1 / 17

Conjunctive, Subset, and Range Queries on Encrypted Data

Conjunctive, Subset, and Range Queries on Encrypted Data. 作者 :Dan Boneh ,Brent Waters. Introduction. 主要用做信用卡金融系統上 主要功能 comparison,equality,conjunctive Goal:It is to build a public-key system that supports a rich set of query predicates. Searchable encryption.

india
Download Presentation

Conjunctive, Subset, and Range Queries on Encrypted Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Conjunctive, Subset, and Range Queries on Encrypted Data 作者:Dan Boneh ,Brent Waters

  2. Introduction • 主要用做信用卡金融系統上 • 主要功能 comparison,equality,conjunctive • Goal:It is to build a public-key system that supports a rich set of query predicates.

  3. Searchable encryption • Definitions:A predicate P over is a function P : -> {0, 1}. We say that S satisfies the predicate if P(S) = 1. • searchable public key system: • Setup( ) A probabilistic algorithm that takes as input a security parameter and outputs a public key PK and secret key SK. • Encrypt(PK, S,M) Encrypts the plaintext pair (S,M) using the public key PK. We view S as the searchable field, called an index, and M as the data.

  4. Searchable encryption • GenToken(SK, <Pi>) Takes as input a secret key SK and the description of a predicate P . It outputs a token TKp . • Query(TK,C) Takes a token TK for some predicate P as input and a ciphertext C. It outputs a message M or . Roughly speaking, if C is an encryption of (S,M) then the algorithm outputs M when P(S) = 1 and outputs otherwise.

  5. Correctness • For all (S,M) ×M and all predicates P : If P(S) = 1 then Query(TK,C) = M. If P(S) = 0 then Pr[Query(TK,C) = ] > 1 − where is a negligible function. • Ps.沒有 decrypt function

  6. Comparison queries(EX.)

  7. Comparison queries(security) • Setup. The challenger runs Setup( ) and gives the adversary PK. • Query phase 1. The adversary adaptively outputs descriptions of predicates P1, P2, . . . , Pq1 . The challenger responds with the corresponding tokens TKi <-GenToken(SK, <P>). We refer to such queries as predicate queries.

  8. Comparison queries(security) • Challenge. The adversary outputs two pairs (S0,M0) and (S1,M1) subject to two restrictions: – First, Pi(S0) = Pi(S1) for all i = 1, 2, . . . , q1. – Second, if M0 = M1 then Pi(S0) = Pi(S1) = 0 for all i = 1,2, . q1. Flips a coin {0, 1} and gives C Encrypt(PK, ) to the adversary. The first restriction :tokens given to the adversary do not directly distinguish S0 from S1. (同一區段) The second restriction: tokens do not directly distinguish M0 from M1.(以外有很多可能) • • Query phase 2. The adversary continues to adaptively request tokens for predicates Pq1+1, . . . , Pq , subject to the two restrictions above. The challenger responds with the corresponding tokens TKi<- GenToken(SK, <P>).

  9. Comparison queries(security) • Guess The adversary returns a guess . • We define the advantage of adversary A in attacking as the quantity (It is a negligible function)

  10. Equality queries(IBE)

  11. Equality queries(security) • Setup. The challenger runs Setup( ) and gives the adversary PK.The adversary outputs strings S0,S1 • Query phase 1. The adversary adaptively outputs descriptions of predicates P1, P2, . . . , Pq1 . The challenger responds with the corresponding tokens TKi <-GenToken(SK, <P>). Only restriction : Pi(S0) = Pi(S1) for all i = 1, 2, . . . , q1.

  12. Equality queries(security) • Challenge. The adversary outputs messages M0,M1 two subject to restrictions: if then Pi(S0) = Pi(S1) = 0 for all i = 1,2, . q1. Flips a coin {0, 1} and gives C Encrypt(PK, ) to the adversary. • • Query phase 2. The adversary continues to adaptively request tokens for predicates Pq1+1, . . . , Pq , subject to the two restrictions above. The challenger responds with the corresponding tokens TKi<- GenToken(SK, hPii).

  13. Equality queries(security) • Guess The adversary returns a guess . • We define the advantage of adversary A in attacking as the quantity (It is a negligible function)

  14. The Trivial Construction • We build a -searchable public key system , for any set of(polynomial time computable) predicates . • The brute force system. Let = (Setup’, Encrypt’, Decrypt’) be a public-key system. Let = {P1, P2, . . . , Pt} • Setup( )

  15. Encrypt(PK, S,M) For i=1……t: the length of C is linear in n. • GenToken(SK, <P>) Here <P>, the description of predicate , is the index i of Pi in .Output TK <- (i, SKi). • Query(TK,C) Let C = (C1, . . . ,Ct) and TK = (i,SKi). Output Decrypt’(SKi,Ci).

  16. Conjunctive comparison predicates • Suppose for some n,w. Let be the set of predicates.

More Related