Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong.

Published byBernard Hampton Modified over 8 years ago

Similar presentations

Presentation on theme: "Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong."— Presentation transcript:

1 Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong Ho Hwang and Pil Joong Lee Presenter: Li-Tzu Chang

2 Outline Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System Conclusion

3 Introduction B A [E A pub [M], PECK (A pub, (W 1, W 2, …, W m ))] 傳回 Alice 的文件 搜尋包含關鍵字 的文件, 產生一個暗門 T w TwTw 傳送文件 S A2A2 A3A3 AnAn B B BnBn

4 Outline Introduction Preliminaries  Generic Model for PECK  Adversarial Models for PECK Proposed PECK Scheme Multi-user PECK System Conclusion

5 Generic Model for PECK KeyGen ( security parameter ) : pk, sk  Takes as input a security parameter and returns params (system parameters) and the public/private key pair (pk, sk). PECK(pk,W ) : S  Executed by the sender to encrypt a keyword set W = {w 1,..., w}.It produces a searchable keyword encryption S of W with the public key pk. Trapdoor (sk,Q i ):T Qi  Takes as input the secret key sk and the keyword query Q ={I 1,..., I m, w I1,..., w Im } for m ≤ where I i is an index to denote a location of w Ii, and returns a trapdoor T Q for the conjunctive search of a given keyword query. Test (pk,S) : 0,1  Executed by the server to search the documents with the keywords of a trapdoor T Q. It takes as input the public key pk, the searchable keyword encryption S, Then output ‘1’ if S includes Q and ‘0’ otherwise.

6 Outline Introduction Preliminaries  Generic Model for PECK  Adversarial Models for PECK IND-CC-KA IND-CR-KA Proposed PECK Scheme Multi-user PECK System Construction

7 Adversarial Models for PECK C C A Setup Keygen(1 k ):pk,sk ( 保有 ) pk,params Phase 1 queries a number of keyword sets Q 1,…Q d Trapdoor (sk,Q i ) T Qi Trapdoor Queries (Qi) Trapdoor Oracles IND-CC-KA game

8 Adversarial Models for PECK Challenger C C A select w 0,w 1 w 0, w 1 ( 無法區別來自哪個 trapdoor) pick β ∈ R {0,1} S β =PECK(pk,W β ) SβSβ Phase 2 queries keyword sets Q d+1,…Q r Trapdoor (sk,Q i ): T Qi if T Qi 無法區別 w 0,w 1 T Qi Guess output β’ ∈ R {0,1} if β =β’ win the game Trapdoor Oracles Trapdoor Queries (Q i ≠w 0,w 1 )

9 Outline Introduction Preliminaries  Generic Model for PECK  Adversarial Models for PECK IND-CC-KA IND-CR-KA Proposed PECK Scheme Multi-user PECK System Construction

10 Adversarial Models for PECK C C A Setup Keygen(1 k ):pk,sk ( 保有 ) pk,params Phase 1 queries a number of keyword sets Q 1,…Q d Trapdoor (sk,Q i ) T Qi Trapdoor Queries (Qi) Trapdoor Oracles IND-CR-KA game

11 Adversarial Models for PECK Challenger C C A select W* W* select random keyword set R (W* 無法區別來自哪個 trapdoor) pick β ∈ R {0,1} S β =PECK(pk,w β ), where w 0 =W*,w 1 =R SβSβ Phase 2 queries keyword sets Q d+1,…Q r Trapdoor (sk,Q i ): T Qi if T Qi 無法區別 w 0,w 1 T Qi Guess output β’ ∈ R {0,1} if β =β’ win the game Trapdoor Oracles Trapdoor Queries (Q i ≠w 0,w 1 )

12 Adversarial Models for PECK Adversary of adversary A  IC-CC-CKA  IC-CR-CKA In the IND-CC-CKA game the adversary A selects two target keyword sets, w 0 and w 1, and gives them to the challenger C. In the IND-CR-CKA game A selects a target keyword set w 0 and gives it to C.

13 Outline Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System Conclusion

14 Proposed PECK Scheme KeyGen(1 k ): params=(G 1,G 2,ê,H 1 (·),H 2 (·),g),(pk,sk)  H 1 (·):{0,1} logw →G 1 , H 2 (·):{0,1} logw →G 1 , g is a generator of G 1  select x ∈ R Z p * , compute y=g x , (pk,sk)=(y,x) PECK(pk,W): S=(A,B,C 1,…,C l )  Sender select W={w 1,…,w 2 } , s,r ∈ R Z p *  compute A=g r, B=y s, C i =h i r f i s, 1 ≦ i ≦ l,h i =H 1 (w i ), f i =H 2 (w i )

15 Proposed PECK Scheme Trapdoor (sk,Q): T Q =(T Q,1,T Q,2,T Q,3,I 1,…,I m )  select t ∈ R Z p *  compute T Q,1 =g t,T Q,2 =(h I1,…h Im ), T Q,3 =(f I1,…f Im ), where Q={I 1,…,I m } Test(pk,S,T Q ):  check

16 Outline Introduction Preliminaries  Generic Model for PECK  Adversarial Models for PECK Proposed PECK Scheme Multi-user PECK System Conclusion

17 mPECK scheme KeyGen(1 k ): params=(G 1,G 2,ê,H 1 (·),H 2 (·),g), (pk 1,sk 1 ),…,(pk n,sk n )  H 1 (·):{0,1} logw →G 1 , H 2 (·):{0,1} logw →G 1 , g is a generator of G 1  select x 1,…,x n ∈ R Z p * , compute y i =g xi , (pk i,sk i )=(y i,x i ) mPECK(pk 1,…,pk n,W): S=(A,B 1,…,B n,C 1,…,C l )  Sender select W={w 1,…,w 2 } , s,r ∈ R Z p *  compute A=g r, B j =y j s, C i =h i r f i s, 1 ≦ i ≦ l, h i =H 1 (w i ), f i =H 2 (w i )

18 mPECK scheme Trapdoor (sk j,Q): T j,Q =(T j,Q,1,T j,Q,2,T j,Q,3,I 1,…,I m )  select t ∈ R Z p *  compute T j,Q,1 =g t,T j,Q,2 =(h I1,…h Im ) t, T j,Q,3 =(f I1,…f Im ) t/xj, where Q={I 1,…,I m } Test(pk j,S,T j,Q ):  check

19 Security game for mPECK C C A Setup Keygen(k):pk 1,,…,pk n sk 1,…, sk n ( 保有 ) pk 1,…,pk n, params Phase 1 queries a number of keyword sets Q 1,…Q d Trapdoor (sk j,Q i ) T j,Qi Trapdoor Queries (j,Q i ) Trapdoor Oracles

20 Adversarial Models for PECK Challenger C C A Select W* W* select random keyword set R (W* 無法區別來自哪個 trapdoor) pick β ∈ R {0,1} S β =PECK(pk 1,…,pk n,W β ), w 0 =W*,w 1 =R S β,w 0,w 1 Phase 2 queries keyword sets Q d+1,…Q r Trapdoor (sk j,Q i ): T j,Qi if T j,Qi 無法區別 w 0,w 1 T j,Qi Guess output β’ ∈ R {0,1} if β =β’ win the game Trapdoor Oracles Trapdoor Queries (j,Q i ≠w 0,w 1 )

21 Outline Introduction Preliminaries  Generic Model for PECK  Adversarial Models for PECK Proposed PECK Scheme Multi-user PECK System Conclusion

22 To send an encrypted message with conjunctive keyword search to n users, the sender has only to add B i from the recipient’s public keys. The server should separately store ciphertexts for each user. Introduce a new concept called a multi-user PECK scheme, which can achieve an efficient computation and communication overhead and effectively manage the storage in a server for a number of users.

Download ppt "Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
From: Cryptographers’ Track of the RSA Conference 2008 Date:2011-11-29 Reporter: Yi-Chun Shih 1.

From: Cryptographers’ Track of the RSA Conference 2008 Date: Reporter: Yi-Chun Shih 1.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Searchable Symmetric Encryption :Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky.

Searchable Symmetric Encryption :Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky.
New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:

New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:
INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.

INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.
Server-Aided Verification : Theory and Practice Source: ASIACRYPT 2005, LNCS 3788, pp. 605-623 Author: Marc Girault and David Lefranc Presenter: Chun-Yen.

Server-Aided Verification : Theory and Practice Source: ASIACRYPT 2005, LNCS 3788, pp Author: Marc Girault and David Lefranc Presenter: Chun-Yen.
1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.

1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.
Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.

Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.
Public Key Encryption That Allows PIR Queries Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, William E. Skeith III Presenter: 紀汶承.

Public Key Encryption That Allows PIR Queries Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, William E. Skeith III Presenter: 紀汶承.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
1 Conjunctive Keyword Search on Encrypted Data with Completeness and Computational Privacy Author : Radu Sion Bogdan Carbunar Presentered by Chia Jui Hsu.

1 Conjunctive Keyword Search on Encrypted Data with Completeness and Computational Privacy Author : Radu Sion Bogdan Carbunar Presentered by Chia Jui Hsu.
Identity Based Encryption

Identity Based Encryption
A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,

A Server-aided Signature Scheme Based on Secret Sharing for Mobile Commerce Source: Journal of Computers, Vol.19, No.1, April 2008 Author: Chin-Ling Chen,
1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Similar presentations

Ads by Google