1 / 27

Public Key Encryption with keyword Search

Public Key Encryption with keyword Search. Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻. Problem(1/2). user. untrusted server. Pre-stored data. Search. Ciphertext. Problem(2/2). User1(Alice). User2(Bob). send. receive.

thyra
Download Presentation

Public Key Encryption with keyword Search

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻

  2. Problem(1/2) user untrusted server Pre-stored data Search Ciphertext

  3. Problem(2/2) User1(Alice) User2(Bob) send receive mail server

  4. Properties • Query isolation: The un-trusted server can not learn anything more about the plaintext than the search result. • Controlled searching: The un-trusted server can not search for an arbitrary word without the user’s authorization. • Hidden queries: The user may ask the un-trusted server to search for a secret word without revealing the word to the server.

  5. Public key encryption with search: definitions (1/4) • Bob wants to mail to Alice, then he sends the following message: • Our goal is to enable Alice to send Tw to mail server that will enable the server to all messages containing the keyword W. And server simply sends the relevant email back to Alice. • We call it “search public-key encryption”.

  6. Public key encryption with search: definitions (2/4) User1(Alice) User2(Bob) receive Send Search Bob’s mail server

  7. Public key encryption with search: definitions (3/4) • Def. A non-interactive public key encryption with keyword search scheme consists of the following polynomial time randomized algorithms:

  8. Public key encryption with search: definitions (4/4)

  9. PEKS implies Identity Based Encryption • Public key encryption with keyword search is related to Identity Based Encryption (IBE). • Constructing a secure PEKS appears to be a harder problem than constructing an IBE. • Lemma 2.3 A non-interactive searchable encryption scheme (PEKS) that is semantically secure against an adaptive chosen keyword attack gives rise to a chosen ciphertext secure IBE system (IND-ID-CCA).

  10. PEKS implies Identity Based Encryption • Proof sketch: Given a PEKS (KeyGen, PEKS, Trapdoor, Test) the IBE system is as follow: • 1. Setup: Run the PEKS KeyGen algorithm to generate . The IBE system parameter are . The master-key is . • 2.KeyGen: the IBE private key associated with a public key is

  11. PEKS implies Identity Based Encryption • 3.Encrypt: Encrypt a bit using a public key as: • 4.Decrypt: To decrypt using the private . Output ‘0’ if and output ‘1’ if

  12. PEKS implies Identity Based Encryption • The resulting system is IND-ID-CCA assuming the PEKS is semantically secure against an adaptive chosen message attack. • Building non-interactive public-key searchable encryption is at least as hard as building an IBE system.

  13. Constructions • Two constructions for public-key searchable encryption: • (1) an efficient system based on a variant of Decision Diffie-Hellman assumption . (assuming a random oracle) • (2) a limited system based on general trapdoor permutations, but less efficient. (without assuming the random oracle)

  14. Diffie-Hellman 鑰匙交換的運作程序 • n 與 g 為公開值 • 雙方各選一個較大的數值 x 與 y • 計算出『秘密鑰匙』:gxymod n

  15. 驗證 Diffie-Hellman 演算法 • Alice 選定:n = 47,  g =3,  x=8,  計算出: • gx mod n = 38 mod 47 = 28 mod 47 • 訊息 (1) = {47, 3, 28} • Bob 選定:y =10 ,  計算出: • gy mod n = 310 mod 47 = 17 mod 47 • 訊息 (2) = {17} • Alice 計算會議鑰匙: • (gx mod n)y = gxy mod n = 2810 mod 47 = 4 mod 47 • Bob 計算會議鑰匙: • (gy mod n)x = gxy mod n = 178 mod 47 = 4 mod 47 • 會議鑰匙 k= 4

  16. Construction using bilinear maps(1/5) • Our first construction is based on a variant of the Computational Diffie-Hellman problem. • Boneh and Franklin [2] used bilinear maps on elliptic curves to build an efficient IBE system.

  17. Construction using bilinear maps(2/5) • Using two groups of prime order p and a bilinear map between them. • The map satisfies : 1.Computable:given there is a polynomial time algorithms to compute 2.Bilinear: for any integer then 3.Non-degenerate: if g is a generator of then is a generator of

  18. Construction using bilinear maps(3/5) • We build a non-interactive searchable encryption scheme from such a bilinear map. • hash functions H1 : {0, 1} *→ G1 and H2 : G2 → • KeyGen:Input security parameter determines the size, p, of the groups G1 and G2. Picking a random and generator g of G1. Output

  19. Construction using bilinear maps(4/5) • PEKS : compute for a random . Output PEKS = • Trapdoor • Test Test if If so, output ‘yes’ ; otherwise, output ‘no’.

  20. Construction using bilinear maps(5/5) • Compute • Since , right=left . if Test outputs ‘yes’ then the mail server sends the Bob’s mail to Alice.

  21. Conclusion • Constructing a PEKS is related to Identity Based Encryption (IBE), though PEKS seems to be harder to construct. • Our constructions for PEKS are based on recent IBE constructions. We are able to prove security by exploiting extra properties of these schemes. • How to use to the following idea?

  22. idea User1(Alice) User2(Bob) Search Store Ciphertext Untrusted server

  23. 加密搜尋系統 user 2008.2.26 陳昱圻

  24. Introduction • 單一user • 資料只有自己可以取得 • Server只負責比對 • 視窗介面(預計先設計單機)

  25. Outline • 身份認證(確定為有權限user) • 讀取明文 顯示文字 • 執行加密 輸出密文 • 並得到trapdoor • 搜尋時讓server去做比對 • 進而到多機版本

  26. Construction • 中間過程方法採用Practical Techniques for Searches on Encrypted Data這篇所提到的方法,而後如果有增加可在做修改 • 文字處理: 每個word皆轉成ASCIIcode 並在加密後長度一樣 (http://home.educities.edu.tw/wanker742126/asm/ap04.html) • Server只存資料 而user要知道keyword才能丟給伺服器做搜尋動作

  27. Construction(cont.) user untrusted server Pre-stored data, with E(W) Search, with Trapdoor Ciphertext Server(E(W), Trapdoor) User(Document, Word, Trapdoor)

More Related