1 / 25

New Efficient Searchable Encryption Schemes from Bilinear Pairings

New Efficient Searchable Encryption Schemes from Bilinear Pairings. Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007. Presenter: 李宗諺. Outline. Introduction Preliminaries PEKS IND-CKA A New PEKS Scheme from Pairing Conclusion. Introduction. Outline.

lev
Download Presentation

New Efficient Searchable Encryption Schemes from Bilinear Pairings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:李宗諺

  2. Outline • Introduction • Preliminaries • PEKS • IND-CKA • A New PEKS Scheme from Pairing • Conclusion

  3. Introduction

  4. Outline • Introduction • Preliminaries • PEKS • IND-CKA • A New PEKS Scheme from Pairing • Conclusion

  5. Preliminaries (1/4) • In 2004, Boneh et.al • Public Key Encryption with Keyword Search • four polynomial-time algorithms: • KeyGen • Trapdoor • PEKS • Test

  6. Preliminaries (2/4) • KeyGen : • Take as input a security parameterλ, generate a public/private key pair (pk,sk). • (pk,sk)=KeyGen(λ) • Trapdoor : • Take as input the receiver’s private key skand a word W , produce a trapdoorTw. • Tw=Trapdoor(sk,W)

  7. Preliminaries (3/4) • PEKS: • Take as input the receiver’s public keypk and a wordW, produce a searchable encryption ofW. • C = PEKS( pk , W) • Test: • Take as input the receiver’s public key pk, a searchable encryption C = PEKS(pk,W’), and a trapdoor Tw = Trapdoor(sk,W), output 1 (“yes”) if W = W’ and 0 (“no”) otherwise. • Test( pk ,PEKS(pk,W) ,Tw )=1

  8. (pk,sk) 1.λ KeyGan Preliminaries (4/4) Tw 加密過的訊息 傳回使用者 所需的文件 Bob Alice Sever 2.C=PEKS( Apk ,W ) 3.Tw= Trapdoor(Ask,W) 4. Test(Apk,C,Tw) ?= 1

  9. Outline • Introduction • Preliminaries • PEKS • IND-CKA • A New PEKS Scheme from Pairing • Conclusion

  10. Preliminaries • Indistinguishability of PEKS against chosen keyword attack (IND-CKA) • KeyGen • Phase 1 • Challenge • Phase 2 • Guess

  11. λ KeyGen (pk,sk) pk IND-CKA (1/6) • KeyGen • The challenger runs the KeyGen(λ) algorithm to generate(pk,sk). It gives pk to the attacker. challenger attacker

  12. IND-CKA (2/6) • Phase 1 • The attacker ask the challengger for the trapdoor Tw for any keyword W ∈{0,1}* • Challenge • The attacker A sends thechallenger two wordsW0 ,W1. • The challenger picks a random b∈{0,1} and gives the attacker C = PEKS( pk , W)

  13. λ KeyGen (pk,sk) IND-CKA (3/6) challenger attacker pk W0 ,W1 b∈{0,1} C = PEKS( pk , Wb)

  14. IND-CKA (4/6) • Phase 2 • The attacker can continue to ask for trapdoors Tw for any keyword W of his choice as long as W≠W0,W1 • Guess • The attacker A outputs b’∈{0,1} and wins the game if b = b’

  15. λ KeyGen (pk,sk) IND-CKA (5/6) challenger attacker pk W0 ,W1 b ∈{0,1} C = PEKS( pk , Wb) b‘∈{0,1} b’ b?=b’

  16. Preliminaries ( G1 , + ) and ( G2 ,‧) be two cyclic groups of prime order q e : G1 × G1→G2 be a map which satisfies the following properties • Bilinear Pairings • Bilinear: • Non-degenerate: • If P is a generator of G1 ,then e(P,P) is a generator of G2 • Computable: • There is an efficient algorithm to compute e(P,Q) for any P,Q∈ G1

  17. Preliminaries • BDH problem: • P,aP,bP,cP ∈ G1 • P,aP,bP,cP = e(P,P)abc • k – BDHI problem:

  18. Outline • Introduction • Preliminaries • PEKS • IND-CKA • A New PEKS Scheme from Pairing • Conclusion

  19. A New PEKS Scheme from Pairings (1/5) • The Scheme • ( G1 , + ) and ( G2 ,‧) be two cyclic groups of prime order q • e : G1 × G1→G2 be an admissible bilinear pairing • H1:{0,1}* → Zq* and H2: G2 →{0,1}log q • P is a generator of G1 • μ = e ( p , p )

  20. A New PEKS Scheme from Pairings (2/5) • KeyGen : • Pick a randomx ∈ Zq* • compute X = xP • Output pk =X and sk = x.

  21. A New PEKS Scheme from Pairings (3/5) • Trapdoor: • Take as input secret key x and keyword W • Output Tw = (H1(W)+x)-1P • PEKS : • Take as input public key X and a keyword W • Select randomly r∈ Zq* • compute U = rH1(W)P+rX , c = H2(μr) • Output (U,c)

  22. A New PEKS Scheme from Pairings (4/5) • Test • Input public key X , searchable encryption cipher-text(U,c) and trapdoor Tw • Test if H2(e(Tw,U)) = c • If so ,output 1 • Otherwise ,out put 0.

  23. A New PEKS Scheme from Pairings (5/5) • Consistency • H2(e(Tw,U)) = H2(e((H1(W)+x)-1P, rH1(W)P+rX)) • = H2(e((H1(W)+x)-1P, r(H1(W)+x)P) • = H2(e((P,P)r) • = c Tw = (H1(W)+x)-1P U = rH1(W)P+rX X = xP μ = e ( p , p ) c = H2(μr)

  24. Outline • Introduction • Preliminaries • PEKS • IND-CKA • A New PEKS Scheme from Pairing • Conclusion

  25. Conclusion • In this paper, we propose a new PEKS scheme based on bilinear pairings. • There is no pairing operation involved in the encryption, so new PEKS scheme is more efficient than the scheme of Boneh et.al.

More Related