A Comment on Privacy-Preserving Scalar Product Protocols as proposed in "SPOC"
This is an incremental comment that identifies a critical flaw in a widely used protocol, affecting secure computation applications.
The paper demonstrates that Lu et al.'s privacy-preserving scalar product protocol is insecure, describing specific attacks and proving its inherent insecurity using impossibility results, without proposing a fix.
Privacy-preserving scalar product (PPSP) protocols are an important building block for secure computation tasks in various applications. Lu et al. (TPDS'13) introduced a PPSP protocol that does not rely on cryptographic assumptions and that is used in a wide range of publications to date. In this comment paper, we show that Lu et al.'s protocol is insecure and should not be used. We describe specific attacks against it and, using impossibility results of Impagliazzo and Rudich (STOC'89), show that it is inherently insecure and cannot be fixed without relying on at least some cryptographic assumptions.