PCPHE: A privacy comparison protocol for vulnerability detection based on homomorphic encryption

Abstract

Nowadays, many security service providers have their own vulnerability databases and consider them as corporate property. How to ensure the normal use of client while protecting the privacy of these assets has become a problem that needs to be solved. This paper mainly introduces a privacy comparison protocol based on BGN and a version number standardization method, which can be used in scenarios of vulnerability database privacy comparison. Our scheme PCPHE adds random offsets and special preprocessing to avoid common factor attacks that may occur in privacy comparison, while ensuring that client does not know the specific vulnerability database content of the security service provider in a limited number of queries.