TRUST: A Toolkit for TEE-Assisted Secure Outsourced Computation over Integers
Bowen Zhao, Jiuhui Li, Peiming Xu, Xiaoguo Li, Qingqi Pei, Yulong Shen
TL;DR
TRUST introduces a hybrid SOC framework that combines a $ (2,2) $-threshold Paillier cryptosystem with a single TEE-enabled cloud server to enable secure outsourced computation over integers. By integrating REE-TEE collaboration and an offline-online computation model, TRUST mitigates collusion risks inherent in multi-server MPC while achieving practical efficiency. The work further develops SEAT, a data trading application that enforces data-use rights and prevents data resale without exposing origin data. Experimental results show TRUST outperforms state-of-the-art twin-server schemes in both computation and communication, and SEAT attains Baseline-equivalent performance on LR tasks, indicating strong practical viability.
Abstract
Secure outsourced computation (SOC) provides secure computing services by taking advantage of the computation power of cloud computing and the technology of privacy computing (e.g., homomorphic encryption). Expanding computational operations on encrypted data (e.g., enabling complex calculations directly over ciphertexts) and broadening the applicability of SOC across diverse use cases remain critical yet challenging research topics in the field. Nevertheless, previous SOC solutions frequently lack the computational efficiency and adaptability required to fully meet evolving demands. To this end, in this paper, we propose a toolkit for TEE-assisted (Trusted Execution Environment) SOC over integers, named TRUST. In terms of system architecture, TRUST falls in a single TEE-equipped cloud server only through seamlessly integrating the computation of REE (Rich Execution Environment) and TEE. In consideration of TEE being difficult to permanently store data and being vulnerable to attacks, we introduce a (2, 2)-threshold homomorphic cryptosystem to fit the hybrid computation between REE and TEE. Additionally, we carefully design a suite of SOC protocols supporting unary, binary and ternary operations. To achieve applications, we present \texttt{SEAT}, secure data trading based on TRUST. Security analysis demonstrates that TRUST enables SOC, avoids collusion attacks among multiple cloud servers, and mitigates potential secret leakage risks within TEE (e.g., from side-channel attacks). Experimental evaluations indicate that TRUST outperforms the state-of-the-art and requires no alignment of data as well as any network communications. Furthermore, \texttt{SEAT} is as effective as the \texttt{Baseline} without any data protection.