Lightning-Fast and Privacy-Preserving Outsourced Computation in the Cloud

In this paper, we propose a framework for lightning-fast privacy-preserving outsourced computation framework in the cloud, which we refer to as LightCom. Using LightCom, a user can securely achieve the outsource data storage and fast secure data processing in a single cloud server different from the existing multi-server outsourced computation model. Specifically, we first present a general secure computation framework for LightCom under the cloud server equipped with multiple Trusted Processing Units (TPUs) which face the side-channel attack. Under the LightCom, we design two specified fast processing toolkits which allow the user to achieve the commonly-used secure integer computation and secure floating-point computation against the side-channel information leakage of TPUs, respectively. Furthermore, our LightCom can also guarantee access pattern protection during the data processing and achieve user private information retrieve after the computation. We prove that the proposed LightCom can successfully achieve the goal of single cloud outsourced data processing to avoid the extra computation server and trusted computation server, and demonstrate the utility and the efficiency of LightCom using simulations.


Introduction
THE internet of things (IoT), embedded with electronics, Internet connectivity, and other forms of hardware (such as sensors), is a computing concept that describes the idea of everyday physical objects being connected to the internet and being able to identify themselves to other devices. With large numbers of IoT devices, a colossal amount of data is generated for usage. According to IDC 1 , the connected IoT devices will reach 80 billion in 2025, and help to generate 180 trillion gigabytes of new data that year. A quarter of the data will create in real-time, and 95% is to come from IoT real-time data. With such a large volume, real-time data are generated; it is impossible for the levels, oxygen levels) to record the physical sign of the patient. The hospital can use clients PHI decision-making model to automatically check a patients health status. According to a new report by Grand View Research, The global IoT in healthcare market size is projected to reach USD 534.3 billion by 2025 expanding at a Compound Annual Growth Rate (CAGR) 19.9% over the forecast period 3 . If no protection method is adopted, patients physical signs can be capture by an adversary. Moreover, the hospital model can be got by other third-party companies to make a profit. Use the traditional encryption technique can protect the data from leakage; however, the ciphertext lost the original meaning of the plaintext, which cannot do any computations.
Protecting the data and achieve the secure outsource computation simultaneously is an eye-catching field to solve the above problems. Currently, there are typically two aspects of techniques to achieve secure outsourced computation: theoretical cryptography solution and system security solution. For the cryptography point of view, homomorphic encryption (Naehrig et al. 2011) is considered as a super-excellent solution for the outsourced computation, which allows the third-party to perform the computation on the encrypted data without revealing the content of the plaintext. Fully homomorphic encryption (Van Dijk et al. 2010) can achieve arbitrary computation on the plaintext corresponding to the complex operations on the ciphertext. However, the computation overhead is still tremendous, which is not fit for the piratical usage (e.g., it requires 29.5 s to run secure integer multiplication computation with a standard PC (Liu et al. 2018b)). Semihomomorphic encryption (Bendlin et al. 2011;Farokhi et al. 2016;Ma et al. 2020) only supports one type of homomorphic (e.g., additive homomorphic), can achieve complex data computation on the encrypted data with the help of other honest-but-curious servers. However, the extra computation server will increase the possibility of information leakage. Recently, for the industrial community, trusted execution environment (TEE, such as Intel Software Guard Extensions (SGX) 4 and ARM TrustZone 5 ) is developed to achieve the secure computation which allows user-level or operating system code to define private regions of memory, also called enclaves. The data in the enclave are protected and unable to be either read or saved by any process outside the enclave itself. The performance of the TEE is equivalent to the plaintext computation overhead. Unfortunately, TEE easily faces the side-channel attack, and the information inside the enclave can be leaked to the adversary 6 7 . Thus, a fascinating problem appears for creating a system to balance the usage of practical outsourced computation system and eliminate the extra information leakage risk: how can a single cloud securely perform the arbitrary outsourced computation without the help of extra third-party computation server or trusted authority, which interactions between the user and the cloud kept to a minimum.
In this paper, we seek to address the challenges as mentioned above by presenting a framework for lightning-fast and privacy-preserving outsourced computation Framework in a Cloud (LightCom). We regard the contributions of this paper to be six-fold, namely: • Secure Data Outsourced Storage. The LightCom allows each user to outsource his/her data to a cloud data center for secure storage without compromising the privacy of his/her data to the other unauthorized storage. • Lightning-fast and Secure Data Processing in Single Cloud. The LightCom can allow in a single cloud equipped with multiple Trusted Processing Units (TPUs), which provides a TEE to achieve the user-centric outsourced computation on the user's encrypted data. Moreover, the data in untrusted outside storage are secure against chosen-ciphertext attacks for the long-term, while data insider TPUs can be protected against side-channel attacks. • Outsourced Computation Primitive Combinable.
Currently, the outsourced computation methods focus on a special computation task, such as outsourced exponential computation. Different specific outsourced tasks are constructed with different crypto preliminary. Thus, the previous computation result cannot be directly used for the input of the next computation. Our LightCom can directly solve the problem with a uniform design method which can achieve computation combinable. • No Trusted Authority Involved. In most of the existing cryptosystems, trusted authority is fully trusted, which is an essential party in charge of distributing the public/private keys for all the other parties in the system. Our LightCom does not involve an extra fully trusted party in the system, which makes the system more efficient and practical. • Dynamic Key/Ciphertext Shares Update. To reduce the user's private key and data leakage risk during the processing, we randomly split the key and data into different shares which are processed in different TPUs, cooperatively. To avoid long-term shares leaking for recovering the original secrets, our LightCom allows TPUs updating user's "old" data/private-key shares into the "new" shares on-the-fly dynamically without the participation of the data user. • High User Experience. Most existing privacy-preserving computation technique requires a user to perform different pre-processing technique according to the function type before data outsourcing. The LightCom does not need the data owner to perform any pre-processing procedureonly needs to encrypt and outsource the data to the cloud for storage. Thus, interactions between the user and the cloud kept to a minimum -send the encrypted data to the cloud, and received outsourced computed results in a single round.

Motivation and Technique Overview.
As the sensitive information contained inside TPU can be attacked, our primary motivation of the LightCom framework is to achieve secure computation in a single cloud without the help of an additional party. Also, as most of the devices are mobile devices with battery restriction, we need to guarantee users experience to make sure that the interactions between the user and the cloud kept to one round. The design idea of LightCom is to let the data store in the outside storage, and achieve privacy-preserving computation insider TPU. The main challenges are how to achieve both practical secure data storage and outsourced data processing against side-channel attacks, simultaneously.
To solve the secure data storage challenge, we use a new Paillier Cryptosystem Distributed Decryption (PCDD), which can achieve semantic secure data storage. To prevent information leakage inside TPU, our LightCom uses one-time pad by adding some random numbers on the plaintext of the PCDD ciphertext. Even the "padded" ciphertext for the TPU enclave for decryption and process, the attacker still cannot get the original message of the plaintext. To achieve ciphertext decryption, our Light-Com uses multiple TPUs, and each TPU only stores a share of the private key to prevent the user's key leakage risk. Even some partial private key/data shares may leak to the adversary; our framework can successfully update these shares dynamically inside the TPU to make the leaked shares useless. More importantly, all the secure execution environment (called TPU enclaves) in TPUs are dynamically building and release for the secure computation in our LightCom framework, which can further decrease the information leak risk in the enclave.
Applications with LightCom. The LightCom is a fundamental secure data computation framework which can be used for the following four types of applications -see Fig. 1.
1. Artificial Intelligence (AI) System. AI is the simulation of human intelligence processes by machines, especially computer systems, which can be used in expert systems, natural language processing (NLP), speech recognition and machine vision. However, in most of the AI applications, the data for AI model training and decision are sensitive which need to be protected before sending into the AI model. Also, the AI model is considered as the core asset of the company which requires a staggering cost for training. With the help of LightCom, both data and AI models can be protected, and all the basic secure operations can be used for building the secure AI system without leaking any information about the model parameters.
2. E-Healthcare System. E-healthcare is a field in the intersection of public health, and medical informatics, referring to health services and information delivered or enhanced through the Internet and related technologies. An Electronic Health Record (EHR) is considered as the key to the e-healthcare system which provides real-time, patient-centric records that make information available instantly to the users. To ensure the privacy of the record, some researchers provide secure techniques to encrypt the EHR (Xu et al. 2020a, b;. However, encrypted EHR cannot do any operations without decryption. Thanks to the LightCom, the third-party company can use the encrypted EHR in the e-healthcare system for practical secure data analytics without any information leakage. The patient can use his/her own private key to decrypt and get the real-time analytic e-healthcare result. 3. Connected and Automated Vehicles (CAV). The transportation system is rapidly evolving with new CAV technologies that integrate CAVs with other vehicles and roadside infrastructure in a cyber-physical system (CPS). For the vehicle to be truly capable of driving without user control, an extensive amount of training must be initially undertaken for the AI system to make the right decisions in any imaginable traffic situation. However, the compromised vehicle can capture data packet information, thus acquiring sensitive and confidential data. Cryptographybased solutions include encryption that can be used to detect eavesdropping and secure vehicle privacy. However, the automated vehicle cannot make any operations on the encrypted training data packets. In order to train the self-divining model in a privacy-preserving way, the LightCom can be used for constructing the model without the training data leakage.
4. Social Network (SN). A social network is a social structure made up of a set of social actors (such as individuals or organizations), sets of dyadic ties, and other social interactions between actors. Social network user's private information including messages, invitations, photos, are often the venues for other adversaries to gain access. However, these data are valuable for the service provider that can be extracted useful knowledge from them. The traditional encryption technologies can successfully deal with the user's private information, but make the social media  unusable. With the LightCom, the service provider can achieve secure data analytics without getting any social actors' private information.

Notations
Throughout the paper, we use x to denote bit-length of x, while L(x) denotes the number of element in x. Moreover, we use pk a and sk a to denote the public and private keys of a Request User (RU) a, sk (1) a , sk (2) a to denote the partial private keys that form sk a , [[ x]] pk a to denote the encrypted data of x using pk a in public-key cryptosystem. For simplicity, if all ciphertexts belong to a specific RU, say a, we simply use [[ x]] instead of [[ x]] pk a . We use notion m to denote the data share of m, i.e., each party i (i = 1, · · · , P) holds m i , such that P i=1 m i = m.

Additive secret sharing scheme (ASS)
Give m ∈ G (G is a finite abelian group under addition), the additive secret sharing scheme (a.k.a. P-out-of-P secret sharing scheme) can be classified into the following two algorithms -Data Share Algorithm (Share) and Data Recovery Algorithm (Rec): Share(m) : Randomly generate X 1 , · · · , X P−1 ∈ G, the algorithm computes X P = m − (X 1 + · · · + X P−1 ), and outputs X 1 , · · · , X P .
Rec(X 1 , · · · , X P ) : With the shares X 1 , · · · , X P , the algorithm can recover the message m by computing with m = X 1 + · · · + X P under group G.

Additive homomorphic encryption scheme
To reduce the communication cost of the LightCom, we used an Additive Homomorphic Encryption (AHE) scheme as the basis. Specifically, we use one of the AHE support threshold decryption called Paillier Cryptosystem Distributed Decryption (PCDD) in our previous work which contains six algorithms called Key Generation (KeyGen), Data Encryption (Enc), Data Decryption (Dec), Private Key Splitting (KeyS), Partially decryption (PDec), Threshold decryption (TDec). The plaintext belongs to Z N and the ciphertext belongs to Z N 2 . The construction of the above algorithms can be found in Supplementary Materials Section C. Here, we introduce the two properties of the PCDD as follows: With the two properties given above, we show that our PCDD have the polynomial homomorphism property, i.e., given [[ x 1 ]] , · · · , [[ x n ]] and a 1 , · · · , a n , it has

Mathematical function computation
In this section, we define the function which is used for data processing in our LightCom.
We define the deterministic multipleoutput multivariable function as follows: (I) A multipleoutput multivariable function F of v variables is a rule which assigns each ordered vector (x 1 , · · · , x v ) in D to a unique vector denoted (y 1 , · · · , y w ), denote (y 1 , · · · , y w ) ← F(x 1 , · · · , x v ). (II) The set D is called the domain of F. (III) The set {F (x 1 , · · · , x v )|(x 1 , · · · , x v ) ∈ D} is called the range of F.
Note that the deterministic multiple-output multivariable function is the general case of the deterministic multiple-output single-variable function (v = 1), deterministic single-output multivariable function (w = 1), and deterministic single-output single variable function (v = 1, w = 1). As all the functions used in our paper can be successfully executed by a polynomial deterministic Turing machine (See Supplementary materials Section A), we omit the word "deterministic" in the rest of the paper.

System model & privacy requirement
In this section, we formalize the LightCom system model, and define the attack model.

System model
In our LightCom system, we mainly focus on how the cloud server responds to a user request on outsourced computation in a privacy-preserving manner.

Attack model
In our attack model, the cloud is curious-but-honest party, which strictly follow the protocol, but are also interested in learning data belonged to the RUs. The UnS inside the cloud is transparency to both the cloud and the outsider passive attackers. Every TPU can provide a secure execution environment (a.k.a., TPU enclave) for a RU, which is secure against the other RU, the cloud, and outsider passive attackers. The inside non-challenge RUs and outside attackers can also be interested to learn challenge RU's data. Therefore, we introduce three active adversaries A * 1 , A * 2 , A * 3 , which can simulate the malicious actions corresponding to the outside attackers, non-challenge RUs, UnS, respectively. The goal of these adversaries is to get the challenge RU's plaintext or try to let the challenge RU get wrong computation result with the following capabilities: 1) A * 1 acts as the outside attacker that may eavesdrop on all communication links and CP's UnS, and try to decrypt the challenge RU's encrypted data. 2) A * 2 may compromise RUs, except for the challenge RU, to get access to their decryption capabilities, and try to guess all plaintexts belonging to the challenge RU. 3) A * 3 may compromise the TPU to guess plaintext values of all data shares sent from the UnS by executing an interactive protocol. Noting that the above adversaries A * 1 , A * 2 , A * 3 are restricted from compromising (i) all the TPUs concurrently 9 , and (ii) the challenge RU.

Basic privacy preserving computation protocols
In this section, we introduce our general design method of the mathematical function for LightCom. Moreover, the dynamic private/data share update without the participation of the DO are also introduced.

The LightCom design method for the single functions
Our LightCom achieves the user data's privacy during the efficiency in the outsourced cloud with three-dimensional protection: 1) secure storing in the untrusted cloud storage; 2) secure processing in TPUs against side-channel attack; 3) efficient and dynamic outsourced key and data shares updating. Specifically, to outsource the data to the cloud, the RU first initializes the system, uses the RU's public key to encrypt the data, and outsources these encryptions and the system parameters to UnS for storage. To achieve the second-dimensional protection, our Light-Com uses the data sharing-based secure computation method between TPUs, which can resist the side-channel attacks even the PPCD ciphertexts are decrypted. After finishing the processing, the data are sent back to UnS for further processing to complete the corresponding functionality defined in the program, and the enclaves in TPUs are released. Moreover, to tackle the leaked private key and data shares, all the TPUs can jointly update these shares without the help of RU. Thus, the LightCom can classify into the following four phases.
1) System Initialize Phase: Firstly, the RU generates a public key pk and private key is sk of appropriate public key crypto-system, and then splits the private key sk into P shares sk i (i = 1, · · · , P) with the Share algorithm. After that, for each TPU i in the cloud, it initials an enclave i, builds a secure channel, and uploads the sk i to the enclave i securely. Finally, the TPU i uses the data sealing to securely stored the pk, sk i in to UnS.
2) Data Upload Phase: In the phase, the RU randomly separates the data x j,1 , · · · , x j,P ∈ G, such that x j,1 + · · · + x j,P = x j for j = 1, · · · , v. Then, the TPU i (i = 1, · · · , P) creates the enclave i. After that, the RU defines the program C i for some specific computation function, builds a secure channel with TPU enclave i, remotely loads x 1,i , · · · , x v,i , C i into the enclave i, and securely seals 3) Secure Computation Phase: The goal of the phase is to achieve the secure computation among the TPUs according to the user-defined program C i . Thus, it works as follows: • (3-I) Each TPU i generates an enclave i. After that, all the TPUs build a secure channel with each other. Load sealed data x 1,i , · · · , x v,i , pk, sk i , C i to enclave i from UnS, and denote them as S i . • (3-II) TPUs jointly compute (y 1,1 , · · · , y w,1 : · · · : y 1,P , · · · , y w,P ) ← GenCpt(S 1 : · · · : S P ) according to the user-defined program C 1 , · · · , C P 10 . • (3-III) All the TPUs jointly update the private key shares and data shares dynamically.
After the above computation, the TPU i seals y 1,i , · · · , y w,i into the UnS, and releases the enclave. 4) Data Retrieve Phase: If the RU needs to retrieve the computation results from the cloud, the TPU i creates an enclave i, opens the sealed data y 1,i , · · · , y w,i , builds a secure channel with the RU, and sends the data shares back to RU. Once all the shares are sends to RU, the RU computes y j = P i=1 y j,i for j = 1, · · · , w.

The LightCom Design for Combination of the Functions
Our LightCom can support for single data outsourced with multiple function operations. The procedure is as follows: 1) System Initialize Phase: Same to the LightCom with single function in "The LightCom design method for the single functions" section.
3) Secure Computation Phase: The goal of the phase is to achieve the secure computation among the TPUs according to the user-defined program C t,i for function t (t = 1, · · · , ζ ). Thus, for each step t, the phase works as follows: • (3-I) Each TPU i generates an enclave i. After that, all the TPUs build a secure channel with each other. Load sealed data x 1,t,i , · · · , x v,t,i , pk, sk i , C 1,i , · · · , C ζ ,i to enclave i from UnS, and put them in a set E t,i . • (3-II) TPUs jointly compute (y 1,t,1 , · · · , y w,t,1 : · · · : y 1,t,n , · · · , y w,t,P ) ← GenCpt(E t,i : · · · : E t,i ), according to the user-defined program C 1,i , · · · , C ζ ,i . • (3-III) All the TPUs jointly update the private key and data shares. If t = ζ , the TPU i seals y 1,ζ ,i , · · · , y w,ζ ,i into the UnS, release the enclave. Otherwise, move to (3-IV) for further computation.
x v,t+1,i into the UnS, release the enclave, and move to (3-I) for next step computation.
After the t step is finished, the TPU i seals the set E j into the UnS, and releases the corresponding enclave. 4) Data Retrieve Phase: After the computation, TPU i new an enclave i, opens the sealed data y 1,ζ ,i , · · · , y w,ζ ,i , builds a secure channel with the RU, and sends these data back to the RU. Once all the TPU's data are sent, the RU computes the result y j,ζ = P i=1 y j,ζ ,i for step ζ (j = 1, · · · , w) to get the final results.

General secure function computation algorithm (GenCpt)
As the key component of the LightCom, the General Secure Function Computation Algorithm (GenCpt) are proposed to achieve the secure deterministic multipleoutput multivariable function F computation which is introduced in definition 1. Assume TPU i (i = 1, · · · , P) holds x 1,i , · · · , x v,i , GenCpt can securely output y 1,i , · · · , y w,i for each TPU i, such that (y 1 , · · · , y w ) ← F(x 1 , · · · , x v ), where x j,1 + · · · + x j,P = x j and y k,1 + · · · + y k,P = y k for j = 1, · · · , v; k = 1, · · · , w. The GenCpt can be classified into offline/online stages and constructed as follows: Offline Stage: Each TPU i (i = 1, · · · , P) creates an enclave i, loads the sealed keys pk, sk i and program C i into the enclave from the UnS, builds a secure channel with the 11 Data share x j,t,i is for TPU enclave i for data j of function computation step-t.
other TPUs 12 . With the help of homomorphic cryptosystem, all the TPUs can collaboratively generate the shares of random numbers and put them into a set R i . Note the shares in set R i cannot be known by all the other TPUs during the generation. After the above computation, each TPU i seals the R i into the UnS, respectively.
Online Stage 13 For each TPU i (i = 1, · · · , P), loads the sealed random numbers set R i from offline stage into the enclave i. All the TPUs cooperatively compute and output the results where f i is the combination of +, × for Z N and ⊕, ∧ for Z 2 with specific functionality according to the program C i .

Private key share dynamic update
The private key shares are more sensitive and vulnerable, as the adversary can use the private key to decrypt the RU's data in the untrusted storage if the side-channel attack leaks all shares of the private key. Thus, we should frequently update the key shares in the TPU enclave. The intuitive idea is to let the RU choose a new private key, separate the new private key into different key shares, update these key shares in the different individual enclaves, and update all the ciphertext with the new key. However, the above strategy has the main drawback: the RU has to be involved in the private/public key update phase, which brings extra computation and communication costs. Thus, in this case, the RU needs to frequently generate and update the public/private keys, impractical. Therefore, we bring the idea of proactive secret sharing into the LightCom: keeps the public/private key unchanged, the TPU will periodicity refresh the key shares without the participation of the RU. Mathematically, to renew the shares at period t (t = 0, 1, 2, · · · ), we need to update the shares such that P i=1 sk Fig. 3 for example of private key update procedure with P = 3). The special construction is as follows: 1) Each TPU i(i = 1, · · · , P) creates an enclave i. After that, TPU i the builds a secure channel with TPU j's enclave (j = 1, · · · , P; j = i).
3) After received δ j,i , TPU i computes the new shares After that, 12 As offline stage of the secure computations needs to do TPU enclave initialization, we just omit the description in the rest of the section. 13 The input data x 1,i , · · · , x v,i ,, public key pk, private key shares sk i , and the program C i are loaded in the step of (3-I) of both "The LightCom design method for the single functions" and "The LightCom Design for Combination of the Functions" sections. TPU i erases all the variables which it used, except for its current secret key sk (t+1) i .

Data Shares Dynamic Update
As data shares need to load to TPU for processing, the shares can be leaked to the adversary by side-channel attack, and reconstruct the RU's original data. Thus, we also need to dynamically update data shares x The construction is same to the private key share update method in "Private key share dynamic update" section.

TPU-based basic data shares operations
In this section, we introduce some basic TPU-based data shares operations, which can be used as LightCom.

Data domain and storage format
Here, we introduce three the data group domain for LightCom: , and Z 2 = {0, 1}. As we use PCDD for offline processing and its plaintext domain is Z N , we define the operation x N which transforms data x from group Z N into the group D N , i.e., Moreover, the data x N in group D N can be directly transformed into group Z N with x = x N mod N. It can be easily verified that group D N and Z N are isomorphism.
To guarantee the security of secret sharing, two types of data shares are used in the LightCom, called integer share (belonged to Z N ) and binary share (belonged to Z 2 ). For the integer share separation, RU only needs to execute Share(m) described in "Additive secret sharing scheme (ASS)" section, such that m = m 1 + · · · + m P , where m, m 1 , · · · , m P ∈ D N . For the binary shares, RU executes Share(m), such that m = m 1 + · · · + m P , where m, m 1 , · · · , m P ∈ Z 2 . After that, RU securely sends integer share m i or binary shares m i to TPU i, and seals to UnS for securely storage.

System initial and key distribution
The LightCom system should be initialized before achieving the secure computation. Firstly, the RU executes KeyGen algorithm, and outputs public key pk = (N, g) and private key sk = θ. Then, the system uses KeyS to split key θ into P shares sk i = θ i (i = 1, · · · , P). After that, for each TPU i in the cloud, it initials an enclave i, builds a secure channel, and uploads the sk i to the enclave i securely. Beside, the RU's PCDD public key pk and program C i for the specific function F are needed to securely send to TPU i (i = 1, · · · , P). Finally, the TPU i securely seals the data pk, sk i , C i into UnS. As all the parameters need to load to the TPU enclaves along with the data shares according the specific functionality, we will not specially describe it in the rest of the section.

Secure distributed decryption algorithm (SDD)
Before executing the TPU-based operation, we first construct the algorithm called Secure Distributed Decryption (SDD), which allows all the TPUs to decrypt PCDD's ciphertext. Mathematically, if enclave in TPU χ contains the encryption [[ x]], the goal of SDD is to output x, which contains the following steps: 1) The TPU enclave χ establishes a secure channel with the other TPU enclave i(i = χ). Then, enclave χ sends [[ x]] to all the other enclave i.
2) Once received [[ x]], the TPU i uses PDec to get CT i , and securely sends CT i to enclave χ. 3) Finally, the TPU χ securely uses CT χ with TDec algorithm to get x.

Secure TPU-based data seal & UnSeal
As TPU enclaves only provide an isolated computing environment during the secure processing, the data in the TPU enclave needs to seal to UnS for long-term storage. Thus, we propose two algorithms called Seal and UnSeal to achieve. Seal whether the result is equal to S t,i . If the equation does not holds, the algorithm stops and outputs ⊥. Otherwise, the TPU i uses SDD to get the share x i .

Random shares generation
The secret sharing based privacy computation requires one-time random numbers for processing. Before constructing the TPU-based computation, we design a protocol called Random Tuple Generation Protocol (RTG). The goal of RTG is to let TPUs cooperatively generate random tuple r where is the bit-length of random number r ∈ D N . The RTG generates as follows: 1) The TPU 1 randomly generates r (1) , and sends these ciphertexts to TPU 2.

Share domain transformation Binary share to integer share transformation (B2I)
Suppose TPU i hold a bit share a i ∈ Z 2 , where a 1 ⊕ · · · ⊕ a P = s ∈ Z 2 , the goal of the protocol is to generate a random integer share b i ∈ Z N for each TPU i, such that b 1 + · · · + b P = s. To execute B2I, the TPU 1 randomly generates b 1 ∈ Z N , denotes x = b 1 and s = a 1 , encrypts and uses the SDD to decrypt and gets b P .

Integer share to binary share transformation (I2B)
Suppose TPU i hold an integer share a i ∈ Z N , where a 1 + · · · + a P = s ∈ Z 2 , the goal of the I2B protocol is to generate a random bit share b i ∈ Z 2 for each TPU i, such that b 1 ⊕ · · · ⊕ b P = s. To execute I2B, the TPU 1 lets y = a 1 , encrypts y as [[ y]], and sends the ciphertext to TPU 2 for computation. After that, the TPU i (i = 2, · · · , P) uses the share to compute [[ y] , and each TPU i (i = P, · · · , 2) generates b i ∈ Z 2 and computes

TPU-based secure outsourced computing toolkits in the cloud
In this section, we introduce and construct the commonly used secure outsourced binary and integer computation sub-protocols for a single cloud.

Secure bit multiplication protocol (SBM)
The SBM can achieve plaintext multiplication on bit shares and output bit shares, i.e., given two shares x i , y i ∈ Z 2 (i = 1, · · · , P) for TPU i as input, SBM securely outputs After the above computations, enclave i (i = P, · · · , 2) randomly generates c i ∈ Z N and computes [[ c] When the TPU 2 sends [[ c]] to TPU 1, the TPU 1 uses SDD to get c and denotes as c 1 ← c. After the above computations, each enclave holds a i , b i , c i , which satisfies a 1 ⊕ · · · ⊕ a P = a, b 1 ⊕ · · · ⊕ b P = b, c 1 ⊕ · · · ⊕ c P = c and c = a ∧ b. Finally, each TPU i seals a i , b i , c i to UnS for storage individually.
Online Stage: For each TPU i (i = 1, · · · , P), load the Securely send X i and Y i to other enclave j (j = 1, · · · , P; j = i). After receiving other X j and Y j , each TPUs computes X = Here, we denote the protocol as f ← SBM( x , y ).

Secure bit-wise addition protocol (BAdd)
The BAdd describes as follows: the TPU i holds bit shares a i of bit-length integer a and r ( ) i of bit-length integer r. The goal is to compute y The idea is easy and simple: use the binary addition circuit to achieve the addition, i.e, compute the integer addition as y (j) = a (j) ⊕ r (j) ⊕ c (j) and c (j+1) = (a (j) ∧ r (j) ) ⊕ ((a (j) ⊕ r (j) ) ∧ c (j) ) for j = 1, · · · , . The procedure of BAdd works as follows: 1) For each TPU i (i = 1, · · · , P) and each bit position j = 1, · · · , , all the TPUs jointly compute d i and e (j) ← SBM( a (j) , r (j) ). After using the computation of SBM, it indeed computes e (j) = a (j) ∧ r (j) .

Secure multiplication protocol (SM)
The SM achieves integer multiplication over integer shares, i.e., given shares x i , y i (i = 1, · · · , P) for TPU i as input, SM securely outputs f i for TPU i, such that P i=1 f i = x · y, where data shares x i , y i satisfy x = P i=1 x i and y = P i=1 y i . Offline Stage: All the TPUs initialize their enclaves and load the public parameters to the UnS. Then, for the enclave 1, it generates a 1 , b 1 ∈ D N , computes z = a 1 · b 1 , encrypts After the computation, for i = P, · · · , 2, TPU enclave i generates c i ∈ D N and computes [[ c] After the computation, the TPU 2 sends [[ c]] to TPU 1. Then, TPU 1 uses SDD to get c and denotes the final result c N as c 1 . After the above computation, each enclave hold a i , b i , c i , such that a 1 + · · · + a P N = a N , b 1 + · · · + b P N = b N , c 1 + · · · + c P N = c N and c = a · b mod N. After the computation, each TPU enclave i seals a i , b i , c i to UnS for storage individually. Online Stage: TPU i loads the a i , b i , c i into the enclave i. Then, compute X i = x i − a i and Y i = y i − b i . Securely send X i and Y i to other enclave j (j = 1, · · · , P; j = i). After receiving other X j and Y j , the each TPU i computes X = P i=1 X j and Y = P i=1 Y j . After that, for each TPU i (i = 1, · · · , P − 1), compute f i ← c i + b i X + a i Y N . For TPU P, compute f P ← c P +b P X +a P Y +X ·Y N . Here, we denote the protocol as f ← SM( x , y ).

Secure Monic monomials computation (SMM)
The SMM protocol can achieve monic monomials computation over integer shares, i.e., given a share x i (i = 1, · · · , P) and a public integer number k for TPU i as input, SMM securely outputs f i for TPU i, such that The construction of the SMM is list as follows: Denote k as binary form k , · · · , k 1 . Initialize the share f i ← x i for each TPU i. For j = − 1, · · · , 1, compute f * ← SM( f , f ).
Here, the algorithm outputs f and denotes the protocol as f ← SMM( x , k).

Secure binary exponential protocol (SEP 2 )
The SEP 2 can achieve exponential over binary shares with a public base, i.e., given a binary share x i ∈ Z 2 (i = 1, · · · , P) and a public integer β for TPU i as input 14 , SEP 2 securely outputs an integer share f i ∈ Z N for TPU i, such that P i=1 f i = β x , where x = P i=1 x i . Offline Stage: All the TPUs initialize their enclaves and load the public parameters to the UnS. Then, for the enclave 1, it generates a 1 ∈ Z 2 , encrypts a 1 as [[ a 1 ]], and lets it be [[ a]]. After that, enclave i (i = 1, · · · , P − 1) sends [[ a]] to enclave i + 1, TPU i + 1 generates a i+1 ∈ Z 2 , computes After the computation, for i = P, · · · , 2, TPU i gener- After the computation, the TPU 2 sends [[ b]] and [[ b * ]] to TPU 1, and TPU 1 uses SDD to get b, b * and denote them as b 1 and b * 1 , respectively. After the above computation, each TPU i holds a i , b i , which satisfies a 1 ⊕· · ·⊕a P = a, b 1 +· · ·+b P = β a , b * 1 +· · ·+b * P = β 1−a . After the computation, each TPU i seals a i , b i to UnS for storage individually. 14 β is a small positive number which satisfies gcd(β, N) = 1.
Online Stage: TPU i loads the data share x i and random shares a i , b i into the its enclave. Then, TPU i locally computes X i = x i ⊕ a i . Securely send X i to other enclave j (j = 1, · · · , P; j = i). After receiving other X j , each TPU i locally computes X = Here, we denote the protocol as f ← SEP 2 ( x , β).

Secure integer exponential protocol (SEP)
The SEP can achieve exponential over integer shares with a public base, i.e., given an integer share x i ∈ D N (i = 1, · · · , P) and a public integer β for TPU i as input, SEP securely outputs shares f i ∈ D N for TPU i, such that The SEP outputs f , and we denote the protocol as f ← SEP( x , β).

Secure comparison protocol (SC)
The SC can securely compute the relationship between integer u and v, where each TPU i holds shares u i and v i , where u = u 1 + · · · + u P , v = v 1 + · · · + v P . The construction of SC is listed as follows: i) Each TPU i (i = 1, · · · , P) locally computes w i = u i − v i . After that, all TPUs jointly compute ( w 1 , · · · , w P ) ← BExt(w 1 , · · · , w P ).
ii) As we use twos complement binary representation, the most significant digit of u − v will reflect the relationship between the u and v. After the above computation, TPU i outputs w

Secure equivalent protocol (SEQ)
The goal of secure equivalent protocol SEQ is to test whether the two values u, v are equal or not by giving the shares of the two values u , v . Mathematically, given two shares u and v , SEQ (Liu et al. 2016a) outputs the shares f i for each TPU i (i = 1, · · · , P) to determine whether the plaintext of the two data are equivalent (i.e. test u . The SEQ is described as follows: i) All the TPUs jointly calculate ii) For each TPU i, it computes f i = t * 1,i ⊕ t * 2,i locally, and outputs f i ∈ Z 2 .

Secure minimum of two number protocol (Min 2 )
The TPU i (i = 1, · · · , P) stores shares x and y of two numbers x and y, The Min 2 protocol outputs share B of minimum number B, s.t., B = min(x, y). The Min 2 is described as follows: i) All the TPUs can jointly compute ii) The TPU i computes locally and outputs B i = y i − Y i + X i .

Secure minimum of H numbers protocol (Min H )
The goal of Min H is to get the minimum number among H numbers. Given the shares x 1,i , · · · , x H,i for TPU i, the goal is to compute the share x * i for TPU i such that x * stores the minimum integer value among The Min H executes as follows: Each TPU i puts x 1,i , · · · , x H,i into a set S i . If L(S i ) = 1, the share remaining in L(S i ) is the final output. Otherwise, the protocol is processed according to the following conditions.
• If L(S i ) mod 2 = 0 and L(S i ) > 1, 1) set S i ← ∅; 2) for j = 1, · · · , L(S i )/2, compute and add x j,i to the set S i ; 3) clear set S i and let S i ← S i .
• If L(S i ) mod 2 = 0 and L(S i ) > 1, take out the last tuple x L(S i )−1,i from set S i s.t., L(S i ) mod 2 = 0. Run the above procedure (L(S i ) mod 2 = 0 and L(S i ) > 1) to generate set S i . Put x L(S i )−1,i into a set S i and denote S i ← S i .
After computation, each set S i in TPU i only contains one element and we denote it as x * i . Thus, we denote the protocol as x * ← Max H ( x 1 , · · · , x H ).

Security extension of integer computation
The above secure computation only considers data privacy. Two types of information can be leaked to the adversary: 1) the access pattern of function's input, and 2) the access pattern of RU's result retrieve. Here, we give two security extensions to achieve access pattern hiding and private information retrieval, respectively.

Achieve input access pattern hiding (APH)
As data are directly sealed in the UnS, the adversary may analysis the access pattern of UnS without knowing the function's input. Suppose the system contains H data x * 1 , · · · , x * H ∈ D N . The data shares x j,i are hold by each TPU i (j = 1, · · · , H; i = 1, · · · , P), such that x j,1 + · · · + x j,P = x * j . To achieve access pattern hiding, the homomorphic property of PCDD can be used. Specifically, the RU uploads [[ a 1 ]] , · · · , [[ a H ]] to each TPU i, s.t., for a specific 1 ≤ γ ≤ H, it has a γ = 1, and other j = γ and 1 ≤ j ≤ H, it holds a j = 0. Then, the goal of the algorithm is to securely select the shares of x γ ,j from the input shares, and constructs as follows: 1) Obviously select encrypted shares. Each TPU initializes an enclave. Then, for each TPU i (i = 1, · · · , P), compute for TPU i. Without any share update, the adversary can still know the access pattern once the ciphertexts are decrypted. Thus, all the shares should be dynamically updated before the decryption.
The TPU i picks random numbers δ i,1 , · · · , δ i,P ∈ Z N such that δ i,1 + · · · + δ i,P = 0 mod N, and then encrypts δ i,j and sends [[ δ i,j ]] to TPU enclave j. Once all the update shares are received, TPU i computes Finally, each TPU i uses the SDD to get b * i and denotes b * i N as the final share output.

Achieve private information retrieve (PIR)
If the computation results are needed, the RU will let the TPU send the data shares back via a secure channel. However, if one of the TPU has been compromised, the adversary will know the retrieve access pattern even if the data are encrypted. Suppose the system contains H data x * 1 , · · · , x * H ∈ D N . The data share x j,i are hold by each TPU i (j = 1, · · · , H; i = 1, · · · , P), such that x j,1 + · · · + x j,P = x * j . Thus, to achieve the private information retrieve, the RU uploads [[ a 1 ]] , · · · , [[ a H ]] to each TPU, s.t., for a specific 1 ≤ γ ≤ H, it has a γ = 1, and other j = γ , 1 ≤ j ≤ H, it holds a j = 0. The goal of PIR is to let RU privately retrieve x γ . Then, the algorithm computes among all TPUs as follows: 1) For each TPU i, compute is sent from TPU i to i + 1. Finally, RU uses the Dec to get the b * , and denotes x γ ← b * N as final output.

Secure floating point number computation Data format of floating-point number
To achieve the real number storage and computation, we can refer to the IEEE 754 standard to use Floating-Point Number (FPN) for real number storage. To support the LightCom, we change the traditional FPN and describe the FPN by four integers: 1) a radix (or base) β ≥ 2; 2) a precision η ≥ 2 (roughly speaking, η is the number of "significant digits" of the representation); 3) two extremal exponents e min and e max such that e min < 0 < e max . A finite FPNâ in such a format is a number for which there exists at least one representation two-tuple (m, e) with public parameters β, η, e min , e max , such that, • m is an integer which satisfied −β η + 1 ≤ m ≤ β η − 1. It is called the integral significand of the representation of x; • e is an integer such that e min ≤ e ≤ e max , called the exponent of the representation of a.
As only the significand and exponent contains sensitive information, we assume all the FPNs have the same public base β = 10, and use the fix bit-length to store the integer m. Thus, to achieve the secure storage, the RU only needs to random share theâ intoâ 1 = (m 1 , e 1 ), · · · ,â P = (m P , e P ), and sendsâ i to TPU i for storage, respectively.
For the secure FPN computation, if all the FPNs are transformed with the same exponential, we can directly use secure integer computation methods introduced in "TPU-based secure outsourced computing toolkits in the cloud" section. Thus, the critical problem to achieve secure FPN computation is how to allow all the FPNs securely transformed with the same exponential. Here, we first construct an algorithm called Secure Uniform Computation (UNI) and then achieve the commonly-used FPN computations.

Computation transformation
The secure floating-point number computation can be transformed into the secure integer computation protocols with the usage of UNI. Formally, given FPN shares â j = ( m j , e j ), (for j = 1, · · · , H), we can first compute where â * j = ( m * j , ê * ). Then, where SIF denote secure integer computation protocol designed in "TPU-based secure outsourced computing toolkits in the cloud" section, and y * 1 , · · · , y * ζ can be either integer shares or binary shares according to the function type. If the SIF is the SC and SEQ, then the SIF output the binary share y * as the final output, and we denote these two algorithms as secure FPN comparison (FC) and secure FPN equivalent test protocol (FEQ). If the SIF is the SM, SMM, Min 2 and Min H , then the SIF outputs the integer share y * , and denotes ŷ * = ( y * , e * ) as the secure FPN's output, and we denote above four algorithms as secure FPN multiplication (FM), secure FPN monic monomials computation (FMM), secure minimum of two FPNs protocol (FMin 2 ), and secure minimum of H FPNs protocol (FMin H ), respectively. Specifically, for the multiple FPN addition (FAdd), given FPN shares â j = ( m j , e j ), (for j = 1, · · · , H), we can first compute â * 1 , · · · , â * H with the UNI, where â * j = ( m * j , e * ). Then, compute y * ← H j=1 m * j and denote the final FPN addition result as ŷ = ( y * , e * ).

Secure extension for FPN computation
Similar to the secure integer computation, we have the three following extension for LightCom.
Access Pattern Hiding: As all the secure FPN computation can be transformed in to secure integer computation with the help of the UNI, we can also use the same method in "Achieve input access pattern hiding (APH)" section to achieve input access pattern hiding for the secure FPN computation.
Achieve Private FPN Retrieve: In out LightCom, one floating-point number is stored as two integer numbers. Thus, we can use the method in "Achieve private information retrieve (PIR)" section to privately retrieve integer for twice to achieve the private FPN retrieve.

Non-numerical data storage and processing
For the non-numerical data storage, the traditional character encodings with Unicode (Consortium and et al. 1997) and its standard Unicode Transformation Format (UTF) scheme is used which maps a character into an integer. Specifically, for secure storage, use UTF-8 to map the character into 32-bit number x, randomly splits x into x 1 , · · · , x P , such that x 1 + · · · + x P = x, and sends a i to TPU i for processing. In this case, all the non-numerical data processing can be transformed into secure integer computation which can be found in "TPU-based secure outsourced computing toolkits in the cloud" section. For the secure storage, each TPU i securely seals the share a i into the UnS with the algorithm Seal in "Secure TPU-based data seal & UnSeal" section. Once the data shares are needed for processing, TPUs need to use UnSeal algorithm to recover the message from UnS.

Extension of multiple user computation
All the secure computations in the previous section are designed for the single user setting, i.e., all the data are encrypted under a same RU's public key. If all RUs want to jointly achieve a secure computation, each RU j(j = 1, · · · , ψ) executes KeyGen to generate public key pk j and private key is sk j locally. Then, RU j uses KeyS to split key sk j into P shares sk j , and sends these shares to TPUs in the cloud. Assume RU j's ciphertext [[ x j ]] pk j is securely stored in UnS, TPUs can get data shares x j with UnSeal and achieve the corresponding secure computations GenCpt in Section 3 with these shares.

Security analysis
In this section, we first analyze the security of the basic crypto primitives and the sub-protocols, before demonstrating the security of our LightCom framework.

Analysis of basic crypto primitives The security of secret sharing scheme
Here, we give the following theorem to show the security of the additive secret sharing scheme.
Theorem 1 An additive secret sharing scheme achieves an information-theoretic secure when the P participants can reconstruct the secret x ∈ G, while any smaller set cannot discover anything information about the secret.
Proof The shares X 1 , · · · , X P are selected with random uniform distribution among P participants such that X 1 + · · · + X P = m ∈ G. Even the attacker A holds P − 1 shares, (s)he can only compute x = P−1 i=1 X i , where X i is selected from X 1 , · · · , X P . The element x is still protected due to the x = x +X P . Since random value X P is unknown for A, it leaks no information about the value x.
Theorem 2 A proactive additive secret sharing scheme achieves an information-theoretic secure if the scheme satisfies the following properties: I. Robustness: The newly updated shares correspond to the secret x (i.e., all the new shares can reconstruct the secret x). II. Secrecy: The adversary at any period knows no more than P shares (possible a different share in each period) learns nothing about the secret.
Proof The data shares X i,j = x which the robustness property hold. To guarantee the secrecy property, the data shares in time period t can achieve the information theoretic secure according to the Theorem 1. Even adversary can get P − 1 shares in each time period t (t ≤ t * ), the adversary can compute P t is the non-compromised share in time period t. The adversary A * still cannot get any information from x (1) , · · · , x (t * ) as δ (1) P 1 ,P 1 , · · · , δ (t * ) P t * ,P t * are independently and randomly generated and cannot be compromised by the adversary. Thus, the secrecy property holds.

The security of PCDD
The following theorem gives the security of our PCDD.
Theorem 3 The PCDD scheme described in "Additive homomorphic encryption scheme" section is semantically secure, based on the assumed intractability of the DDH assumption over Z * N 2 . Proof The security of PCDD has been proven to be semantically secure under the DDH assumption over Z * N 2 in the standard model (Bresson et al. 2003).

Security of TPU-based basic operation
Theorem 4 The RTG can securely generate random shares against adversary who can compromise at most P − 1 TPUs, assuming the semantic security of the PCDD cryptosystem.
Proof For each TPU i (0 ≤ i < P), only the PCDD encryption [[ r (1) ]] , · · · , [[ r ( ) ]] are sent to TPU i + 1. After that, PCDD encryption [[ r]] is sent from TPU i + 1 to i. According to semantically secure of the PCDD (Theorem 3), the TPU i + 1 cannot get any information from the ciphertext sent from TPU i. Even the adversary can compromise at most P − 1 TPUs and get the shares r (1) i , · · · , r ( ) i , r i , (s)he cannot get the secret r (1) , · · · , r ( ) , r due to r (1) P , · · · , r ( ) P , r P are unknown to adversary according to the security of Theorem 1.
The security proof of the secure share domain transformation in section, secure binary shares operation in section, secure integer computation, and secure FPN computation are similar to the proof of Theorem 4. The security of the above operations are based on the semantic security of the PCDD cryptosystem. Next, we will show that AHP and PIR can achieve its corresponding functionality.

Theorem 5
The AHP can securely achieve the access pattern hidden for the function input under the semantic security of the PCDD cryptosystem.
Proof In the select share phase, all a 1 , · · · , a H are selected and encrypted by RU, and are sent to TPUs for processing. The adversary cannot know the plaintext of the ciphertext due to the semantic security of PCDD. Also, the shares are dynamically updated by computing b * i ← b i + δ 1,i + δ 2,i + · · · + δ P,i mod N. As δ j,i is randomly generated by TPU i and is sent from TPU j to TPU i. It is hard for the adversary to recover b i ; even the adversary compromises the other P − 1 TPUs due to the secrecy of Theorem 2. Thus, it is still impossible for the adversary to trace the original shares with the update shares, which can achieve the access pattern hidden.

Theorem 6
The PIR can securely achieve the private information retrieve under the semantic security of the PCDD cryptosystem.
Proof In PIR, all a 1 , · · · , a H are selected and encrypted by RU, and sent to TPUs for processing. After that, [[ b * ]] is transmitted among TPUs. As all the computations in the PIR are executed in the ciphertext domain, the adversary cannot know the plaintext of the ciphertext due to the semantic security of PCDD, which can achieve private information retrieval.

Security of LightCom
Theorem 7 The LightCom is secure against side-channel attack if t c +t p +t d < P ·t a , where t c , t p and t d are the runtime of secure computation GenCpt, private key update, and data share update, respectively; t a is the runtime for attacker successfully compromising the TPU enclave; P is the number of TPUs in the system. Proof In the data upload phase, RU's data are randomly separated and uploaded to TPUs via a secure channel. According to Theorem 1, no useful information about the RU's data leaked to the adversary by compromising P − 1 TPUs enclaves. For the long-term storage, the data shares are securely sealed in the UnS with PCDD cryptosystem. With the Theorem 3, we can find the encrypted data shares are semantically secure stored in the UnS.
In the secure online computing phase, all the ciphertexts are securely loaded to the TPUs with UnSeal. Then, all the TPUs jointly achieves the secure computation with the GenCpt. During the computing phase, the system attacker can launch the following three types of attacks: 1) compromise the TPU enclave: the adversary can compromise a TPU enclave to get current data shares and private key shares with the time t a ; 2) store the old private key shares: the adversary tries to recover the RU's private key with current and old private key shares. 3) store the old data shares and try to recover the RU's original data: the adversary tries to recover the RU's data with current and old data shares. To prevent the first type of attack, RU separates and distributes his/her own data among P TPUs. Unless the adversary can compromise all the TPU enclaves at the same time, A can get nothing useful information from compromised shares according to Theorem 1. Thanks to the secrecy property of a proactive additive secret sharing scheme in Theorem 2, it is impossible for the adversary to recover the private key and RU's data by getting P − 1 TPUs at each time period. As the TPU enclaves are dynamically released after the computation, the attacker needs to restart to compromise the TPU enclaves after the enclaves are built for secure computation.
Thus, the adversary fails to attack the LightCom system if the data shares are successful seals in the UnS, and all the TPU enclaves are released before the adversary compromises all the enclaves in the secure computation phase. In this case, the LightCom is secure against adversary side-channel attack if t c + t p + t d < P · t a .

Evaluations
In this section, we evaluate the performance of LightCom.

Experiment analysis
For evaluating the performance of the LightCom, we build the framework with C code under the Intel Software Guard Extensions (SGX) environment as a particular case of TPU 15 . The experiments are performed on a personal computer (PC) with a 3.6 GHz single-core processor and 1 GB RAM (we use the single-thread program) on a virtual machine with a Linux operation system. To test the efficiency of our LightCom, there are two types of metrics are considered, called runtime and security level (associate with PCDD parameter N). The runtime refers to the secure outsourced computation executing duration on the server or user's side in our testbed. The security level is an indication of the security strength of a cryptographic primitive. Moreover, we use SHA-256 as the hash function H(·) in LightCom. As the communication latency among CPUs is very low (use Intel UltraPath Interconnect (UPI) with 10.4 GT/s transfer speed and theoretical bandwidth is 20.8 GB/s) 16 , we do not consider the communication overhead as a performance metric in our LightCom.

Basic crypto and system primitive
We first evaluate the performance of our basic operation of cryptographic primitive (PCDD cryptosystem) and basic system operations (Seal, UnSeal and SDD protocol). We first let N be 1024 bits to achieve 80-bit security (Barker et al. 2007) to test the basic crypto primitive and basic protocol. For PCDD, it takes 1.153 ms to encrypt a message (Enc), 1.171 ms for Dec, 1.309 ms to run PDec, 5.209 μs to run TDec. For the basic system operations (See Fig. 4), it takes 1.317 ms for Seal, 1.523 ms for UnSeal, and 1.512 ms for SDD (P = 3). Moreover, Seal, UnSeal and SDD are affected by the PCDD parameter N and the number of TPUs P (See Fig. 4a and b respectively). From Fig. 4a and b, we can that the parameter N will significantly affect the runtime and communication overhead of the protocols.

Performance of TPU-based integer computation
Generally, four factors affect the performance of TPUbased integer computation: 1) the number of TPUs P; 2) the PCDD parameter N; 3) the bit-length of the integer ; 4) the number of encrypted data H (See Fig. 5). In Fig. 5a-e, we can see that the runtime of all the protocols increase with P. It is because more runtime is needed, and more data in the online phase and random numbers in the offline phase are required to process with extra parties. Also, we can see that the runtime of all the 15 Currently, Intel SGX is considered as the most practical and typical TEE. Thus, we use SGX as the TPU for testing the LightCom. Note that the LightCom is designed as a generic privacy computation framework and can be fit for any trusted execution environment. Any types of TPU can be used in the LightCom. 16 https://www.microway.com/knowledge-center-articles/performancecharacteristics-of-common-transports-buses/ TPU-based integer computations increase with the bitlength of N from Table 1. It is because the running time of the basic operations (Enc and Dec algorithms of PCDD) increases when N increases. Moreover, in Fig. 5f-k, the performance of RTG, SMM, BAdd, BExt, SEP, SC, SEQ, Min 2 , Min H , UNI are associated with . The computational cost of above protocols are increased with , as more computation resources are needed to process when increase. Finally, we can see that performance of APH and PIR are increased with H in Fig. 5l. It is because more numbers of PCDD ciphertexts cost more energy with the homomorphic and module exponential operations.

Performance of TPU-based FPN computation
For the basic TPU-based FPN computation, four factors affect the performance of LightCom: 1) the number of TPUs; 2) the PCDD parameter N; 3) the bit-length of the integer ; 4) the number of encrypted data H. The runtime trends of FPN computation protocols (e.g. FC, FEQ, FM, FMM, FMin 2 , FMin H ) are similar to the trends of corresponding secure integer computation (e.g. SC, SEQ, SM, SMM, Min 2 , Min H ), as the runtime of FPN computation is equal to the runtime of corresponding secure integer computation add the runtime of UNI.

Related work
Homomorphic Encryption. Homomorphic encryption allows third-party to do the computation on the ciphertext, which reflected on the plaintext, is considered as the best solution to achieve the secure outsourced computation. Gentry proposed the first construction of fully homomorphic encryption in 2009 under the ideal lattices, which permits the evaluation of arbitrary circuits over the plaintext (Gentry and et al. 2009). Later, some of the new hard problems (such as Learning With Errors (LWE) , Ring-LWE (Brakerski et al. 2014)) are used to construct the FHE which can greatly reduce the storage overhead and increase the performance of the homomorphic operations (Chillotti et al. 2016;. However, the current FHE solutions and libraries are still not practical enough for the real real-world scenarios (Doröz et al. 2015;Liu et al. 2017). Somewhat homomorphic encryption (Damgård et al. 2012;Fan and Vercauteren 2012) can allow semihonest third-party to achieve the arbitrary circuits with limited depth. The limited times of homomorphic operations restrict the usage scope of the application. Semihomomorphic encryption (SHE) can only support additive (Paillier 1999) (or multiplicative Gamal (1985)) homomorphic operation. However, with the help of the extra semi-honest computation-aid server, a new computation framework can be constructed to achieve commonly-used secure rational number computation (Liu et al. 2018a), secure multiple keys computation (Peter et al. 2013), and floating-point number computation (Liu et al. 2016b). The new framework can greatly balance the security and efficiency concerns; however, the extra server will still complex the system, which brings more risk of information leakage.
Secret Sharing-based Computation. The user's data in secret sharing-based (SS-based) computation are separated into multiple shares with the secret sharing technique, and each share is located in one server to guarantee security. Multiple parties can work jointly together to securely achieve a computation without leaking the original data to the adversary. Different from the heavyweight homomorphic operation, the SS-based computation (Cramer et al. 2000;Chen and Cramer 2006;Chida et al. 2018) can achieve the lightweight computation. Despite the theoretical construction, many realword computation are constructed for practical usage, such as SS-based set intersection (Dong et al. 2013), top-k computation (Burkhart and Dimitropoulos 2010) and k-means ). These basic computations can be used to solve data security problem in data mining technique, such as deep learning (Huang et al. 2019). Emekçi et al. (Emekçi et al. 2007) proposed a secure ID3 algorithm to construct a decision tree in a privacy-preserving manner. Ma et al. (Ma et al. 2019) constructed a lightweight privacy-preserving adaptive boosting (AdaBoost) for the face recognition. The new secure natural exponential and secure natural logarithm which can securely achieve the corresponding computation to balance accuracy and efficiency. Although many of the privacy-preserving data mining techniques with secret sharing are constructed (Ge et al. 2010;Gheid and Challal 2016), the SS-based computation still needs to build a secure channel among these parties. Moreover, the high communication rounds among the computation parties still become an obstacle for a large-scale application.
Intel Software Guard Extensions. Intel SGX is a kind of TEE which provides strong hardware-enforced confidentiality and integrity guarantees and protects an application form the host OS, hypervisor, BIOS, and other software. Although an increasing number of realworld industry applications are securely executed in the untrusted remote platforms equipped with SGX, the SGX still faces the side-channel attack to expose the information during the computation. Götzfried et al. (2017) proposed a new attack called root-level cache-timing attacks which can obtain secret information from an Intel SGX enclave. Lee et al. (2017) gave a new side-channel attack cannled branch shadowing which reveals fine-grained control flows in a SGX enclave. Van Bulck et al. (2017) constructed two novel attack vectors that infer enclaved memory accesses. Chen et al. (2018) presented a new attack call SGXPECTRE that can learn secrets inside the enclave memory or its internal registers. Currently, three types of solutions are used to protect the side-channel attack: hardware method (Domnitser et al. 2012;Costan et al. 2016), system method (Liu et al. 2016c;Zhou et al. 2016), and application method (Coppens et al. 2009;Shih et al. 2017). These methods can only guarantee some dimension of protection, and cannot be used for all-directional protection even against the unknown sidechannel attack. We list all the current main methods in Table 2 for detailed comparison.

Conclusion
In this paper, we proposed LightCom, a framework for practical privacy-preserving outsourced computation framework, which allowed a user to outsource encrypted data to a single cloud service provider for secure data storage and process. We designed two types of outsourced computation toolkits, which can securely guarantee the achieve secure integer computation and floating-point computation against sidechannel attack. The utility and performance of our LightCom framework were then demonstrated using simulations. Compared with the existing secure outsourced computation framework, our LightCom takes fast, scalable, and secure outsourced data processing into account.
As a future research effort, we plan to apply our Light-Com in specific applications, such as the e-health cloud system. It allows us to refine the framework to handle more complex real-world computations.