Privacy-Preserving QGen Protocol

• The protocol achieves end-to-end encrypted projected dual ascent for strictly convex quadratic programs using Paillier and DGK methods.
• It ensures simulation-based composable security in a semi-honest model with encrypted inputs that remain computationally indistinguishable from random.
• The methodology integrates secure iterative gradient computation and multi-party protocols, balancing privacy guarantees with computational efficiency.

Privacy-preserving QGen denotes a cloud-based protocol for quadratic optimization in distributed control systems where sensitive inputs must remain confidential, blending projected gradient ascent with additively homomorphic encryption and secure multi-party computation. The approach ensures that private data held by multiple parties is computationally indistinguishable from random, aside from what can be inferred through prescribed inputs and outputs, as formalized via simulation-based composable security in the semi-honest model. The protocol achieves end-to-end encrypted projected dual ascent for strictly convex quadratic programs with linear constraints, utilizing the Paillier cryptosystem and DGK secure comparison methods (Alexandru et al., 2018).

1. Mathematical Formulation and Lagrange Dual Structure

The protocol targets strict convex quadratic programs of the form

$$\text{(Primal)} \quad \min_{x \in \mathbb{R}^n} \frac{1}{2}\|x\|_Q^2 + c^T x,\quad \text{subject to}~Ax \leq b,$$

with $Q \in S^{n}_{++}$, $A \in \mathbb{R}^{m \times n}$, $b \in \mathbb{R}^m$, and $c \in \mathbb{R}^n$. Provided Slater’s condition, strong duality is assured. The associated Lagrange dual problem is

$$\text{(Dual)} \quad \max_{\mu \geq 0}~ g(\mu) = -\frac{1}{2}(A^T \mu + c)^T Q^{-1}(A^T\mu + c) - \mu^T b,$$

with dual gradient

$\nabla g(\mu) = -A Q^{-1}(A^T \mu + c) - b,$

and primal solution $x^* = -Q^{-1}(A^T \mu^* + c)$ at the dual optimum $\mu^*$ (Alexandru et al., 2018).

2. Encrypted Dual Projected Gradient Ascent

Projected gradient ascent is implemented by iterating

$$\mu_{k+1} = P_{\geq 0}\Big( \mu_k + \eta \nabla g(\mu_k) \Big),$$

where $P_{\geq 0}$ applies coordinatewise projection $a_{i} \mapsto \max(0, a_{i})$, and $\eta > 0$ is typically set as $\eta = 1/\lambda_{\max}(A Q^{-1} A^T)$. Linear convergence ensues when $A Q^{-1} A^T$ is positive definite. All vector arithmetic is performed in Paillier-encrypted form, denoted $[[\cdot]]$ (Alexandru et al., 2018).

At each iteration, encrypted agent inputs $[[b]]$, $[[c]]$ are held by the cloud alongside $[[\mu_k]]$. The cloud computes

• $[[\nabla g(\mu_k)]]$ $=$ $$(-A Q^{-1} A^T) \otimes [[\mu_k]] \oplus (-A Q^{-1}) \otimes [[c]] \oplus (-1) \otimes [[b]]$$
• $$[[\bar{\mu}_k]] = [[\mu_k]] \oplus \eta \otimes [[\nabla g(\mu_k)]]$$

where $\otimes$ and $\oplus$ denote homomorphic scalar multiplication and addition, respectively, under Paillier (Alexandru et al., 2018).

3. Homomorphic Cryptosystem and Secure Subroutines

Encryption employs Paillier keys $(pk,sk)$ with semantic security; for message $m \in \mathbb{Z}_N$, ciphertext is $[[m]] = g^m r^N \pmod{N^2}$. Homomorphic operations support:

• Addition: $[[a]] \oplus [[b]] = [[a+b \bmod N]]$
• Scalar multiplication: $k \otimes [[a]] = [[k a \bmod N]]$

Additionally, one-time-pad masking $E'(x; s) = x + s \bmod M$ (with random $s$) offers statistical privacy (Alexandru et al., 2018).

The critical non-linear projection step is performed in encrypted domain using multi-party protocols:

• Protocol 1 (Randomization): Permutes $([[{\bar{\mu}}_i]], [[0]])$ randomly so parties cannot distinguish order.
• Protocol 2 (DGK Comparison): DGK cryptosystem allows the cloud and target to securely compare encrypted values; target learns bit $t_i = a_i \leq b_i$.
• Protocol 3 (Secure Update): Cloud blinds $a_i, b_i$, target re-encrypts the correct value (chosen by $t_i$), cloud unblinds to get $[[\mu_{k+1,i}]]$.

Each coordinate is updated securely, preventing leakage of unencrypted intermediate results (Alexandru et al., 2018).

4. Multi-party Protocol Workflow and End-to-End Flow

The protocol involves agents ($A_i$) supplying encrypted $[[b_i]], [[c_i]]$ to a non-colluding cloud ($C$) equipped with $Q, A$. The target ($T$) generates and distributes Paillier and DGK keys. Iterative protocol steps are:

1. Setup: Target creates keys; public parameters disseminated.
2. Input Encryption: Each agent encrypts $b_i,c_i$ under $pk$ and forwards to cloud.
3. Initialization: Cloud selects random $\mu_0$ and step-size $\eta$.
4. Encrypted Iterations: For $k=0,...,K-1$, cloud and target execute randomized comparison and update protocols for each coordinate.
5. Primal Reconstruction: Cloud computes $[[x^*]]$ using $[[\mu_K]]$, transmits to target, which decrypts (Alexandru et al., 2018).

All communications are authenticated. Parties are assumed semi-honest, i.e., honest-but-curious.

5. Simulation-based Privacy Definition and Security Analysis

Privacy is formalized using simulation-based security against semi-honest adversaries following Goldreich (2004): for any coalition $S$, there exists probabilistic polynomial time simulator $S_S$ yielding a view indistinguishable from the real protocol—given only coalition's private inputs and prescribed outputs.

• Messages exchanged between cloud and target are Paillier-encrypted or masked.
• Ciphertexts re-randomized at each iteration, preventing linkage across rounds.
• DGK comparison leaks only a single comparison bit $t_i$ per coordinate.
• Proofs detail indistinguishability conditioned on cryptosystem security and proper blinding, establishing two-party and agent-coalition security when cloud and target do not collude (Alexandru et al., 2018).

6. Computational and Communication Complexity

Let $n$ be problem dimension, $m$ constraints, $l$ bit-length, $\sigma$ Paillier key size. Per iteration, computational costs involve:

• $O(mn)$ scalar-encrypted multiplications, $O(m+n)$ ciphertext additions for dual gradient.
• $O(l)$ DGK comparisons per constraint, $O(1)$ Paillier ops for secure update.
• Three cryptographic/messaging rounds per iteration.

Communication per iteration is $O(m)$ ciphertexts (each $O(\sigma)$ size) between cloud and target. Total runtime scales with $K$ ($20$–$50$ iterations typical), $m$, and homomorphic cost (Alexandru et al., 2018).

A lightweight protocol variant omits secure comparison: cloud masks and sends $\bar{\mu}_k$ in plaintext (with random multiplier), target applies local $\max(\cdot,0)$, returns re-encrypted result. Privacy is reduced (target learns sign of $\bar{\mu}$), but resource overheads decrease to a single round and $O(m)$ ciphertexts/iter (Alexandru et al., 2018).

7. Pseudocode and Numerical Example

A stepwise protocol, labeled "Protocol 4: Privacy-Preserving QGen," covers setup, encryption, iteration, and reconstruction steps. A toy numerical example ($n=1$, $m=1$, $Q=[2]$, $A=[1]$, $b=3$, $c=1$) demonstrates encrypted gradient updates and secure comparisons over two rounds, resulting in correct encrypted decryption for $x^*$ (Alexandru et al., 2018).

Step	Main Operations	Privacy Guarantees
Input setup	Key generation, data encryption	Paillier/DGK semantic security
Iteration	Encrypted gradient eval, randomized compare/update	Masking, indistinguishability
Reconstruction	Encrypted output recovery, final decryption	Inputs not revealed

This tabular summary encapsulates the principal workflow and privacy features.

8. Limitations and Extensions

The protocol’s privacy holds against non-colluding parties and semi-honest adversaries, with cryptographic leakage bounded to comparison bits. A trade-off exists between privacy and computational efficiency in lightweight variants. Extending to malicious adversaries or reducing reliance on trust assumptions remains an open direction. Applications include large-scale distributed control, encrypted quadratic optimization, and other privacy-critical multi-agent settings (Alexandru et al., 2018).