Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍

Outline Motivating Scenario and model of document Conjunctive Keyword Searchable Encryption (CKSE)  Definition  Assumption  Construction Reference

Motivating Scenario Alice has a large amount of data  Which is private  Which she wants to access any time and from anywhere  Example: s Alice stores her data on a remote server  Good connectivity  Low administration overhead  Cheaper cost of storage  But untrusted

Alice may not trust the server  Data must be stored encrypted Alice wants ability to search her data  Keyword search: “All s from Bob” Alice wants powerful, efficient search  She wants to ask conjunctive queries  E.g. ask for “All s from Bob AND received last Sunday”

Single keyword search  Limited to queries for a single keyword  Can’t do boolean combinations of queries Example: “ s from Bob AND (received last week OR urgent)” We focus on conjunctive queries  Documents D i which contains keywords W 1 and W 2 … and W n  More restrictive than full boolean combinations

Model of Documents We assume structured documents where keywords are organized by fields AliceBob06/01/2004Urgent AliceCharlie05/28/2004Secret ………… DaveAlice06/04/2004Non-urgent From To Date Status m fields n docs D1D1 D2D2 DnDn The documents are the rows of the matrix D i = (W i, 1, …, W i, m ) J i

Outline Motivating Scenario and model of document Conjunctive Keyword Searchable Encryption (CKSE)  Definition  Assumption  Construction

Definition Bilinear Map a map is a bilinear map if the following conditions hold : (1) and are cyclic groups of the same prime order p and is effocoently computable; (2) For all and then (3) is non-degenerate. That is, if generates and generates, the generates

Assumptions There is m keyword fields for each document. There never exists the same keyword in two different keyword fields. This is fulfilled by adding each keyword with its field name. example: ”From:Bob”&”To:Bob” Every keyword field is defined for every document. A simple way for requirement is to associate a NULL keyword with each empty field. example: “Status:NULL”

CKSE algorithm: keyGen  run by the user to setup the scheme  take a security parameter  group and of a prime order p, where is kept in private.  return a secret key

Search on Encrypted Data Alice Storage Server D 1, D 2, …, D n C 1,C 2,…C i Encryption(K,D i ) Later, Alice wants to retrieve only some of documents containing some specific keywords. Trapdoor(K,{j1,..},{W1,…}) Test(T, C i ) = True if Ci contains W Test(T,C i ) = False otherwise Alice decrypts Ci

Enc  run by the user to generate searchable ciphertxts  take a secret key and a document. Let for Let be a value chosen uniformly at random from  return a ciphertext

Trapdoor  run by the user to generate a trapdoor  take a secret key,keyword field Indices and keywords as inputs.Let be a value chosen uniformly at random from  return a trapdoor vale

Test  run by the server in order to search for the documents containing some specific keywords  take a Trapdoor and a ciphertext Let and For all,the algorithm checks if the following equality holds: If so, it return true. Otherwise, it return false

Example AliceBob06/01/2004Urgent AliceCharlie05/28/2004Secret ………… DaveAlice06/04/2004Non-urgent FROM To DataStatues 假設 找 “Alice” “Bob” User 使用 Trapdoor

return 又......

假設 令 a+b=c 又 所以 return document D1

References Efficient Conjunctive Keyword-Searchable Encryption Secure Conjunctive Keyword Search Over Encrypted Data