Abstract. Cloud-based indoor positioning services offer advantages over non-cloud approaches, but also face serious privacy concerns. How to utilize an untrusted cloud server for location computation while not allowing the server to obtain the localization results is the most challenge in solving the privacy concerns, which has not been solved by the existing research. In this paper, a privacy-preserving indoor positioning scheme was designed to address this challenge. Based on the previous work using Inner Product Encryption for the protection of ranging information and anchor location information during the localization process, a transformation method was additionally proposed for the protection of localization results. The ranging information was transformed by the target, which enables the localization server to get only the transformed localization result, and only the target can recover the real location from it. In addition, this transformation is designed to be performed on the ciphertexts of the Inner Product Encryption so that the private information required for transformation is in the ciphertext form thus avoiding privacy leakage. Theoretical analysis and experimental results demonstrated that this scheme can protect the ranging information, localization results and anchor location information. At the same time, it has lower computation and communication overhead and hardly degrades the localization accuracy.