To address model privacy and user data leakage risks in decision-tree inference within cloud environments, this paper proposes an efficient, strongly privacy-preserving ciphertext-domain inference scheme. Methodologically, it introduces (1) a novel prediction-path-level selective secure traversal mechanism that decrypts and evaluates only nodes along the actual inference path; (2) a bidirectional offline secure inference framework enabling fully offline preprocessing by both the service provider and the user; and (3) a synergistic integration of functional encryption, lightweight cryptographic protocols, and ciphertext path pruning, with strict separation between online and offline phases. The scheme is formally proven to satisfy adaptive privacy under a rigorous security model. Empirical evaluation demonstrates microsecond-scale inference latency and validates efficiency and practicality across multiple real-world datasets.

The expansive storage capacity and robust computational power of cloud servers have led to the widespread outsourcing of machine learning inference services to the cloud. While this practice offers significant operational benefits, it also poses substantial privacy risks, including the exposure of proprietary models and sensitive user data. In this paper, we introduce OnePath, a framework designed for secure and efficient decision tree inference in cloud environments. Unlike existing schemes that require traversing all internal nodes of a decision tree, our protocol securely identifies and processes only the nodes on the prediction path, maintaining data privacy under ciphertext throughout the inference process. This selective traversal enhances both security and efficiency. To further optimize privacy and performance, OnePath employs lightweight cryptographic techniques, such as functional encryption, during the online phase of secure inference. Notably, our protocol allows both providers and clients to perform secure inference without the need to remain online continuously, a critical advantage for real-world applications. We substantiate the security of our framework with formal proofs, demonstrating that OnePath robustly protects the privacy of decision tree classifiers and user data. Experimental results highlight the efficiency of our approach, with our scheme processing query data in mere microseconds on the tested dataset. Through OnePath, we provide a practical solution that balances the needs for security and efficiency in cloud-based decision tree inference, making it a promising option for a variety of applications.