Location-based services are getting more popular day by day. Finding nearby
stores, proximity-based marketing, on-road service assistance, etc., are some
of the services that use location-based services. In location-based services,
user information like user identity, user query, and location must be
protected. Ma et al. (INFOCOM-BigSecurity 2019) proposed a privacy-preserving
location-based service using Somewhat Homomorphic Encryption (SHE). Their
protocol uses edge nodes that compute on SHE encrypted location data and
determines the k-nearest points of interest contained in the Location-based
Server (LBS) without revealing the original user coordinates to LBS, hence,
ensuring privacy of users locations. In this work, we show that the above
protocol by Ma et al. has a critical flaw. In particular, we show that their
secure comparison protocol has a correctness issue in that it will not lead to
correct comparison. A major consequence of this flaw is that straightforward
approaches to fix this issue will make their protocol insecure. Namely, the LBS
will be able to recover the actual locations of the users in each and every
query