analysis. However, it needs secure channels to distribute secret shares. On the other hand, homomorphic encryption is a powerful cryptographic tool for designing privacy-preserving data analysis schemes. Nevertheless, these schemes usually do not allow the entity that holds the decryption key to collude with other entities. We propose a privacy-preserving and verifiable statistical analysis scheme for an e-commerce platform that combines a threshold secret sharing scheme with a verifiable threshold homomorphic encryption scheme. Our solution's demand for secure channels is reduced by 40%∼ 60% compared with a traditional threshold secret sharing scheme, thanking the designed novel distribution model for delivering secret shares. Furthermore, our solution has a stronger ability to resist collusive attacks, keep sales data private from any entity, and ensure that the platform can only obtain the analysis results with the help of some cloud servers, alleviating the single point of trust. And meanwhile, the novel distributed model makes our solution enjoy better robustness and fault tolerance. The proposed solution is validated through security analyses, performance evaluations, and comparison analyses.
Open Access Status
This publication is not available as open access
Volume
18
First Page
2637
Last Page
2652
Funding Number
kx202014
Funding Sponsor
National Natural Science Foundation of China