Efficient Conjunctive Keyword-Searchable Encryption,2007

1. Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍

2. Outline • Motivating Scenario and model of document • Conjunctive Keyword Searchable Encryption (CKSE) • Definition • Assumption • Construction • Reference

3. Motivating Scenario • Alice has a large amount of data • Which is private • Which she wants to access any time and from anywhere • Example: emails • Alice stores her data on a remote server • Good connectivity • Low administration overhead • Cheaper cost of storage • But untrusted

4. Alice may not trust the server • Data must be stored encrypted • Alice wants ability to search her data • Keyword search: “All emails from Bob” • Alice wants powerful, efficient search • She wants to ask conjunctive queries • E.g. ask for “All emails from Bob AND received last Sunday”

5. Single keyword search • Limited to queries for a single keyword • Can’t do boolean combinations of queries • Example: “emails from Bob AND (received last week OR urgent)” • We focus on conjunctive queries • Documents Di which contains keywords W1 and W2 … and Wn • More restrictive than full boolean combinations

6. m fields From To Date Status D1 D2 n docs Dn Model of Documents • We assume structured documents where keywords are organized by fields J i The documents are the rows of the matrix Di = (Wi, 1, …, Wi, m)

7. Outline • Motivating Scenario and model of document • Conjunctive Keyword Searchable Encryption (CKSE) • Definition • Assumption • Construction

8. Definition • Bilinear Map a map is a bilinear map if the following conditions hold : (1) and are cyclic groups of the same prime order p and is effocoently computable; (2) For all and then (3) is non-degenerate. That is, if generates and generates , the generates

9. Assumptions • There is m keyword fields for each document. • There never exists the same keyword in two different keyword fields. This is fulfilled by adding each keyword with its field name. example: ”From:Bob”&”To:Bob” • Every keyword field is defined for every document. A simple way for requirement is to associate a NULL keyword with each empty field. example: “Status:NULL”

10. CKSE algorithm: • keyGen • run by the user to setup the scheme • take a security parameter • group and of a prime order p, where is kept in private. • return a secret key

11. Encryption(K,Di) C1,C2,…Ci Later, Alice wants to retrieve only some of documents containing some specific keywords. Trapdoor(K,{j1,..},{W1,…}) Search on Encrypted Data Storage Server Alice D1, D2, …, Dn Test(T, Ci) = True if Ci contains W Test(T,Ci) = False otherwise Alice decrypts Ci

12. Enc • run by the user to generate searchable ciphertxts • take a secret key and a document. Let for Let be a value chosen uniformly at random from • return a ciphertext

13. Trapdoor • run by the user to generate a trapdoor • take a secret key ,keyword field Indices and keywords as inputs.Let be a value chosen uniformly at random from • return a trapdoor vale

14. Test • run by the server in order to search for the documents containing some specific keywords • take a Trapdoor and a ciphertext Let and For all ,the algorithm checks if the following equality holds: If so, it return true. Otherwise, it return false

15. Example FROM To Data Statues 假設 找 “Alice” “Bob” User 使用 Trapdoor

16. return 又 . . .

17. 假設 又 所以return document D1 令 a+b=c

18. References • Efficient Conjunctive Keyword-Searchable Encryption • Secure Conjunctive Keyword Search Over Encrypted Data