Secure two-party computation of solid triangle area and tetrahedral volume based on cloud platform

With the emergence and widespread application of cloud computing, the use of cloud platforms to solve the problem of secure multi-party computation has emerged as a new research direction. The traditional computation of a solid geometry is performed through mutual interactions between two parties, which is not suitable in an untrusted cloud computing environment. In this paper, we first design a basic protocol for a secure Euclidean distance calculation that is suitable for cloud platforms and can serve as a building block for other protocols on cloud platforms. Using the solution of the Euclidean distance problem as such a building block, we provide a new method that converts the problems of calculating solid triangular areas and solid tetrahedral volumes into the calculation of distances and determinants in three-dimensional space. Then, we discuss solid point-line distance calculations, which extent the idea of the spatial geometry security problem. We present protocols for the above problems and prove that the proposed protocols can resist conspiracy among users and the untrusted cloud platform so that they can effectively ensure the privacy of the users. We also analyze the performances of these solutions. The analysis results show that our scheme is more versatile.


Introduction
Secure multi-party computation is an important cryptographic primitive in the fields of modern cryptography and communication. In 1982, Yao et al. [1] raised the question of a millionaire. After in-depth research, Goldreich et al. theoretically proved that all SMC problems are solvable, and they proposed a universal solution [2] [3]. Subsequently, many researchers focused on the study of SMC and obtained a rich variety of research results [4] [5] [6] [7] [8] [9]. Some schemes have be used to solve problems such as electronic voting, organizing business flows, network data flows, position determination, and medical information [10] [11] [12] [13]. PLOS  With the rise of cloud computing applications, increasingly more users want to entrust cloud platforms to perform intersection computing on private information. For example, Bob has two mixtures ξ 1 and ξ 2 , which contain components M 1 , M 2 and M 3 . Alice needs a new mixture, ξ 3 , that contains components M 1 , M 2 and M 3 . With the cloud server, Alice wants to determine if she can produce this mixture from the two mixtures possessed by Bob. However, she does not want to disclose her needs. Similarly, Bob does not want to disclose the contents of his mixtures. This problem can be transformed into a secure two-party triangle area calculation problem based on cloud computing. Specifically, the participant uploads private data after processing to the cloud and then performs the computation required by the users with the cloud server. During the implementation, the cloud server does not obtain any private information of any participant. However, the cloud cannot be completely trusted because an adversary may perform improper actions through the cloud platform such as tampering with the sensitive data of the client or with the calculation results. How to perform computations concerning the allocation of mixtures with an untrusted cloud while protecting the user's privacy is a challenging problem.

Advantages of the scheme
In this paper, we move the traditional security computational geometry problem to the cloud platform, and we solve some solid geometry security problems. The main contributions of this study are as follows: (1). Designing a solution for the secure multiparty computation of the square of the Euclidean distance (SMC-SED) with a cloud platform. In this scheme, Boneh encryption and blind factor are used to protect the user's privacy. The benefit here is that the private user data participate in the subsequent calculation in the form of a ciphertext. Security and experimental analyses prove that our scheme can resist collusion between users and untrusted cloud platforms and is optimal. This solution is a building block and can be regarded as a new cloud computing technology.
(2). Focusing on the problem of triangular areas and that of tetrahedral volumes in threedimensional space, we propose corresponding solutions, the Secure multiparty computation of triangle area calculation (SMC-TA) protocol and the Secure multiparty computation of tetrahedral volume calculation (SMC-TV) protocol. These new schemes convert the solid triangular area problem and the solid tetrahedral volume problem into the calculation of distances and determinants based on (1). Unlike traditional solutions, the cloud server is introduced as a third party to complete the core computing of the protocols. Even if an adversary were to break into the cloud server or compromise one of the users, he would not be able to obtain Bob's private information. We prove the privacy-preserving property of these solutions using the security proof model, and we compare their performance with different schemes. The results show that our scheme is more versatile.
(3). Based on the secure multiparty computation solution for the triangle area computation, we solve the secure multiparty problem of the relationship between a point and a line and propose corresponding solutions. The security of this scheme is based on SMC-TA.

Related work
The general SMC based on cloud services. Maheshwari et al. [14] proposed SMC solution techniques that could be embedded while designing a cloud computing architecture, especially when multiple cloud users jointly compute some function on their private data inputs. Kamara et al. [15] proposed the formalized definition of server-assisted secure multiparty computation, which required that there was no collusion between an ordinary participant and the server. On this basis, Kamara et al. [16] presented the concept of the secure function calculation of cloud auxiliary, and they constructed a protocol for the secure function calculation of a single server auxiliary. Carter et al. [17] proposed an implementation mechanism for private data protection in a cloud environment based on the outsourcing technology of Oblivious Transfer. This mechanism effectively mitigated dishonest behavior by cloud service providers. Compared to Yao's chaotic circuit technology, the structure of SMC based on a cloud service is more secure given the use of homomorphic encryption techniques. Asharov et al. [18]constructed a protocol for SMC based on cloud services with a threshold homomorphic encryption scheme. In this protocol, participants are only required to execute calculations associated with the protocol, and the secure computation was performed by the cloud server. Lopez-alt et al. [19] proposed a complete multi-key homomorphic encryption scheme, and based on this scheme, they constructed the Onthe-Fly Multi-party Computation (OFMC) protocol, which was secure under malicious adversaries.
The special SMC based on cloud services. Kerschbaum et al. [20] presented the noninteractive encrypted computation of the set intersection operation using an untrusted service provider. This service provider computed the intersection result after the users had submitted their encrypted sets to the service. The server could not obtain any information about the computation process. Kamara et al. [21] designed private set intersection (PSI) protocols in the server-aided setting, where the parties had access to a single untrusted server that made its computational resources available as a service. These protocols are secure in several adversarial models, and they address a range of security and privacy concerns such as fairness and leakage of the intersection size. Abadi et al. [22] designed a PSI on outsourced datasets based on a novel point-value polynomial representation, which ensured that intersections could only be calculated with the permission of all clients and that datasets and results remained completely confidential from the server. Veugen et al. [23] provided a generic framework that allowed an arbitrary number of users to securely outsource a computation to two non-colluding external servers with the help of a pre-processing phase that was independent of the inputs of the users. This approach was shown to be provably secure in an adversarial model. To address the inefficiency of previous schemes, Chen et al. [24] first transformed the original problem into a one-time evaluation problem for polynomials, and then, they designed four efficient and concise cloud computing environments to outsource the user set computing protocol. The analysis and comparison showed that these protocols were more efficient and concise than previously developed protocols. Chen et al. [25] transformed this traditional pattern into a cloud computation protocol that allowed an untrusted third party to be involved in the calculation process. They also designed a protocol for scalar product calculations applicable to cloud computing. On this basis, Chen the designed five solutions for spatial location relations. Although many researchers have begun to focus on SMC based on cloud services, fewer results on specific computing problems based on cloud services, especially for multi-party geometric computation, have been obtained. Research on such issues is attractive.
This paper focuses on some solid geometry problems based on cloud computing and their applications. We design the solution of secure multiparty computation of the square of the Euclidean distance using Boneh encryption. Using this solution as a building block, we solve the problem of triangular areas and that of tetrahedral volumes in three-dimensional space. On this basis, we give the protocol of the secure multiparty problem of the relationship between a point and a line.

Preliminaries
We briefly review the groups underlying our scheme.

Boneh encryption algorithm
Suppose that E is an encryption algorithm and that we are given the encryptions C 1 , C 2 2 G of messages m 1 and m 2 , respectively, where C 1 = E(m 1 , r 1 ) and C 2 = E(m 2 , r 2 ), in which r 1 , r 2 are random numbers. We describe Boneh's encryption algorithm and its homomorphic [26] as follows.
KeyGen (τ): Let N = pq, where p, q are two random primes. Generate a bilinear map e: Pick two random generators g; u R G and set h = u p . Then, h is a random generator of the subgroup of G with order p. The public key is PK = (G 1 , G, e, g, h, N), and the private key SK = q. Encrypt (PK, m): Assume that the message space consists of integers in the set {0, 1, . . ., n − 1} with T < q 2 . To encrypt a message m (m < p) using the public key PK, pick a random number r 2 Z N , compute c = g m h r 2 G and output c as the ciphertext.
Decrypt(SK, c): To decrypt a ciphertext c using the private key SK = q 1 , observe that To recover m, it suffices to compute the discrete logarithm of c q 1 base g 0 . The Boneh encryption algorithm is clearly additively homomorphic. Suppose that m 1 and m 2 are messages. We have Anyone can create a uniformly distributed encryption of m 1 + m 2 by the above formula for a random r.
More importantly, anyone can multiply two encrypted messages once using the bilinear map. Set e(g, g) = g, e(g, h) = h 1 , write h = g αp for some (unknown) α, and pick a random r; then, we obtain where r 0 = m 2 r 1 + m 1 r 2 + αpr 1 r 2 +r is distributed uniformly.
In m-dimensional Euclidean space, the rank of the matrix of Cayley-Menger determinants is no greater than m + 1. Specifically, D(p 1 , p 2 , . . .p n ) = 0 when n >= m + 1. Let us show the geometric interpretation of Cayley-Menger determinants when n = 2, 3, 4 and m = 3.
For n = 2, where D(p 1 , p 2 ) is the Euclidean distance between p 1 and p 2 . Observe that the squared distance between p 1 and p 2 is consistent with the result of the Cayley-Menger determinant. For n = 3, where A is the area of the triangle spanned by p 1 , p 2 , p 3 , and kk is the length of vector. L ij is the distance between p i and p j , i, j = 1, 2, 3. For n = 4, where V is the volume of the tetrahedron spanned by p 1 , p 2 , p 3 , p 4 , and L ij is the distance between p i and p j , i, j = 1, 2, 3, 4.

Security proof in the semi-honest model
In the semi-honest model, the parties abide by the protocol. However, they keep a record of all the intermediate computations and expect to deduce the private inputs of other parties from the record. The security of secure two-party computations in the semi-honest model can be described as follows. There is a probability polynomial-time algorithm (referred to as a simulator). Using this simulator, any semi-honest participant can simulate the execution process of the protocol alone and obtain all the intermediate information using his own inputs and the final result from the protocol. Definition 1 (The security of secure two-party computations in the semi-honest model) Let and P is a two-party protocol for computing f (denoted as f 2 ). The view of the ith party during an execution of P on (x, y), denoted as VIEW P i ðx; yÞ, is (x, r, m 1 , . . ., m t ), where r represents the outcome of the ith party's internal coin tosses, and m j represents the jth message that the ith party has received. Let OUTPUT P i ðx; yÞ be the ith output result. If there exists a probabilistic polynomial-time algorithm, denoted as S 1 and S 2 , making (1) and (2) workable, we say that P privately computes f.

Problems
This paper studies the following problems.
Problem 1: Secure multiparty computation of the square of the Euclidean distance(SMC-SED). Alice has a private point P A = (x 1 , x 2 , . . ., x n ), and Bob has a private point P B = (y 1 , y 2 , . . ., y n ), where (n � 3). Alice and Bob want to know the Euclidean distance between the points P A = (x 1 , x 2 , . . ., x n ) and P B = (y 1 , y 2 , . . ., y n ), where (n � 3), denoted by D 2 (P A , P B ), without disclosing P A or P B .
Problem 2: Secure multiparty computation of the area of a triangle(SMC-TA). Alice has a private point P A = (x A , y A , z A ), and Bob has private two points Alice and Bob want to know the area of the triangle formed by the points Problem 3: Secure multiparty computation of the volume of a tetrahedron(SMC-TV). Alice has a private point P A = (x A , y A , z A ), and Bob has two private points Alice and Bob want to know the volume of the tetrahedron formed by the points Problem 4: The distance between a point and a line(SMC-DPL). Alice has a private point P A = (x A , y A , z A ), and Bob has a private line L : Alice and Bob want to know the distance between the point P A and the line L without disclosing P A and L.
In the next sections, we will give our solutions to the four problems in detail.

Building block
Alice has an n-dimensional point P A = (x 1 , x 2 , . . ., x n ), and Bob has an n-dimensional point P B = (y 1 , y 2 , . . ., y n ), where n � 3. Alice and Bob want to compute the Euclidean distance without disclosing the messages of their points. We call this problem Secure multiparty computation of the square of Euclidean distance (SMC-SED). This problem is the building block of the other three problems. To solve this problem, we propose a protocol for the secure multiparty computation of the square of the Euclidean distance with the Boneh encryption algorithm. The solution transfers the main calculation to the cloud, which makes it possible for users to only perform encryption and other simple operations.

The solution of SMC-SED
The protocol for computing the square of the Euclidean distance is depicted in Fig 1. First, Alice and Bob encrypt their private values and then send their values to the server. To do so, Bob's values are blinded so that the server cannot determine them, even if it colludes with Alice. Then, the server uses the Boneh algorithm to calculate c 0 , c 1 , and c 2 and sends them to Bob. In the third step, Bob eliminates the blinding factors (r in the protocol and computes the cipher values. Therefore, Bob cannot decrypt the obtained information in this step. At the end of the protocol, Alice decrypts the cipher values and receives the square of the Euclidean distance. The protocol is described as follows. Protocol 1. SMC-SED Inputs: Alice's input is P A = (x 1 , x 2 , . . ., x n ). Bob's input is P B = (y 1 , y 2 , . . ., y n ), where (n � 3). Outputs: The square of the Euclidean distance formed by P A , P B .
Step 1. Based on the Boneh encryption algorithm, Alice picks suitable parameters and generates the public-private key pair (PK A , SK A ); Step 2. Alice computes E PK A ðx i Þ, i = 1. . .n and sends it to the cloud server; Step 3. Bob picks a random number r(6 ¼ 0) and computes E PK A ð2ry i Þ, where i = 1. . .n. Then, Bob sends E PK A ð2ry i Þ to the cloud server; Step 4. The cloud server obtains the messages that originated from Alice and Bob, and it performs the following calculations with the homomorphic property of the Boneh encryption algorithm: Then, the cloud server sends c 0 , c 1 , c 2 to Bob; Step and sends R to Alice; Step 6. Alice computes L AB 2 ¼ D SK A ðRÞ and tells the result to Bob.

Security
As we know, the cloud sever is untrusted. Therefore, we have to consider the security of private information in the cloud and the complicity between the cloud and any participant. Therefore, the security model of the protocol is slightly different than the traditional model. This will be proved with five formulas in Table 1. [25] Theorem 1. The SMC-SED protocol, denoted by P, is private, where n � 3.
Proof. We will prove this theorem by showing five simulators S 1 , S 2 , S 3 , S 4 , S 5 .
(1). We first show the construction of S 1 . Based on the inputs P A = (x 1 , x 2 , . . ., x n ) and L AB 1. S 1 computes E PK A ðx i Þ; i ¼ 1; :::; n. Then, S 1 chooses a point P B 0 = (y 1 0 , . . ., y n 0 ) and a random . .n, and performs the following calculations with the homomorphic property of the Boneh encryption algorithm: 4. S 1 outputs the message list of Alice: Note that in this protocol, Because of the choice of P B 0 = (y 1 0 , y 2 0 , . . ., y n 0 ), and r 0 , it must hold that L AB 2 � C L AB 0 2 , and (2). Now, let us examine the construction of S 2 . Based on the inputs P B = (y 1 , y 2 , . . ., y n ) and R, S 2 proceeds as follows.
Note that in this protocol, . Then, we verify the construction of S 3 . Based on the inputs E PK A ðP A Þ, E PK A ðP B Þ, c 0 , c 1 , and c 2 . S 3 proceeds as follows. and a random number r 0 . S 3 computes E PK 0 A ðx 0 i Þ, E PK 0 A ð2r 0 y i 0 Þ, where i = 1, 2, 3. . .n.

S 3 computes
Note that in this protocol, we have Because of the choice of the points P A 0 , P B 0 and r 0 , it must hold that Combining with the construction of S 1 and S 3 , we simulate S 4 in a similar manner. S 4 obtains the message list of Alice and the cloud server.
Clearly, Alice can decrypt all the ciphertexts coming from the information sequence with her own key pair. However, Alice still cannot obtain Bob's private information through the above information. If she wants to obtain Bob's private information, she has to solve the following problem: The number of equations is less than the number of unknowns when i � 3. The view of Alice and the server is Because of the choice of the point P B 0 = (y 1 0 , y 2 0 , . . ., y n 0 ), it must hold that In conclusion, the SMC-SED protocol is privacy preserving when n � 3.

Performance analysis
In this section, the performance analysis of SMC-SED and other similar protocols will be discussed. For the convenience of comparison with SMC-SED, we choose protocols based on the privacy homeomorphism technique, including those documented in Refs. [28] [29] [30]. The comparison details are displayed in Table 2.
Communication round complexity: In SMC-SED, Alice and Bob communicate with each other one time in Step 4; thus, the communication round complexity is 1 round. Except for Rang's protocol, whose communication cost is proportional to the original vector dimension n, all protocols have a communication efficiency of 2.
Computational complexity: We ignore the computational cost of creating random numbers and the key pair for homomorphic encryption, which can be completed in the preprocessing stage. Only the calculation phase, whose primary computational cost is a function of the dimensions and the complexity of homomorphic encryption, is considered. Let M N , M E , and M M represent the homomorphic encryption, modular exponentiation and modular multiplication, respectively. Different homomorphic algorithms are adopted by different protocols. The schemes in [28], [29], [30] adopted the Paillier homomorphic algorithm, whose modular operator p 2 q 2 , while SMC-SED adopts the Boneh homomorphic algorithm, whose modular operator is pq. For convenience of comparison, the modular operator of SMC-SED is M N . The modular operator of the other schemes is M N 2.
In SMC-SED, to calculate a distance with n dimensions, Alice needs to perform n encryptions and one decryption, i.e., E PK A ðx i Þ, i = 1. . .n, L AB 2 ¼ D SK A ðRÞ. Bob must perform n encryptions, 2 modular exponentiations and 2 modular multiplications, i.e., E PK A ð2ry i Þ, i = 1. . .n, . Therefore, the computational complexity of SMC-SED can be simplified as (2n + 1)M N + 2M E + 2M M (the modular operator is N). Amirbekyan's protocol needs 2n encryptions, n modular multiplications, and n decryptions, a total of 3nM N 2 + nM M (the modular operator is N 2 ). The computational complexity of Huang's protocol is (n + 2)M N 2 + 2ndM E + nM M (modular operator is N 2 ). Although Rane's protocol has a similar to computational complexity to Huang's protocol, it does not suffer an non-satisfactory communication round cost.
As observed in Table 2, SMC-SED does not possess a satisfactory computational complexity, but it achieves the lowest communication round complexity using the cloud server. However, in SMC-SED, the modular operator is N 1 = pq, and the radix is g. In the other protocols, the modular operator is n 2 = N 1 2 = p 2 q 2 , and the radix is g m . Because N 1 � N 2 , g m > g, SMC-SED reduces the number of modular power operations at high orders of magnitude and reduces the users' computing costs. Therefore, the computational complexity of SMC-SED is better than that of the other protocols.

Experimental analysis
Here, we give a quantitative analysis for our scheme and the other protocols. The runtime environment is an Intel Core i5 @CPU at 3.2GHz with 4.00 GB of RAM. The software runtime environment is Win10 64-bit and Python 3.6. The modulus N in the homomorphic algorithms is 256, 512, 1024 and 2048 bits. The times for modular exponentiation under the different modules and different exponential sizes are listed in Table 3. From Table 3, we see that if the exponent size remains unchanged, the time will increase with increasing modulus, and the growth factor is approximately 2.1. According to Table 2, if   Table 2. Efficiency comparisons between SMC-SED with the other protocols.

Protocol Computational Complexity Computational Complexity for 3-dimensional vector Communication between parties
Amirbekyan's protocol [28] 3nM Rane's protocol [29] (n + 1) Huang's protocol [30] (  2). The horizontal axis is the bits of N, and the vertical axis is the time cost (ms). It can be observed from Fig 3 that the actual experimental simulation is completely consistent with the theoretical analysis. SMC-SED indeed reduces the computing time for the users compared with the protocol in [28][29][30]. Therefore, SMC-SED is effective and efficient in a practical environment.

Solutions
In this section, we use SMC-SED as the basic subprotocol, and we solve the problems of the triangle area and volume calculations and give an extend protocol about the point-line distance.

SMC-TA
The problem of SMC-TA is as follows: Alice has a point P A = (x A , y A , z A ), and Bob has two These three points can form a triangle in space. Alice and Bob want to know the area of the triangle without disclosing their private messages. To solve this problem, we first calculate the square of the Euclidean distances L AB 1 2 and L AB 2 2 , and then, we convert the problem of a triangle area into a determinant calculation about distances. The details of the protocol are as follows. Protocol 2: Secure multiparty computation of the triangle area Input: Alice's input is P A = (x A , y A , z A ), and Bob's inputs are Output: The area S DAB 1 B 2 of the triangle is formed by P A , P B 1 ; P B 2 : Step 1. Alice and Bob compute L AB 1 2 , L AB 2 2 using SMC-SED. In addition, Alice obtain L AB 1 2 , Step 2. Bob computes L B 1 B 2 2 and sends it to Alice.
Step 3. Alice computes ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi 1 4 Secure two-party computation of solid triangle area and tetrahedral volume based on cloud platform Then, Alice sends the result to Bob.

SMC-TV
Similar to protocol 2, if Alice has a point P A = (x A , y A , z A ) and Bob has three points These four points form a tetrahedron in space. Alice and Bob want to know the volume of a tetrahedron without disclosing their private information. We call this problem the secure multiparty computation of the volume of a tetrahedron. Protocol 3: Secure multiparty computation of the tetrahedron volume Input: Alice's input is P A , and Bob's inputs are P B 1 , P B 2 , P B 3 ; Output: The volume V AB 1 B 2 B 3 of the tetrahedron is formed by P A , P B 1 , P B 2 , P B 3 Step 1. Using SMC-ED, Alice and Bob compute In addition, Alice gets the results.
Step 2. Bob computes L B 1 B 2 2 , L B 1 B 3 2 , L B 2 B 3 2 and sends them to Alice; Step 3. Alice computes ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi ffi and sends the result to Bob.

SMC-DPL
Using the SMC-TA as a building block, we further solve the problem of the secure multiparty computation of a point and a line. Specifically, Alice has a private point P A = (x A , y A , z A ), and Bob has a private line L : Alice and Bob want to know the distance between the point and the line without disclosing their private information.
We know that the area of the triangle equals half the base of the triangle times the height. If we can determine the area of the triangle using SMC-TA and the base of the triangle, the height of the triangle is exactly the distance between the point and the line. It is easy for us to obtain the distance as follows.
Protocol 4: Secure multiparty computation of the point-line distance Input: Alice's input is P A = (x A , y A , z A ). Bob's input is L : The distance between P A and L.
Step 1. Bob randomly chooses Bob computes the distance between these two points, defined as L B 1 B 2 .
Step 2. Alice and Bob use SMC-TA to compute the area S DAB 1 B 2 privately.
Step 3. Bob computes h ¼ Then, Bob sends the result to Alice.
The security of the protocol follows from Theorem 1.
In the same way as [6], if we use the solution of SMC-TV as a building block, we can also solve other geometric security problems such as point-line, point-surface, and line-line problems.

Security
Theorem 2. In the semi-honest model, SMC-TA is private.
Proof: The protocol security is that the parties cannot use the intermediate results to obtain private information about each other. In our protocol, Alice obtains L AB 1 2 , L AB 2 2 , and L B 1 B 2 2 .
However, if Alice wants to obtain Bob's private information, she has to find two points on the concentric circle with radii L AB 1 and L AB 2 , where the distance between these two points is L B 1 B 2 . Specifically, Alice must solve the following problem: Clearly, there are three equations. The number of equations is less than the number of unknowns. Therefore, it is difficult for Alice to obtain Bob's private information. On the other side, Bob has L B 1 B 2 2 ; S DAB 1 B 2 ; and he can calculate the height of the triangle according to the formula for the area of a triangle S DAB 1 B 2 ¼ 1 2 L B 1 B 2 � h: However, Bob can only extrapolate the potential location of P A and not obtain the exact location.
The construction of simulators of the proof is similar to that of Theorem 1. Therefore, we construct the simulators S 1 , S 2 , S 3 , S 4 , and S 5 as follows.
1. The construction of the simulator S 1 Based on P A and S DAB 1 B 2 , S 1 chooses two points P B 1 Note that in this protocol, we have Because of the choice of the points P B 1 0 , P B 2 0 ; it must hold that where the lengths of the three sides of this triangle are L B 1 B 2 , L B 1 B 3 , and L B 2 B 3 . Thus, Alice should solve the following problem: Clearly, the number of equations is less than the number of unknowns. Alice cannot determine Bob's private information. On the other hand, Bob knows L B 1

Complexity
Computational complexity: In SMC-TA, two parties utilize cooperation twice using SMC-SED. Alice and Bob can send the initial data to the cloud server once. In addition, the cloud server delivers the results to Bob when finishing its computation. In Step 2, Bob performs the normal addition operation 3 times and the normal multiplication operation 2 times. In Step 3, Alice performs a fourth-order matrix operation one time, the normal multiplication operation 3 times and the exponentiation operation one time. If we ignore the ordinary operations, the computational complexity of our protocol is 11M N + 3M E + 2M M . In SMC-TV, Bob computes the square of the Euclidean distance 3 times. Alice performs a fifth-order matrix operation one time, the common multiplication operation 3 times and the common exponentiation operation one time. Thus, the computational complexity of SMC-TV is 15M N + 6M E + 4M M . The computational complexity of SMC-DPL is the same as that of SMC-TA. Communication complexity: In SMC-TA, Bob can keep the results of the distance calculation and send them L 2 B 1 B 2 to Alice in Step 2. Alice sends S DAB 1 B 2 to Bob in Step 3. Thus, there are 2 rounds between Alice and Bob in our protocol. In the same way, in SMC-TV, the communication between two participants consists of 2 rounds. The communication complexity of SMC-DPL is the same as that of SMC-TA.

Comparison
This section provides comparisons of the complexity and performance of this protocol with the schemes in references [6]and [25]. We show the comparison of the complexity of our protocol with that of [6] in Table 4. In Table 5, we compare the performance of our protocol with the protocols in [6] and [25].
Complexity: Because the spatial location problems involved in the literature are not identical, to perform the comparison, we chose the volume protocol in [6] to make a comparison. In Ref. https://doi.org/10.1371/journal.pone.0217067.t005 Secure two-party computation of solid triangle area and tetrahedral volume based on cloud platform [6], Bob performs third-order matrix operations 4 times, and Alice performs common multiplication calculations 5 times. Thus, the computational complexity is 9M, where M represents the number of common multiplications. The computational complexity can be neglected. Our schemes use a homomorphic cipher algorithm to protect the user's private information, and the encryption and decryption calculations need more time. From Table 4, we can see that our schemes have the same communication complexity as the protocol in [6]; the computational complexity of our schemes is not optimal. Performance: In [6], Li et al. studied security geometry problems such as tetrahedral volumes, point-line distances, line-plane relationships and plane-plane relationships. However, the schemes in [6] did not concern problems about triangular areas and point-line distances. In [25], the protocol was extended with the help of a cloud platform. However, the protocol can only solve the point-line distance problem and the point-plane distance problem. In contrast, this paper solves the above six problems, i.e. the triangular area, tetrahedral volume, point-line distance, point-plane distance, line-plane relationship and plane-plane relationship problems, in the same way with the cloud platform. From Table 5, we can see that the solutions in [25] have the worst performance, and their application is limited. The method in [6] is not suitable for cloud platforms. Our schemes achieve the best performance.
From the above, the complexity of our solutions is not the most satisfactory, but our schemes represent a new technique for solving secure multi-party solid geometry computation problems and can be used to solve a wider range of problems while maintaining the same level of security and being more universal.

Application
To illustrate our motivation in developing these solutions, we present the following interesting scenario inspired by [6]: Bob has a mixture ξ 1 that contains 10% of component Alice wants to know if she can produce this mixture from the two mixtures that Bob has, but she does not want to disclose her needs. Similarly, Bob does not want to disclose the contents of his mixtures. If we represent the mixtures ξ 1 and ξ 2 by points in three-dimensional space, namely, by P B 1 , P B 2 (see Fig 3), we can produce the mixtures represented by any point on the line segment P B 1 , P B 2 by mixing ξ 1 and ξ 2 at various ratios. Thus, privately determining whether Alice can produce her mixture from Bob's two mixtures can be reduced to privately determining whether the point that represents Alice's mixture is on the line segment P B 1 , P B 2 . This computational geometry problem is called the point-inclusion problem.
How does one solve this problem? First, Alice and Bob use Protocol 1 to privately compute L 2 AB 1 and L 2 AB 2 , and they use Protocol 2 to privately compute S DAB 1 B 2 . Then, Alice and Bob use Protocol 4 to privately determine d, the distance between point P A , which represents Alice's mixture in three-dimensional space, and the line P B 1 P B 2 , determined by the two points that represent Bob's two mixtures. If d 6 ¼ 0, Alice cannot produce her mixture from the two mixtures that Bob has; otherwise, if d = 0, which implies that point P A is on the line determined by the two points that represent Alice's two mixtures, then Alice and Bob can negotiate to project these points onto a line and to privately determine whether the projection of P A is inside the projection of the line segment P B 1 P B 2 . If the projection of P A is inside that of line segment produce her mixture from his mixtures. In this way, Alice and Bob can solve this problem while keeping their mixtures private.
If Alice has three mixtures, Alice and Bob first use Protocol 1 to privately compute L 2 AB 1 , L 2 AB 2 and L 2 AB 3 , and they use Protocol 3 to privately compute V AB 1 B 2 B 3 . Then, Alice and Bob use Protocol 2 in [6] to determine the distance between point P A , which represents Alice's mixture in three-dimensional space, and the line P B 1 , P B 2 , and P B 3 is determined by the three points that represent Bob's three mixtures (see Fig 3). If there are more than three components of interest in the mixtures, a similar analysis can be performed using a higher dimensional space.

Conclusion
With the emergence and widespread use of cloud computing, solving the problem of multiparty computing with cloud platforms has become a new research direction. The introduction of cloud computing resources has lead to changes in the secure multi-party computing model and solutions. However, the computational task of spatial geometry calculations in traditional problems is completed via mutual interactions between two parties. Therefore, it is difficult for these protocols to used in untrusted cloud computing environments. In this paper, we propose a more general solution to solve spatial geometry security problems using a cloud platform. First, we transform the problems into the calculation of a distance. Then, we design a security protocol to solve for the Euclidean distance. Based on the above protocol, we solve two problems concerning the calculations of triangular areas and tetrahedron volumes. We prove that our protocols can resist collusion between the parties and the untrusted cloud platform, and it effectively protects the users' privacy. In addition, we note that the proposed protocol can be used for the calculation of spatial distances such as point-line, point-surface, and line-line distance. Because of the transformation of the problems, we can solve more spatial geometry security problems with a cloud platform. However, the complexity of the protocol should be improved. Therefore, as future work, we will attempt to reduce the computational complexity of the protocol.