Presentation is loading. Please wait.

Presentation is loading. Please wait.

Searchable Symmetric Encryption :Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky.

Published byJared Jones Modified over 9 years ago

Similar presentations

Presentation on theme: "Searchable Symmetric Encryption :Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky."— Presentation transcript:

1 Searchable Symmetric Encryption :Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky

2 OUTLINE Searchable Symmetric Encryption Revisiting SSE security definitions SEE-1(non-adaptive) SEE-2(adaptive) Multi-user Searchable Encryption 證明

3 Revisiting SSE security definitions “ A secure SSE scheme should not leak anything beyond the outcome of a search ” – “ search outcome ” : memory addresses of documents that contain a hidden keyword – Important to note: different keyword requests may lead to the same search outcome – “ search pattern ” : whether two queries were for the same keyword or not A (slightly) better intuition – “ A secure SSE scheme should not leak anything beyond the outcome and the pattern of a search ”

4 SSE Algorithms Keygen(1 k ): outputs symmetric key K (by user) BuildIndex(K, {D 1,..., D n }): outputs secure index I (by user) Trapdoor(K, w): outputs a trapdoor T w (by user) Search(I, T w ): outputs identifiers of documents containing w (id 1,..., id m ) (by server)

5 SSE client can upload additional “ encrypted ” data structures to help search Index Keyword server

6 Our model History: documents and keywords View: encrypted documents, index, trapdoors Trace: length of documents, search outcomes, search pattern

7 Our intuition Previous intuition – “A secure SSE scheme should not leak anything beyond the outcome and the pattern of a search” A more “formal intuition” – “any function about the documents and the keywords that can be computed from the encrypted documents, the index and the trapdoors can be computed from the length of the documents, the search outcomes and the search pattern

8 What is adaptiveness? Non-adaptive :adversaries make search queries without seeing the outcome of previous searches Adaptive :adversaries can make search queries as a function of the outcome of previous searches (Note)The user may or may not generate its word queries depending on the outcome of previous searches We call queries that do depend on previous search outcomes adaptive

9 Non-Adaptive Adaptive (new) [SWP00,Goh03,CM05,...] SI w1w1 w2w2 w3w3 w4w4 w2w2 w1w1 w3w3

10 Non-adaptive SSE construction Server Index KeywordTrapdoor D id

11 Index 是由 2 種 data structure 製作 -Array A and look-up table T D id L i T |△||△| |D(w)|

12 一些符號定義 Let △ = {w 1,...,w d } be a dictionary of d words, and 2 △ be the set of all possible documents. let D ⊆ 2 △ be a collection of n documents D = (D 1,...,D n ) and 2 2 △ be the set of all possible document collections. Let id(D) be the identifier of document D D(w) (the set of identifiers of documents containing w) as the outcome of a search for w and to the sequence (D(w 1 ),...,D(w n )) as the access pattern of a client

13 Example D={D 1,D 2,D 3 },w={w 1,w 2, …,w 5 } 假設 D(w 1 )={D 1,D 3 },D(w 2 )={D 1,D 2 }, D(w 3 )={D 2,D 3 },D(w 4 )={D 1 },D(w 5 )={D 2 } 建立 index A: T: W 5 W 2 W 4 W 3 W 1 0 1 2 3 4 5 6 7 D 3 ||null D 2 ||4 D 2 ||null D 2 ||null D 1 ||null D 1 ||2 D3||null D 1 ||7

14 Seaching: P: Pseudo Random Permutation F: Pseudo Random Function addr = P(w3) key = F(w3) Trapdoor = (addr, key)=(4,5) => D 2,D 3

15

16

17 Adaptive SSE construction

18 比較

19 Secure updates 新舊 document collection combine 後重新 建立 index, 因此得到新的 document collection and 新的 index

20 Multi-user Searchable Encryption 由 6 個 polynomial-time algorithms 組成 MKeygen(1 k ) is a probabilistic key generation algorithm that is run by the owner O to setup the scheme.It takes a security parameter k, and returns an owner secret key, K O. MBuildIndex(K O,D) is run by O to construct indexes. It takes the owner ’ s secret key K O and a document collection D as inputs, and returns an index I.

21 N:a set of users G  N:the set of users allowed to search AddUser(K O,U) is run by O whenever it wishes to add a user to the group G. It takes the owner ’ s secret key K O and a user U as inputs, and returns U ’ s secret key, K U RevokeUser(K O,U) is run by O whenever it wishes to revoke a user from G. It takes the owner ’ s secret key K O and a user U as inputs, and revokes the user ’ s searching privileges

22 MTrapdoor(K U,w) is run by a user (including O) in order to generate a trapdoor for a given word. It takes a user U ’ s secret key K U and a word w as inputs, and returns a trapdoor T U, w MSearch(ID, T U, w ) is run by the server S in order to search for the documents in D that contain word w. It takes the index ID for collection D and the trapdoor T U, w for word w as inputs, and returns D(w) if user U  G and  if user U  G

23 證明

24

25 proof: 由紀銘偉大大白板講解

Download ppt "Searchable Symmetric Encryption :Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky."

Similar presentations

Algorithms Chapter 15 Dynamic Programming - Rod

Algorithms Chapter 15 Dynamic Programming - Rod
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Efficient Group Signatures from Bilinear Pairing Author: Xiangguo Cheng, Huafei Zhu, Ying Qiu, and Xinmei Wang Presenter: 紀汶承.

Efficient Group Signatures from Bilinear Pairing Author: Xiangguo Cheng, Huafei Zhu, Ying Qiu, and Xinmei Wang Presenter: 紀汶承.
Order Analysis of Algorithms Debdeep Mukhopadhyay IIT Madras.

Order Analysis of Algorithms Debdeep Mukhopadhyay IIT Madras.
Seny Kamara & Kristin Lauter Micorsoft Reaserch B99705013 廖以圻 B99705025 陳育旋.

Seny Kamara & Kristin Lauter Micorsoft Reaserch B 廖以圻 B 陳育旋.
Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research Asiacrypt '10 1.

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research Asiacrypt '10 1.
Introduction to Practical Cryptography Lecture 9 Searchable Encryption.

Introduction to Practical Cryptography Lecture 9 Searchable Encryption.
1 Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky Johns Hopkins.

1 Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky Johns Hopkins.
New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:

New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:
INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.

INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.
Public Key Encryption That Allows PIR Queries Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, William E. Skeith III Presenter: 紀汶承.

Public Key Encryption That Allows PIR Queries Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, William E. Skeith III Presenter: 紀汶承.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
1 Conjunctive Keyword Search on Encrypted Data with Completeness and Computational Privacy Author : Radu Sion Bogdan Carbunar Presentered by Chia Jui Hsu.

1 Conjunctive Keyword Search on Encrypted Data with Completeness and Computational Privacy Author : Radu Sion Bogdan Carbunar Presentered by Chia Jui Hsu.
Identity Based Encryption

Identity Based Encryption
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
1 10591: Happy Number ★ ? 題組: Problem Set Archive with Online Judge 題號: 10591: Happy Number 解題者:陳瀅文 解題日期: 2006 年 6 月 6 日 題意:判斷一個正整數 N 是否為 Happy Number.

: Happy Number ★ ? 題組: Problem Set Archive with Online Judge 題號: 10591: Happy Number 解題者:陳瀅文 解題日期: 2006 年 6 月 6 日 題意:判斷一個正整數 N 是否為 Happy Number.
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky

Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky

Similar presentations

Ads by Google