Showing papers on "Secure multi-party computation published in 2014"
TL;DR: A first protocol bridging secure storage and secure computation auditing in cloud and achieving privacy cheating discouragement by designated verifier signature, batch verification and probabilistic sampling techniques is proposed, or SecCloud.
493 citations
18 May 2014
TL;DR: The Bit coin system can be used to go beyond the standard "emulation-based" definition of the MPCs, by constructing protocols that link their inputs and the outputs with the real Bit coin transactions.
Abstract: Bit coin is a decentralized digital currency, introduced in 2008, that has recently gained noticeable popularity. Its main features are: (a) it lacks a central authority that controls the transactions, (b) the list of transactions is publicly available, and (c) its syntax allows more advanced transactions than simply transferring the money. The goal of this paper is to show how these properties of Bit coin can be used in the area of secure multiparty computation protocols (MPCs). Firstly, we show that the Bit coin system provides an attractive way to construct a version of "timed commitments", where the committer has to reveal his secret within a certain time frame, or to pay a fine. This, in turn, can be used to obtain fairness in some multiparty protocols. Secondly, we introduce a concept of multiparty protocols that work "directly on Bit coin". Recall that the standard definition of the MPCs guarantees only that the protocol "emulates the trusted third party". Hence ensuring that the inputs are correct, and the outcome is respected is beyond the scope of the definition. Our observation is that the Bit coin system can be used to go beyond the standard "emulation-based" definition, by constructing protocols that link their inputs and the outputs with the real Bit coin transactions. As an instantiation of this idea we construct protocols for secure multiparty lotteries using the Bit coin currency, without relying on a trusted authority (one of these protocols uses the Bit coin-based timed commitments mentioned above). Our protocols guarantee fairness for the honest parties no matter how the loser behaves. For example: if one party interrupts the protocol then her money is transferred to the honest participants. Our protocols are practical (to demonstrate it we performed their transactions in the actual Bit coin system), and can be used in real life as a replacement for the online gambling sites. We think that this paradigm can have also other applications. We discuss some of them.
334 citations
17 Aug 2014
TL;DR: In this article, the authors study a model of fairness in secure computation in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty.
Abstract: We study a model of fairness in secure computation in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty. We then show how the Bitcoin network can be used to achieve the above notion of fairness in the two-party as well as the multiparty setting (with a dishonest majority). In particular, we propose new ideal functionalities and protocols for fair secure computation and fair lottery in this model.
297 citations
Posted Content•
TL;DR: In this paper, the authors give an overview on existing PSI protocols that are secure against semi-honest adversaries and suggest a new PSI protocol whose runtime is superior to that of existing protocols.
Abstract: Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. It is one of the best studied applications of secure computation and many PSI protocols have been proposed. However, the variety of existing PSI protocols makes it difficult to identify the solution that performs best in a respective scenario, especially since they were not all implemented and compared in the same setting. In this work, we give an overview on existing PSI protocols that are secure against semi-honest adversaries. We take advantage of the most recent efficiency improvements in OT extension to propose significant optimizations to previous PSI protocols and to suggest a new PSI protocol whose runtime is superior to that of existing protocols. We compare the performance of the protocols both theoretically and experimentally, by implementing all protocols on the same platform, and give recommendations on which protocol to use in a particular setting.
227 citations
Proceedings Article•
20 Aug 2014TL;DR: The most recent efficiency improvements in OT extension are taken to propose significant optimizations to previous PSI protocols and to suggest a new PSI protocol whose runtime is superior to that of existing protocols.
Abstract: Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. It is one of the best studied applications of secure computation and many PSI protocols have been proposed. However, the variety of existing PSI protocols makes it difficult to identify the solution that performs best in a respective scenario, especially since they were not all implemented and compared in the same setting.
In this work, we give an overview on existing PSI protocols that are secure against semi-honest adversaries. We take advantage of the most recent efficiency improvements in OT extension to propose significant optimizations to previous PSI protocols and to suggest a new PSI protocol whose runtime is superior to that of existing protocols. We compare the performance of the protocols both theoretically and experimentally, by implementing all protocols on the same platform, and give recommendations on which protocol to use in a particular setting.
188 citations
03 Nov 2014
TL;DR: An efficient secure computation protocol is shown that monetarily penalizes an adversary that attempts to learn one bit of information but gets detected in the process and captures the amount of computational effort required to validate Bitcoin transactions required to implement it in Bitcoin.
Abstract: We study a model of incentivizing correct computations in a variety of cryptographic tasks. For each of these tasks we propose a formal model and design protocols satisfying our model's constraints in a hybrid model where parties have access to special ideal functionalities that enable monetary transactions. We summarize our results: Verifiable computation. We consider a setting where a delegator outsources computation to a worker who expects to get paid in return for delivering correct outputs. We design protocols that compile both public and private verification schemes to support incentivizations described above. Secure computation with restricted leakage. Building on the recent work of Huang et al. (Security and Privacy 2012), we show an efficient secure computation protocol that monetarily penalizes an adversary that attempts to learn one bit of information but gets detected in the process. Fair secure computation. Inspired by recent work, we consider a model of secure computation where a party that aborts after learning the output is monetarily penalized. We then propose an ideal transaction functionality FML and show a constant-round realization on the Bitcoin network. Then, in the FML-hybrid world we design a constant round protocol for secure computation in this model. Noninteractive bounties. We provide formal definitions and candidate realizations of noninteractive bounty mechanisms on the Bitcoin network which (1) allow a bounty maker to place a bounty for the solution of a hard problem by sending a single message, and (2) allow a bounty collector (unknown at the time of bounty creation) with the solution to claim the bounty, while (3) ensuring that the bounty maker can learn the solution whenever its bounty is collected, and (4) preventing malicious eavesdropping parties from both claiming the bounty as well as learning the solution. All our protocol realizations (except those realizing fair secure computation) rely on a special ideal functionality that is not currently supported in Bitcoin due to limitations imposed on Bitcoin scripts. Motivated by this, we propose validation complexity of a protocol, a formal complexity measure that captures the amount of computational effort required to validate Bitcoin transactions required to implement it in Bitcoin. Our protocols are also designed to take advantage of optimistic scenarios where participating parties behave honestly.
184 citations
18 May 2014
TL;DR: Wysteria is presented, a high-level programming language for writing SMCs and it is found that Wysteria's performance is competitive with prior approaches while making programming far easier, and more trustworthy.
Abstract: In a Secure Multiparty Computation (SMC), mutually distrusting parties use cryptographic techniques to cooperatively compute over their private data, in the process each party learns only explicitly revealed outputs. In this paper, we present Wysteria, a high-level programming language for writing SMCs. As with past languages, like Fairplay, Wysteria compiles secure computations to circuits that are executed by an underlying engine. Unlike past work, Wysteria provides support for mixed-mode programs, which combine local, private computations with synchronous SMCs. Wysteria complements a standard feature set with built-in support for secret shares and with wire bundles, a new abstraction that supports generic n-party computations. We have formalized Wysteria, its refinement type system, and its operational semantics. We show that Wysteria programs have an easy-to-understand single-threaded interpretation and prove that this view corresponds to the actual multi-threaded semantics. We also prove type soundness, a property we show has security ramifications, namely that information about one party's data can only be revealed to another via (agreed upon) secure computations. We have implemented Wysteria, and used it to program a variety of interesting SMC protocols from the literature, as well as several new ones. We find that Wysteria's performance is competitive with prior approaches while making programming far easier, and more trustworthy.
137 citations
03 Mar 2014
TL;DR: The Bitcoin currency system can be used to obtain fairness in any two-party secure computation protocol in the following sense: if one party aborts the protocol after learning the output then the other party gets a financial compensation (in bitcoins).
Abstract: We show how the Bitcoin currency system (with a small modification) can be used to obtain fairness in any two-party secure computation protocol in the following sense: if one party aborts the protocol after learning the output then the other party gets a financial compensation (in bitcoins). One possible application of such protocols is the fair contract signing: each party is forced to complete the protocol, or to pay to the other one a fine.
131 citations
03 Nov 2014
TL;DR: This work presents SCORAM, a heuristic compact ORAM design optimized for secure computation protocols, which is almost 10x smaller in circuit size and also faster than all other designs tested for realistic settings.
Abstract: Oblivious RAMs (ORAMs) have traditionally been measured by their bandwidth overhead and client storage. We observe that when using ORAMs to build secure computation protocols for RAM programs, the size of the ORAM circuits is more relevant to the performance. We therefore embark on a study of the circuit-complexity of several recently proposed ORAM constructions. Our careful implementation and experiments show that asymptotic analysis is not indicative of the true performance of ORAM in secure computation protocols with practical data sizes. We then present SCORAM, a heuristic compact ORAM design optimized for secure computation protocols. Our new design is almost 10x smaller in circuit size and also faster than all other designs we have tested for realistic settings (i.e., memory sizes between 4MB and 2GB, constrained by 2-80 failure probability). SCORAM makes it feasible to perform secure computations on gigabyte-sized data sets.
128 citations
Patent•
27 Oct 2014
TL;DR: In this paper, the authors propose a secret sharing scheme for protecting a set of storage devices using secret sharing in combination with an external secret, where the data of each storage device is encrypted with a device-specific key and this key is encrypted using the final master secret.
Abstract: A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme in combination with an external secret. An initial master secret is generated and then transformed into a final master secret using an external secret. A plurality of shares are generated from the initial master secret and distributed to the storage devices. The data of each storage device is encrypted with a device-specific key, and this key is encrypted using the final master secret. In order to read the data on a given storage device, the initial master secret reconstructed from a threshold number of shares and the external secret is retrieved. Next, the initial master secret is transformed into the final master secret using the external secret, and then the final master secret is used to decrypt the encrypted key of a given storage device.
126 citations
TL;DR: This work reports an experimental demonstration of graph state-based quantum secret sharing--an important primitive for a quantum network with applications ranging from secure money transfer to multiparty quantum computation.
Abstract: Quantum communication schemes rely on cryptographically secure quantum resources to distribute private information. Here, the authors show that graph states—nonlocal states based on networks of qubits—can be exploited to implement quantum secret sharing of quantum and classical information.
18 May 2014
TL;DR: This work describes the first automated approach for RAM-model secure computation in the semi-honest model by Leveraging compile-time optimizations and defines an intermediate representation called SCVM and a corresponding type system suited forRAM- model secure computation.
Abstract: RAM-model secure computation addresses the inherent limitations of circuit-model secure computation considered in almost all previous work. Here, we describe the first automated approach for RAM-model secure computation in the semi-honest model. We define an intermediate representation called SCVM and a corresponding type system suited for RAM-model secure computation. Leveraging compile-time optimizations, our approach achieves order-of-magnitude speedups compared to both circuit-model secure computation and the state-of-art RAM-model secure computation.
Posted Content•
TL;DR: In this article, a heuristic compact ORAM design optimized for secure computation protocols is presented, which is almost 10x smaller in circuit size and also faster than all other designs tested for realistic settings (i.e., memory sizes between 4MB and 2GB).
Abstract: Oblivious RAMs (ORAMs) have traditionally been measured by their bandwidth overhead and client storage. We observe that when using ORAMs to build secure computation protocols for RAM programs, the size of the ORAM circuits is more relevant to the performance. We therefore embark on a study of the circuit-complexity of several recently proposed ORAM constructions. Our careful implementation and experiments show that asymptotic analysis is not indicative of the true performance of ORAM in secure computation protocols with practical data sizes. We then present scoram, a heuristic compact ORAM design optimized for secure computation protocols. Our new design is almost 10x smaller in circuit size and also faster than all other designs we have tested for realistic settings (i.e., memory sizes between 4MB and 2GB, constrained by 2−80 failure probability). scoram makes it feasible to perform secure computations on gigabyte-sized data sets.
07 Dec 2014
TL;DR: In this paper, the authors present oblivious implementations of several data structures for secure multiparty computation (MPC) such as arrays, dictionaries, and priority queues, which have only polylogarithmic overhead compared with their classical counterparts.
Abstract: We present oblivious implementations of several data structures for secure multiparty computation (MPC) such as arrays, dictionaries, and priority queues. The resulting oblivious data structures have only polylogarithmic overhead compared with their classical counterparts. To achieve this, we give secure multiparty protocols for the ORAM of Shi et al. (Asiacrypt ‘11) and the Path ORAM scheme of Stefanov et al. (CCS ‘13), and we compare the resulting implementations. We subsequently use our oblivious priority queue for secure computation of Dijkstra’s shortest path algorithm on general graphs, where the graph structure is secret. To the best of our knowledge, this is the first implementation of a non-trivial graph algorithm in multiparty computation with polylogarithmic overhead.
17 Aug 2014
TL;DR: In the setting of malicious adversaries, where the corrupted party can follow any arbitrary (polynomial-time) strategy in an attempt to breach security, the cut-and-choose technique is used to ensure that the garbled circuit is constructed correctly.
Abstract: Protocols for secure two-party computation enable a pair of mistrusting parties to compute a joint function of their private inputs without revealing anything but the output. One of the fundamental techniques for obtaining secure computation is that of Yao’s garbled circuits. In the setting of malicious adversaries, where the corrupted party can follow any arbitrary (polynomial-time) strategy in an attempt to breach security, the cut-and-choose technique is used to ensure that the garbled circuit is constructed correctly. The cost of this technique is the construction and transmission of multiple circuits; specifically, s garbled circuits are used in order to obtain a maximum cheating probability of 2− s.
TL;DR: This paper focuses on comparing these two major paradigms of techniques, namely, homomorphic encryption-based techniques and feature/index randomization- based techniques, for confidentiality-preserving image search, and develops novel and systematic metrics to quantitatively evaluate security strength in this unique type of data and applications.
Abstract: Recent years have seen increasing popularity of storing and managing personal multimedia data using online services. Preserving confidentiality of online personal data while offering efficient functionalities thus becomes an important and pressing research issue. In this paper, we study the problem of content-based search of image data archived online while preserving content confidentiality. The problem has different settings from those typically considered in the secure computation literature, as it deals with data in rank-ordered search, and has a different security-efficiency requirement. Secure computation techniques, such as homomorphic encryption, can potentially be used in this application, at a cost of high computational and communication complexity. Alternatively, efficient techniques based on randomizing visual feature and search indexes have been proposed recently to enable similarity comparison between encrypted images. This paper focuses on comparing these two major paradigms of techniques, namely, homomorphic encryption-based techniques and feature/index randomization-based techniques, for confidentiality-preserving image search. We develop novel and systematic metrics to quantitatively evaluate security strength in this unique type of data and applications. We compare these two paradigms of techniques in terms of their search performance, security strength, and computational efficiency. The insights obtained through this paper and comparison will help design practical algorithms appropriate for privacy-aware cloud multimedia systems.
TL;DR: In this paper, the authors consider the problem of securely verifying the position of a device in the presence of an adversary, and show that secure positioning is impossible in the vanilla model, even if the adversary is computationally bounded.
Abstract: In this paper, we initiate the theoretical study of cryptographic protocols where the identity, or other credentials and inputs, of a party are derived from its geographic location. We start by considering the central task in this setting, i.e., securely verifying the position of a device. Despite much work in this area, we show that in the vanilla (or standard) model, the above task (i.e., of secure positioning) is impossible to achieve, even if we assume that the adversary is computationally bounded. In light of the above impossibility result, we then turn to Dziembowski's bounded retrieval model (a variant of Maurer's bounded storage model) and formalize and construct information theoretically secure protocols for two fundamental tasks: secure positioning and position-based key exchange. We then show that these tasks are in fact universal in this setting---we show how we can use them to realize secure multiparty computation. Our main contribution in this paper is threefold: to place the problem of secu...
TL;DR: This study presents a secure Boolean-based secret image sharing scheme that uses arandom image generating function to generate a random image from secret images or shared images that efficiently increases the sharing capacity on free of sharing the random image.
03 Nov 2014
TL;DR: This work shows that there exist commitment, zero-knowledge and general function evaluation protocols with universally composable security, in a model where all parties and all protocols have access to a single, global, random oracle and no other trusted setup.
Abstract: Contrary to prior belief, we show that there exist commitment, zero-knowledge and general function evaluation protocols with universally composable security, in a model where all parties and all protocols have access to a single, global, random oracle and no other trusted setup. This model provides significantly stronger composable security guarantees than the traditional random oracle model of Bellare and Rogaway [CCS'93] or even the common reference string model. Indeed, these latter models provide no security guarantees in the presence of arbitrary protocols that use the {\em same} random oracle (or reference string or hash function). Furthermore, our protocols are highly efficient. Specifically, in the interactive setting, our commitment and general computation protocols are much more efficient than the best known ones due to Lindell [Crypto'11,'13] which are secure in the common reference string model. In the non-interactive setting, our protocols are slightly less efficient than the best known ones presented by Afshar et al. [Eurocrypt '14] but do away with the need to rely on a non-global (programmable) reference string.
03 Sep 2014
TL;DR: In the last few years the efficiency of secure multi-party computation (MPC) increased in several orders of magnitudes, however, this alone might not be enough if the authors want MPC protocols to be used in practice.
Abstract: In the last few years the efficiency of secure multi-party computation (MPC) increased in several orders of magnitudes. However, this alone might not be enough if we want MPC protocols to be used in practice. A crucial property that is needed in many applications is that everyone can check that a given (secure) computation was performed correctly – even in the extreme case where all the parties involved in the computation are corrupted, and even if the party who wants to verify the result was not participating. This is especially relevant in the clients-servers setting, where many clients provide input to a secure computation performed by a few servers. An obvious example of this is electronic voting, but also in many types of auctions one may want independent verification of the result. Traditionally, this is achieved by using non-interactive zero-knowledge proofs during the computation.
24 Feb 2014
TL;DR: The complexity of realizing the “worst” functions in several standard models of information-theoretic cryptography, for the case of security against passive adversaries, is studied.
Abstract: We study the complexity of realizing the “worst” functions in several standard models of information-theoretic cryptography. In particular, for the case of security against passive adversaries, we obtain the following main results.
11 May 2014
TL;DR: In this paper, secure two-party computation (2PC) has been demonstrated to be feasible in practice, but all efficient general-computation 2PC protocols require multiple rounds of interaction between the two players.
Abstract: In recent years, secure two-party computation (2PC) has been demonstrated to be feasible in practice. However, all efficient general-computation 2PC protocols require multiple rounds of interaction between the two players. This property restricts 2PC to be only relevant to scenarios where both players can be simultaneously online, and where communication latency is not an issue.
03 Nov 2014
TL;DR: This work proposes a statistical data collection system, PrivEx, for collecting egress traffic statistics from anonymous communication networks in a secure and privacy-preserving manner, based on distributed differential privacy and secure multiparty computation.
Abstract: In addition to their common use for private online communication, anonymous communication networks can also be used to circumvent censorship. However, it is difficult to determine the extent to which they are actually used for this purpose without violating the privacy of the networks' users. Knowing this extent can be useful to designers and researchers who would like to improve the performance and privacy properties of the network. To address this issue, we propose a statistical data collection system, PrivEx, for collecting egress traffic statistics from anonymous communication networks in a secure and privacy-preserving manner. Our solution is based on distributed differential privacy and secure multiparty computation; it preserves the security and privacy properties of anonymous communication networks, even in the face of adversaries that can compromise data collection nodes or coerce operators to reveal cryptographic secrets and keys.
TL;DR: A two-party algorithm for differentially private data release for vertically partitioned data between two parties in the semihonest adversary model is presented and Experimental results on real-life data suggest that the proposed algorithm can effectively preserve information for a data mining task.
Abstract: Privacy-preserving data publishing addresses the problem of disclosing sensitive data when mining for useful information. Among the existing privacy models, ϵ-differential privacy provides one of the strongest privacy guarantees. In this paper, we address the problem of private data publishing, where different attributes for the same set of individuals are held by two parties. In particular, we present an algorithm for differentially private data release for vertically partitioned data between two parties in the semihonest adversary model. To achieve this, we first present a two-party protocol for the exponential mechanism. This protocol can be used as a subprotocol by any other algorithm that requires the exponential mechanism in a distributed setting. Furthermore, we propose a two-party algorithm that releases differentially private data in a secure way according to the definition of secure multiparty computation. Experimental results on real-life data suggest that the proposed algorithm can effectively preserve information for a data mining task.
TL;DR: This paper considers the collaborative data publishing problem for anonymizing horizontally partitioned data at multiple data providers and introduces the notion of m-privacy, which guarantees that the anonymized data satisfies a given privacy constraint against any group of up to m colluding data providers.
Abstract: In this paper, we consider the collaborative data publishing problem for anonymizing horizontally partitioned data at multiple data providers. We consider a new type of "insider attack" by colluding data providers who may use their own data records (a subset of the overall data) to infer the data records contributed by other data providers. The paper addresses this new threat, and makes several contributions. First, we introduce the notion of m-privacy, which guarantees that the anonymized data satisfies a given privacy constraint against any group of up to m colluding data providers. Second, we present heuristic algorithms exploiting the monotonicity of privacy constraints for efficiently checking m-privacy given a group of records. Third, we present a data provider-aware anonymization algorithm with adaptive m-privacy checking strategies to ensure high utility and m-privacy of anonymized data with efficiency. Finally, we implement the m-privacy anonymization and verification algorithms with a trusted third party (TTP), and propose secure multiparty computation protocols for scenarios without TTP. All protocols are extensively analyzed and their security and efficiency are formally proved. Experiments on real-life datasets suggest that our approach achieves better or comparable utility and efficiency than existing and baseline algorithms while satisfying m-privacy.
17 Aug 2014
TL;DR: This work begins a systematic study of the more robust notion of security with identifiable abort, which leverages the effect of an abort by forcing, upon abort, at least one malicious party to reveal its identity.
Abstract: Protocols for secure multi-party computation (MPC) that resist a dishonest majority are susceptible to “denial of service” attacks, allowing even a single malicious party to force the protocol to abort. In this work, we initiate a systematic study of the more robust notion of security with identifiable abort, which leverages the effect of an abort by forcing, upon abort, at least one malicious party to reveal its identity.
TL;DR: In the proposed DQSS protocol, an agent can obtain a shadow of the secret key by simply performing a measurement on single photons by using the measurement property of Greenberger–Horne–Zeilinger state and the controlled-NOT gate.
Abstract: This work proposes a new dynamic quantum secret sharing (DQSS) protocol using the measurement property of Greenberger---Horne---Zeilinger state and the controlled-NOT gate. In the proposed DQSS protocol, an agent can obtain a shadow of the secret key by simply performing a measurement on single photons. In comparison with the existing DQSS protocols, it provides better qubit efficiency and has an easy way to add a new agent. The proposed protocol is also free from the eavesdropping attack, the collusion attack, and can have an honesty check on a revoked agent.
TL;DR: There is a strict relation between these two models of visual cryptography that to any random grid scheme corresponds a deterministic scheme and vice versa, which allows us to use results known in a model also in the other model.
Abstract: Visual cryptography is a special type of secret sharing. Two models of visual cryptography have been independently studied: 1) deterministic visual cryptography, introduced by Naor and Shamir, and 2) random grid visual cryptography, introduced by Kafri and Keren. In this paper, we show that there is a strict relation between these two models. In particular, we show that to any random grid scheme corresponds a deterministic scheme and vice versa. This allows us to use results known in a model also in the other model. By exploiting the (many) results known in the deterministic model, we are able to improve several schemes and to provide many upper bounds for the random grid model and by exploiting some results known for the random grid model, we are also able to provide new schemes for the deterministic model. A side effect of this paper is that future new results for any one of the two models should not ignore, and in fact be compared with, the results known in the other model.
TL;DR: The proposed secret sharing methods for natural images based on multi-cover adaptive steganography are more secure in terms of resistance against state-of-the-art steganalysis techniques and can be used to adaptively embed location-sensitive secrets.
TL;DR: This paper identifies a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage and proposes a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement.
Abstract: Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.