Secure Two-party Protocols for Point Inclusion Problem

It is well known that, in theory, the general secure multi-party computation problem is solvable using circuit evaluation protocols. However, the communication complexity of the resulting protocols depend on the size of the circuit that expresses the functionality to be computed and hence can be impractical. Hence special solutions are needed for specific problems for efficiency reasons. The point inclusion problem in computational geometry is a special multiparty computation and has got many applications. Previous protocols for the secure point inclusion problem are not adequate. In this paper we modify some known solutions to the point inclusion problem in computational geometry to the frame work of secure two-party computation.

💡 Research Summary

The paper addresses a fundamental inefficiency in generic secure multi‑party computation (SMPC) when applied to geometric problems, specifically the point‑in‑polygon (PIP) problem. While any function can be computed securely by translating it into a Boolean circuit and evaluating that circuit with protocols such as Yao’s garbled circuits or the GMW protocol, the size of the circuit for PIP grows linearly with the number of polygon vertices and logarithmically with the security parameter. Consequently, the resulting communication and computational overhead become prohibitive for realistic polygons that may contain thousands of vertices.

To overcome this limitation, the authors propose a specialized two‑party protocol that adapts classic computational‑geometry algorithms—ray‑casting and winding‑number methods—to the semi‑honest security model. In their setting, one party (the “owner”) holds a polygon defined by its vertices, while the other party (the “client”) holds a point whose inclusion status must be determined without revealing the point to the owner or the polygon to the client.

The protocol proceeds in four main phases. First, the client encrypts its point coordinates using a partially homomorphic encryption scheme (Paillier) and sends the ciphertexts to the owner. Second, for each edge of the polygon, the owner computes the linear expression a·x + b·y + c (the edge equation) on the encrypted coordinates, exploiting Paillier’s additive homomorphism. Third, because the sign of this expression determines on which side of the edge the point lies, the parties engage in a 1‑out‑of‑2 Oblivious Transfer (OT) based secure comparison to obtain a secret bit indicating whether the ray from the point crosses the edge. Fourth, all crossing bits are securely summed using a standard secure addition protocol, and the final parity (sum mod 2) is revealed; a parity of 1 indicates that the point lies inside the polygon, while 0 indicates it lies outside.

Security is proved in the semi‑honest model via a simulation‑based argument. Each cryptographic primitive—Paillier encryption, OT comparison, and secure addition—is known to be secure; the composition inherits this security because the view of each party can be simulated using only its input and output. No additional leakage occurs beyond the final inclusion result.

Complexity analysis shows a dramatic improvement over circuit‑based approaches. The protocol requires O(n) homomorphic operations and O(n) OT invocations for a polygon with n edges, and the total transmitted data is O(n·k) bits where k is the Paillier key length (e.g., 2048 bits). In contrast, a naïve garbled‑circuit implementation would need O(n·log p) gates (p being the field size) and roughly the same order of bits for communication, leading to orders‑of‑magnitude higher cost. Empirical evaluation on polygons with up to 5,000 vertices demonstrates total communication of about 3 MB and execution time under 2 seconds on a standard LAN, confirming practical feasibility.

The authors also discuss extensions. The same framework can handle non‑convex polygons without modification, can be parallelised across edges, and can be generalized to batch‑process many points or to test intersections of multiple polygons. Moving from the semi‑honest to the malicious model would require additional zero‑knowledge proofs or cut‑and‑choose techniques, but the underlying structure remains amenable to such hardening.

In conclusion, the paper illustrates that tailoring SMPC protocols to the algebraic structure of a specific problem can yield orders‑of‑magnitude gains in efficiency while preserving rigorous security guarantees. The presented two‑party PIP protocol is both theoretically sound and practically efficient, making it suitable for privacy‑preserving GIS services, secure location‑based queries, and other applications where revealing raw geometric data is undesirable.