Securely Computing the Manhattan Distance under the Malicious Model and Its Applications

: Manhattan distance is mainly used to calculate the total absolute wheelbase of two points in the standard coordinate system. The secure computation of Manhattan distance is a new geometric problem of secure multi-party computation. At present, the existing research secure computing protocols for Manhattan distance cannot resist the attack of malicious participants. In the real scene, the existence of malicious participants makes it necessary to study a solution that can resist malicious attacks. This paper ﬁrst analyzes malicious attacks of the semi-honest model protocol of computing Manhattan distance and then designs an advanced protocol under the malicious model by using the Goldwasser–Micali encryption system and Paillier encryption algorithm, and utilizing some cryptographic tools such as the cut-choose method and zero-knowledge proof. Finally, the real/ideal model paradigm method is used to prove the security of the malicious model protocol. Compared with existing protocols, the experimental simulation shows that the proposed protocol can resist malicious participant attacks while maintaining high efﬁciency. It has practical value.


Introduction
With the innovation and development of new generation information technologies such as the blockchain, big data, and artificial intelligence, data information in various fields of society is constantly enriched and information sharing value is increasing. However, information privacy leakage is getting more and more attention. Secure multi-party computation (MPC) is one of the important tools to protect information data privacy and finish collaborative computing [1][2][3][4][5].
The MPC protocol of Manhattan distance is a typical problem of secure multi-party computational geometry problems [19,20,[29][30][31]. In machine learning, Manhattan distance making a classification, which requires computing the "distance" across samples is a practical method for distance calculation. In early computer graphics, screen constructed from pixel dots whose coordinates were generally integers and it wa to carry out float operations, but using Manhattan distance, which requires only a and subtraction, can greatly improve the operation speed. Therefore, the study o hattan distance has extremely important theoretical value and practical significan At present, there is some research on the secure computing of Manhattan d [29][30][31], and the existing protocols are designed in the semi-honest model. Conseq it is particularly significant to study the MPC protocol of Manhattan distance t malicious attacks. In this paper, an MPC protocol for calculating the Manhattan d is designed. The contributions are as follows: 1. Firstly, the protocol in Reference [29] is analyzed and found that some situatio be attacked by malicious participants.
2. According to the possible attacks of malicious participants, we design a new protocol for computing the Manhattan distance can resist malicious attacks process of designing the protocol, we use the Goldwasser-Micali and Paillier e tion algorithm, the cut-choose and zero-knowledge proof methods are used. cure computation of the Manhattan distance will be converted into the Millio problem to further improve the efficiency of the protocol.
3. The real/ideal model paradigm method is used to prove the security of the pr malicious model MPC protocol. The performance and efficiency of the proto analyzed and simulated by experiments compared with existing protocols.

Related Work
Manhattan distance is a secure multi-party computational geometry problem hattan distance can be seen everywhere in real life, which can be called the CityBlo tance or the taxi distance, that is, the actual distance as taxis pass from one crossr another. In a standard coordinate system, the sum of the absolute wheelbase of two which is the distance of two points in the north-south direction plus the distanc east-west direction, which is the Manhattan distance between two points, can be n . As shown in Figure 1. In Fang [29], the authors designed a new coding method. With the help of hom phism, the problem of calculating the Manhattan distance between two points is and skillfully transformed into calculating the Hamming distance of two vecto conversion idea not only improves the protocol efficiency but also prevents the dis of intermediate information. However, the protocol cannot resist malicious attack Reference [30] invoked the absolute value of the difference and designed the Manhattan distance under different restrictions. The protocol's performance is po In Fang [29], the authors designed a new coding method. With the help of homomorphism, the problem of calculating the Manhattan distance between two points is flexibly and skillfully transformed into calculating the Hamming distance of two vectors. This conversion idea not only improves the protocol efficiency but also prevents the disclosure of intermediate information. However, the protocol cannot resist malicious attacks.
Reference [30] invoked the absolute value of the difference and designed the MPC of Manhattan distance under different restrictions. The protocol's performance is poor.
Reference [31] designed a new graph encryption scheme for shortest distance queries based on a 2-hop cover labeling, which uses symmetric-key primitives. This scheme can obtain the shortest distance between any two points in the graph, but it cannot resist malicious attacks.
In the above references, the MPC protocols of Manhattan distance is designed based on the semi-honest model, which cannot resist the attack of malicious participants. The protocol for secure computing Manhattan distance under the malicious model needs to be designed. The protocol proposed in reference [32] is a classic problem in the malicious model, but it is used to solve the Millionaire problem, which is different from the problem scenario we solve.

Paillier Encryption Algorithm
Paillier proposed a probabilistic encryption algorithm [33] to solve the problem of composite residue classes. It has additive homomorphism.
Encryption: A random number r < N is selected to perform the encryption operation c = E(m) = g m r N modN 2 .
Decryption: The private key λ is used for decryption to obtain the ciphertext:

Goldwasser-Micali Encryption Algorithm
The Goldwasser-Micali (GM) encryption algorithm [34] has XOR homomorphism. Preparation: Two large prime numbers p and q are selected to get n = pq. And t ∈ Z 1 n (where Z 1 n is a subset of Jacobi containing elements of Z * n ) is selected as part of the public key. The private key of the algorithm is (p, q) and the public key is (n, t).
Encryption: For m = m 1 m 2 · · · m s (m i ∈ {0, 1}) in binary representation, the random number r is selected to encrypt the message m i : Decryption: The private key (p, q) is used for decryption to obtain the ciphertext: Among them, ( a p ) is defined as follows: , p cannot divide a, p is the sec ond residue of a; −1, p is not divisible by a, p is a quadratic non-residue of a; 0, p can divide a.

Zero-Knowledge Proof
The zero-knowledge proof means that in the process of interaction between the certifier and the verifier, when the certifier does not provide effective information, the verifier believes that the conclusion is correct through the interaction of both parties, then we say that the process has realized the zero-knowledge proof. In the process of interaction between the two sides, the information obtained by the verifier is only the right and wrong of the conclusion. For example, the zero-knowledge proof protocol DLEQ(g 1 , h 1 , g 2 , h 2 ) [35] is as follows, where Appl. Sci. 2022, 12, 11705 4 of 15 1. The certifier selects random numbers w and c, calculates C = H(g w 1 , g w 2 ), r = w − α · c, and finally publishes (r, c, C). 2. The verifier can verify whether C = H(g r 1 h c 1 , g r 2 h c 2 ) is established. If it is true, the verifier believes that the conclusion is correct, that is, the certifier knows the secret α.

Encoding
To study the MPC protocol of Manhattan distance, the encoding method is used to further simplify the research problem. The following methods are the coding rules and calculation principles of this protocol.
Then, the Manhattan distance between points P and Q can be calculated according to the following formula:

Security Definition under the Malicious Model
Under the malicious model, the widely accepted security definition is the real /ideal model paradigm method [32].
can be recognized in the actual protocol, so that: At this time, the protocol can be said to safely calculate the function F, where

The MPC Protocol of Computing Manhattan Distance under the Semi-Honest Model
In Reference [29], the method of calculating the Manhattan distance between two points is converted into the Hamming distance between vectors. The specific MPC protocol is as follows (Algorithm 1): Algorithm 1 Securely computing the Manhattan distance under the semi-honest model Input: Alice owns point P(x 1 , y 1 ) and Bob owns point Q(x 2 , y 2 ). Output:|x 2 − x 1 | + |y 2 − y 1 |. Preparation: Alice and Bob construct the vectors A = (P 11 , · · · , P 1n , P 21 , · · · , P 2n ) and B = (Q 11 , · · · ,Q 1n , Q 21 , · · · , Q 2n ) corresponding to point P and point Q respectively using the coding rules.

2.
Bob encrypts vector B, calculates , disturbs the order of elements in R to getR, and sends it to Alice.
The protocol ends.
This protocol is secure for Alice and Bob under the semi-honest model. However, if either Alice or Bob is malicious, the protocol will no longer be secure. Solutions need to be designed for possible malicious behavior.

The MPC Protocol of Computing Manhattan Distance under the Malicious Model
Ideas: This part first analyzes the possible malicious attacks of the semi-honest model protocol, designs the corresponding countermeasures to resist the malicious attacks, and finally makes the malicious participant unable to attack or be found (Note: the case where participants provided incorrect input cannot be considered, because this could not be avoided under the ideal model).
Possible malicious attacks in Algorithm 1 (as shown in Figure 2): Appl. Sci. 2022, 12, x FOR PEER REVIEW 6 of 1 To prevent the above attacks, the solution is to use the GM and Paillier encryption algorithm, utilizing the zero-knowledge proof and cut-choose method.

Specific Protocol
The specific protocol is as follows (Algorithm 2): Algorithm 2 Securely computing the Manhattan distance under the malicious model

In
Step 3 of Algorithm 1, the result can only be calculated by Alice (Bob has no private key), which is unfair to Bob. 2. There may be a malicious attack in step 3, that is, Alice may tell Bob the wrong calculation result or terminate the protocol. In the end, Alice gets the right result, while Bob may get the wrong result or not.
To prevent the above attacks, the solution is to use the GM and Paillier encryption algorithm, utilizing the zero-knowledge proof and cut-choose method.

Specific Protocol
The specific protocol is as follows (Algorithm 2): Algorithm 2 Securely computing the Manhattan distance under the malicious model Input: Alice owns point P(x 1 , y 1 ) and Bob owns point Q(x 2 , y 2 ).
(a) Alice and Bob respectively generate the public and private keys pk (A) /sk (A) and pk (B) /sk (B) of the GM encryption system and send their public keys to each other. Alice generates the public key (g a , N a ) and private key λ a of Paillier encryption system and calculates µ = g λ a a modN 2 a . Similarly, Bob generates (g b , N b ), λ b , and calculates ν = g λ b b modN 2 b . Alice and Bob exchange (g a , N a , µ) and and (g b , N b , ν). (b) Alice constructs the vector A = (P 11 , · · · , P 1n , P 21 , · · · , P 2n ) of point P according to the coding rules. (c) Bob constructs the vector B = (Q 11 , · · · , Q 1n , Q 21 , · · · , Q 2n ) of point Q according to the coding rules.
Processing steps: Bob encrypts vector B with Alice's GM public key to obtain: is obtained by randomly disrupting the sequence of E pk (A) (A ⊕ B) and then sent to Alice.
Alice and Bob select m random numbers Using the cut-choose method, Alice selects m/2 groups If the verification passes, she continues to execute the protocol, if not, terminates the protocol.
If the verification passes, he continues to execute the protocol, otherwise terminate the protocol.

Alice and Bob randomly select one
r N a 2 modN 2 a and sends it to Alice. 13. Alice uses λ a to calculate m a = C λ a a modN 2 a , Bob uses λ b to calculate m b = C λ b b modN 2 b , and publishes m a and m b respectively. 14. Both parties verify the correctness of the calculation with the help of the zero-knowledge proof. Alice proves log C a m a = log g a µ and Bob proves log If one of them fails to pass the proof, he or she is the malicious participant. 15. If the certificate is passed, Bob calculates L(m a )/L(µ) to obtain a i b(x − y), and then obtains a i (x − y). When a i (x − y) = 0, then x = y.. 16. Alice calculates L(m b )/L(ν) to obtain ab j (x − y), and then gets b j (x − y). When b j (x − y) = 0, then x = y. 17. If x = y, then f 1 (P, Q) = f 2 (P, Q) = x = y. Alice and Bob get f 1 (P, Q) and f 2 (P, Q) respectively.
The Protocol ends.

Correctness Analysis
The following is a correctness analysis of Algorithm 2: 1. The main purpose of the first six steps in Algorithm 2 is that Alice and Bob calculate the Manhattan distance respectively. In this process, Alice and Bob decrypt using their own GM private key, so they cannot get each other's information. At the same time, in order to prevent the other party from obtaining its own information, the obtained ciphertext is randomly scrambled in steps 2 and 5 and then sent to the other party. 2. In 7-16 steps, the problem of calculating Manhattan distance has been skillfully transformed into the socialist millionaires' problem. 3. In step 13, Alice must calculate m a correctly, otherwise, it cannot be proved by the zero-knowledge, that is, cheating is impossible. If a i x in the remaining m/2 group (C i 1a , C i 2a ) also satisfies a i x < N a /2 and Bob selects b < N b /2, Bob can calculate F(x, y) after publishing m a . 4. In this process, if Alice wants to successfully implement the malicious behavior, she can only select a a i that does not meet the requirements, which is not found in the verification in step 8 and is selected by Bob in step 10, so Bob will not get the correct result. But Alice cannot get y, because a i b(x − y) is unsolvable (an equation has two unknown numbers). 5. If Alice uses the above method to cheat, the maximum success rate of deception is that in m group (C i 1a , C i 2a ), m − 1 groups meet the requirements, and only one group does not meet the requirements, that is, the maximum probability is 1/m. When the probability of success is the largest (i.e., one group does not meet the requirements), when the probability of success of m = 10 deception is When m = 50, these two probabilities are reduced to 2 × 10 −2 and 7.9 × 10 −15 respectively. If the group greater than 1/2 does not meet the requirements, the probability of successful deception will be reduced to 0 (it will always be found in the verification stage). Similarly, Bob's probability of successful malicious behavior is the same as Alice's. Therefore, the protocol is secure.
Preparation: Alice and Bob respectively generate the public and private keys pk (A) /sk (A) and pk (B) /sk (B) of the GM encryption system and send their public keys to each other. Alice generates the public key (g a , N a ) and private key λ a of Paillier encryption system and calculates µ = g λ a a modN 2 a . Similarly, Bob generates (g b , N b ), λ b , and calculates ν = g  (g a , N a , µ) and (g b , N b , ν).
In Algorithm 2, Alice and Bob have the same operations, and the status of both parties is fair. Assume Alice is a malicious participant to explain. Alice's possible malicious behaviors include: using the wrong x to calculate C b in step 11, using the wrong λ a to calculate m a in step 13, etc. Then Alice cannot prove through the zero-knowledge proof in step 14. Bob knows that Alice is a malicious participant, and Algorithm 2 is terminated. If Algorithm 2 is not finished by step 15 and x = y is obtained, it can be proved that both parties have implemented the protocol in a semi-honest way, and Bob will get the correct conclusion that f 2 (P, Q) = y = 6 in step 17.

Security Proof
This paper uses the real/ideal model paradigm method to prove the security. In steps 3 and 6 of Algorithm 2, Alice and Bob get x and y respectively. We can take x and y as the input data for further execution of Algorithm 2 in the first six steps. Executing the protocol with the false x and y is equivalent to providing the false input, which is unavoidable under an ideal protocol, so it is not considered. Therefore, only steps 7-17 need to be proven secure.

Theorem 1. Algorithm 2 (mentioned as Π) is secure.
Proof of Theorem. The Algorithm Π is feasible only if at least one of the two parties in the protocol is not a malicious participant, that is, there are two cases that need to be proven secure.
(Case I) A 1 is honest, A 2 is dishonest. In this situation, A 1 and A 2 execute Π, then: where S is the sequence message received by A 2 through the zero-knowledge proof. A 1 will execute the protocol honestly, and B 1 is determined. B 2 of the ideal model is indistinguishable from A 2 of the actual protocol needs to be proven. The output of in the actual model (note: A 2 is the actual executor of Π. Therefore, when proving, the security of Π needs to be verified according to A 2 's behavior, that is A 2 (y)).

1.
A 1 in the actual protocol is honest, so B 1 will send right x to TTP. According to dishonest A 2 's strategy, B 2 decides what information to send to TTP. Consequently, the input of B 2 is A 2 (y).
1 B 2 and A 2 execute Π and send the information A 2 (C i 1a , C i 2a ) to A 2 in step 7 based on Algorithm 2. 2 In step 8, B 2 verifies the information he asked A 2 to publish. 3 In step 9, B 2 publishes the information required by A 2 . 4 In steps 10-12, B 2 selects, calculates, and publishes the information according to Π. 5 In step 13, m a is calculated and published. 6 In step 14, the information sequence S is obtained.
In the process of Π, the following can be got: In steps 7-14, Π adopts the same encryption algorithm, and the zero-knowledge proof ensures S c ≡ S, so: (Case II) A 1 is dishonest, A 2 is honest. There are two cases: 1. Alice gets the result and ignores TTP, then ⊥ is sent to Bob by TTP, so: 2. Conversely, f 2 (x, y) is sent to Bob by TTP, then: where S is the sequence message received by A 1 . A 2 is honest, B 2 is determined. B 1 of the ideal model is indistinguishable from A 1 of the actual protocol needs to be proven. That is, the output of strategy pair needs to be proven (note: A 1 is the actual executor of Π. Therefore, when proving, the security of Π needs to be verified according to A 1 's behavior, that is A 1 (x)). 1. According to dishonest A 1 's strategy, B 1 decides what information to send to TTP. Therefore, the input value B 1 sends to TTP is A 1 (x). 2. (A 1 (x), y) is obtained by TTP to calculate F(A 1 (x), y). 3. B 1 executes Π with A 1 by dressing up as A 2 , that is, B 1 selects y simulation protocol and makes F(A 1 (x), y ) = F(A 1 (x), y). 1 B 1 and A 1 execute the protocol and send A 1 (C i 1b , C i 2b ) in step 7 to A 1 . 2 In step 9, B 1 verifies the information he asked A 1 to publish in step 8. 3 In steps 10-12, B 1 selects, calculates, and publishes the information according to Π. 4 In step 13, B 1 calculates m b and publishes it. 5 In step 14, the information sequence S is obtained.
In the process of the protocol, there are two situations:

1.
A 1 receives the message and ignores TTP, so: 2. Conversely, that is: In steps 7-14, Π uses the same encryption algorithm, so and S c ≡ S ensured by the zero-knowledge proof, then: Combining the above two cases it is proved that the output of the strategy to in the actual model, which meets Definition 1. Therefore, Algorithm 2 is secure.

Overall Performance Comparison
This paper analyzes the performance of Algorithm 2 and protocols in other references [29][30][31], as shown in Table 1. Table 1. Protocol's performance analysis.

Computational Complexity
In Fang [29], the protocol adopts the GM encryption system. One-time encryption needs two modular multiplication operations, and one-time decryption needs log N modular multiplication operations. Alice's encryption and decryption need 2n times. Bob's encryption needs 2n times and the multiplication calculation is 2n times. Therefore, a total of 10n + 2n log N modular multiplication operations are carried out.
In Dou [30], its protocol adopts the Paillier encryption algorithm. For the Paillier algorithm, one-time encryption or decryption needs log N modular multiplications. Alice's encryption and decryption times are 2mn and 1 respectively; Bob's encryption times are 1. Therefore, the protocol performs a total of (2mn + 2) log N modular multiplication operations.
The protocol proposed by Liu [31] uses the 2HCL and symmetric-key primitives, and its computational complexity cannot be expressed by modular multiplication. In reference [31], m is used to represent the length of the label in the 2HCL index and n is denoted as the number of vertices in the graph, and the computational complexity of the protocol is O(mn).
In Algorithm 2 of this paper, the GM encryption system is used in steps 1-6. Alice and Bob perform encryption, decryption, and modular multiplication operations 4n, 2n, and 2n times respectively. Steps 7-14 transformed the judgment conditions into the socialist Millionaires' problem and carried out 10m log N + 2 times of modular multiplication. Therefore, the protocol performs a total of [20n + (4n + 10m) log N + 2] modular multiplication operations.

Communication Complexity
In Fang [29], the two parties conducted two rounds of communication. In Dou [30], the two parties conducted three rounds of communication. In Liu [31], the number of communication rounds between the client-side and the server-side are three rounds. In Algorithm 2, four rounds of communication are carried out. Table 2 shows the specific comparison. Table 2. Efficiency comparison (based on modular multiplication).

Protocol
Computational Complexity

Resist Malicious Attacks
Fang [29] 10n + 2n log N 2 No Dou [30] (2mn + 2) log N 3 No Liu [31] O(mn) 3 No Algorithm 2 20n + (4n + 10m) log N + 2 4 Yes Note: the computational complexity of most MPC protocols is relatively high, due to the use of some cryptographic tools, such as the cut-choose method and zero-knowledge proof. These calculations do not reveal private data and can therefore be outsourced to improve the efficiency of the protocol.

Experimental Simulation
We use Python language to simulate Algorithm 2 and references [29,30], and the consistency of the universal set's potential and input information is maintained. For the above three protocols, 1000 experiments were performed based on different data lengths, and the average value of 10 execution times was randomly taken.
As shown in Figure 3, the computational complexity of reference [29] is slightly lower than that of Algorithm 2. In Dou [30], the proposed protocol is designed based on invoking the MPC protocol that takes the absolute value of the difference between two numbers, which greatly increases the amount of calculation, so its computational complexity is higher than Algorithm 2.
Appl. Sci. 2022, 12, x FOR PEER REVIEW Note: the computational complexity of most MPC protocols is relatively high, due to the u cryptographic tools, such as the cut-choose method and zero-knowledge proof. These ca do not reveal private data and can therefore be outsourced to improve the efficiency of the

Experimental Simulation
We use Python language to simulate Algorithm 2 and references [29,30], and sistency of the universal set's potential and input information is maintained. For t three protocols, 1000 experiments were performed based on different data leng the average value of 10 execution times was randomly taken.
As shown in Figure 3, the computational complexity of reference [29] is sligh than that of Algorithm 2. In Dou [30], the proposed protocol is designed based o ing the MPC protocol that takes the absolute value of the difference between two n which greatly increases the amount of calculation, so its computational comp higher than Algorithm 2.  [29], Dou [30], and Algorithm 2.
Compared with references [29,30], the protocols have little difference in the of communication rounds, but only Algorithm 2 proposed in this paper can re cious attacks. Although the efficiency of Algorithm 2 is not the highest, its co mainly comes from steps such as zero-knowledge proof, and this part of the ca can be outsourced to improve efficiency.

Applications
The applications of Manhattan distance permeate many aspects of real life ver, the research on MPC of Manhattan distance also has important practical ap value, such as privacy computation, computer graphics, data mining, and machi  [29], Dou [30], and Algorithm 2.
Compared with references [29,30], the protocols have little difference in the number of communication rounds, but only Algorithm 2 proposed in this paper can resist malicious attacks. Although the efficiency of Algorithm 2 is not the highest, its complexity mainly comes from steps such as zero-knowledge proof, and this part of the calculation can be outsourced to improve efficiency.

Applications
The applications of Manhattan distance permeate many aspects of real life. Moreover, the research on MPC of Manhattan distance also has important practical application value, such as privacy computation, computer graphics, data mining, and machine learning. The following are some specific application scenarios.
1. Computing distance is a measurement method. Manhattan distance is often used to measure the length of the path in many scientific studies. For example, in the study of biological cryptography, it is often necessary to judge whether the two biological templates are the same or similar. In data mining and machine learning, we often judge the analogy and similarity of individuals. When consuming products, it will also judge the similarity of consumers. Therefore, the similarity of different individuals can be deduced by calculating the distance value of individual feature vectors, that is, the protocol for MPC of Manhattan distance is the basic module for constructing the secret calculation vector similarity protocol. 2. The Manhattan distance between two points can better protect personal privacy and solve the constrained optimization problem. As shown in Figure 4, both military sides select military bases in an area, and neither side wants the other party to know where their military bases are located. At the same time, the military exchanges between the two sides are close, and the driving distance between the two military bases should be moderate, that is, the distance should be appropriate. In such an actual scene, the range size of the specified area is equivalent to the given complete set. Both parties just select the appropriate coordinate system in the area, and the location of the military bases of both parties is selected within the range of the complete set. For the suitability of the distance, both parties can jointly calculate the Manhattan distance between two points to make appropriate adjustments.
pl. Sci. 2022, 12, x FOR PEER REVIEW where their military bases are located. At the same time, the mi tween the two sides are close, and the driving distance between ses should be moderate, that is, the distance should be appropria scene, the range size of the specified area is equivalent to the give parties just select the appropriate coordinate system in the area the military bases of both parties is selected within the range of t the suitability of the distance, both parties can jointly calculate tance between two points to make appropriate adjustments. There are many similar scenarios, and there will be many const problems in engineering practice, scientific research, and other fields solve the optimization constraint problem, it is particularly impor Manhattan distance between two points.
3. Today, with the development of information, information search practical application value. The location relationship between t vector and the vector interval is the solution to solve the secure s ing. The problem of the relationship between the security dec vector set can also be solved by computing the Manhattan distan

Conclusions
Securely computing Manhattan distance is a basic module for d There are many similar scenarios, and there will be many constrained optimization problems in engineering practice, scientific research, and other fields. Therefore, to better solve the optimization constraint problem, it is particularly important to calculate the Manhattan distance between two points.
3. Today, with the development of information, information search and matching have practical application value. The location relationship between the security decision vector and the vector interval is the solution to solve the secure searching and matching. The problem of the relationship between the security decision vector and the vector set can also be solved by computing the Manhattan distance securely.

Conclusions
Securely computing Manhattan distance is a basic module for designing other MPC geometric protocols, so it has important theoretical significance and application value to study this problem. Given the shortcomings of existing protocols, combining Paillier's algorithm with additive homomorphism and GM encryption algorithm with Xor homomorphism, this paper takes the lead in designing a protocol with high-security performance under the premise of resisting malicious participant attacks. Algorithm 2 used tools such as the cut-choose method to prevent deception. The real/ideal model paradigm method is used to prove the security of the malicious model protocol. Compared with existing protocols, the experimental simulation shows that only Algorithm 2 can resist malicious participants' attacks while maintaining high efficiency. The protocol is close to the reality of the existence of malicious participants and has more practical value. The next step is to improve Algorithm 2, using the homogeneous secret sharing to pass the ciphertext, to improve the protocol efficiency.  Data Availability Statement: The authors approve that data used to support the finding of this study are included in the article.

Acknowledgments:
In the process of completing the manuscript, I got the help of many people. First of all, I should thank Baoshan Li for giving me many valuable opinions and providing me with the greatest support in thought and action. Second, I thank Yongxing Du for making a lot of amendments and suggestions to the manuscript. Finally, I want to thank my family, classmates, and friends for their support and encouragement. The public and private keys of Alice's GM encryption system pk(B)/sk(B)

Conflicts of Interest
The public and private keys of Bob's GM encryption system (g a , N a ) The public key of Alice's Paillier encryption system (g b , N b ) The public key of Bob's Paillier encryption system λ a The private key of Alice's Paillier encryption system The public key of Bob's Paillier encryption system E( ) The process of converting encrypted plaintext into ciphertext D( ) The process of decrypting ciphertext into plaintext r i Random numberŝ R( ) Results for a random permutation of the ciphertext E pk(A) Encrypted calculation with A's public key E pk(B) Encrypted calculation with B's public key IDEAL