1 / 22

Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System

Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System. Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong Ho Hwang and Pil Joong Lee Presenter: Li-Tzu Chang. Outline. Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System

Download Presentation

Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong Ho Hwang and Pil Joong Lee Presenter: Li-Tzu Chang

  2. Outline • Introduction • Preliminaries • Proposed PECK Scheme • Multi-user PECK System • Conclusion

  3. B B B Bn A A2 A3 An S Introduction Tw [EApub[M], PECK (Apub, (W1 , W2, …, Wm))] 傳送文件 搜尋包含關鍵字的文件, 產生一個暗門Tw 傳回Alice的文件

  4. Outline • Introduction • Preliminaries • Generic Model for PECK • Adversarial Models for PECK • Proposed PECK Scheme • Multi-user PECK System • Conclusion

  5. Generic Model for PECK • KeyGen (security parameter): pk, sk • Takes as input a security parameter and returns params (system parameters) and the public/private key pair (pk, sk). • PECK(pk,W ): S • Executed by the sender to encrypt a keyword set W = {w1, . . . , w}.It produces a searchable keyword encryption S of W with the public key pk. • Trapdoor (sk,Qi):TQi • Takes as input the secret key sk and the keyword query Q ={I1, . . . , Im, wI1, . . ., wIm} for m ≤ where Iiis an index to denote a location of wIi, and returns a trapdoor TQfor the conjunctive search of a given keyword query. • Test (pk,S): 0,1 • Executed by the server to search the documents with the keywords of a trapdoor TQ. It takes as input the public key pk, the searchable keyword encryption S, Then output ‘1’ if S includes Q and ‘0’ otherwise.

  6. Outline • Introduction • Preliminaries • Generic Model for PECK • Adversarial Models for PECK • IND-CC-KA • IND-CR-KA • Proposed PECK Scheme • Multi-user PECK System • Construction

  7. C A Trapdoor Oracles Trapdoor Queries (Qi) Adversarial Models for PECK • IND-CC-KA game Setup Keygen(1k):pk,sk(保有) pk,params Phase 1 queries a number of keyword sets Q1,…Qd TQi Trapdoor (sk,Qi) C

  8. C A Trapdoor Oracles Adversarial Models for PECK Challenger C select w0,w1 w0,w1 (無法區別來自哪個trapdoor) pickβ∈R{0,1} Sβ =PECK(pk,Wβ) Sβ Phase 2 queries keyword sets Qd+1,…Qr Trapdoor Queries (Qi ≠w0,w1) Trapdoor (sk,Qi): TQi if TQi無法區別w0,w1 TQi outputβ’∈R{0,1} if β =β’win the game Guess

  9. Outline • Introduction • Preliminaries • Generic Model for PECK • Adversarial Models for PECK • IND-CC-KA • IND-CR-KA • Proposed PECK Scheme • Multi-user PECK System • Construction

  10. C A Trapdoor Oracles Trapdoor Queries (Qi) Adversarial Models for PECK • IND-CR-KA game Setup Keygen(1k):pk,sk(保有) pk,params Phase 1 queries a number of keyword sets Q1,…Qd Trapdoor (sk,Qi) TQi C

  11. C A Trapdoor Queries (Qi ≠w0,w1) Trapdoor Oracles Adversarial Models for PECK select W* Challenger C W* select random keyword set R(W*無法區別來自哪個trapdoor) pickβ∈R{0,1} Sβ =PECK(pk,wβ), where w0=W*,w1=R Sβ Phase 2 queries keyword sets Qd+1,…Qr Trapdoor (sk,Qi): TQi if TQi無法區別w0,w1 TQi outputβ’∈R{0,1} if β =β’win the game Guess

  12. Adversarial Models for PECK • Adversary of adversary A • IC-CC-CKA • IC-CR-CKA • In the IND-CC-CKA game the adversary A selects two target keyword sets, w0andw1, and gives them to the challenger C. • In the IND-CR-CKA game A selects a target keyword set w0and gives it to C.

  13. Outline • Introduction • Preliminaries • Proposed PECK Scheme • Multi-user PECK System • Conclusion

  14. Proposed PECK Scheme • KeyGen(1k): params=(G1,G2,ê,H1(·),H2(·),g),(pk,sk) • H1(·):{0,1}logw→G1 , H2(·):{0,1}logw→G1 , g is a generator of G1 • select x∈R Zp*,compute y=gx , (pk,sk)=(y,x) • PECK(pk,W): S=(A,B,C1,…,Cl) • Sender select W={w1,…,w2} ,s,r ∈R Zp* • compute A=gr, B=ys, Ci=hirfis , 1≦i ≦l ,hi=H1(wi), fi=H2(wi)

  15. Proposed PECK Scheme • Trapdoor (sk,Q): TQ=(TQ,1,TQ,2,TQ,3,I1,…,Im) • select t ∈R Zp* • compute TQ,1=gt ,TQ,2=(hI1,…hIm), TQ,3=(fI1,…fIm), where Q={I1,…,Im} • Test(pk,S,TQ): • check

  16. Outline • Introduction • Preliminaries • Generic Model for PECK • Adversarial Models for PECK • Proposed PECK Scheme • Multi-user PECK System • Conclusion

  17. mPECK scheme • KeyGen(1k): params=(G1,G2,ê,H1(·),H2(·),g),(pk1,sk1),…,(pkn,skn) • H1(·):{0,1}logw→G1 , H2(·):{0,1}logw→G1 , g is a generator of G1 • select x1,…,xn∈R Zp*,compute yi=gxi , (pki,ski)=(yi,xi) • mPECK(pk1,…,pkn ,W): S=(A,B1,…,Bn,C1,…,Cl) • Sender select W={w1,…,w2} ,s,r ∈R Zp* • compute A=gr, Bj=yjs, Ci=hirfis , 1≦i ≦l , hi=H1(wi), fi=H2(wi)

  18. mPECK scheme • Trapdoor (skj,Q): Tj,Q=(Tj,Q,1,Tj,Q,2,Tj,Q,3,I1,…,Im) • select t ∈R Zp* • compute Tj,Q,1=gt ,Tj,Q,2=(hI1,…hIm)t,Tj,Q,3=(fI1,…fIm)t/xj, where Q={I1,…,Im} • Test(pkj,S,Tj,Q): • check

  19. C A Trapdoor Oracles Trapdoor Queries (j,Qi) Security game for mPECK Setup Keygen(k):pk1,,…,pkn sk1 ,…, skn (保有) pk1 ,…,pkn , params Phase 1 queries a number of keyword sets Q1,…Qd Trapdoor (skj ,Qi) T j,Qi C

  20. C A Trapdoor Queries (j,Qi ≠w0,w1) Trapdoor Oracles Adversarial Models for PECK Select W* Challenger C W* select random keyword set R(W*無法區別來自哪個trapdoor) pickβ∈R{0,1} Sβ =PECK(pk1,…,pkn ,Wβ), w0=W*,w1=R Sβ,w0,w1 Phase 2 queries keyword sets Qd+1,…Qr Trapdoor (skj,Qi): Tj,Qi if Tj,Qi無法區別w0,w1 Tj,Qi outputβ’∈R{0,1} if β =β’win the game Guess

  21. Outline • Introduction • Preliminaries • Generic Model for PECK • Adversarial Models for PECK • Proposed PECK Scheme • Multi-user PECK System • Conclusion

  22. Conclusion • To send an encrypted message with conjunctive keyword search to n users, the sender has only to add Bifrom the recipient’s public keys. • The server should separately store ciphertexts for each user. • Introduce a new concept called a multi-user PECK scheme, which can achieve an efficient computation and communication overhead and effectively manage the storage in a server for a number of users.

More Related