Embed Size (px)
DESCRIPTION
Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System. Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong Ho Hwang and Pil Joong Lee Presenter: Li-Tzu Chang. Outline. Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System - PowerPoint PPT Presentation
Citation preview
Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System
Source: Pairing 2007, LNCS 4575, pp.2-22, 2007
Author: Yong Ho Hwang and Pil Joong Lee
Presenter: Li-Tzu Chang
Outline Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System Conclusion
Introduction
B
A
[EApub [M], PECK (Apub, (W1 , W2, …, Wm))]
傳回 Alice 的文件
搜尋包含關鍵字的文件,產生一個暗門 Tw
Tw
傳送文件S
A2A3An
BBBn
Outline Introduction Preliminaries
Generic Model for PECK Adversarial Models for PECK
Proposed PECK Scheme Multi-user PECK System Conclusion
Generic Model for PECK KeyGen (security parameter ): pk, sk
Takes as input a security parameter and returns params (system parameters) and the public/private key pair (pk, sk).
PECK(pk,W ): S Executed by the sender to encrypt a keyword set W = {w1, . . . , w}.It
produces a searchable keyword encryption S of W with the public key pk.
Trapdoor (sk,Qi ):TQi
Takes as input the secret key sk and the keyword query Q ={I1, . . . , Im, wI1 , . . ., wIm} for m ≤ where Ii is an index to denote a location of wIi , and returns a trapdoor TQ for the conjunctive search of a given keyword query.
Test (pk,S): 0,1 Executed by the server to search the documents with the keywords of a
trapdoor TQ. It takes as input the public key pk, the searchable keyword encryption S, Then output ‘1’ if S includes Q and ‘0’ otherwise.
Outline Introduction Preliminaries
Generic Model for PECK Adversarial Models for PECK
IND-CC-KA IND-CR-KA
Proposed PECK Scheme Multi-user PECK System Construction
Adversarial Models for PECK
CA
Setup
Keygen(1k):pk,sk(保有 )
pk,params
Phase 1
queries a number of keyword setsQ1,…Qd
Trapdoor (sk,Qi) TQi
Trapdoor Queries (Qi)
Trapdoor Oracles
IND-CC-KA game
Adversarial Models for PECK
Challenger C
CA
select w0,w1
w0,w1 (無法區別來自哪個 trapdoor)
pick β∈R{0,1}Sβ =PECK(pk,Wβ) Sβ
Phase 2queries keyword sets Qd+1,…Qr
Trapdoor (sk,Qi): TQi
if TQi 無法區別 w0,w1 TQi
Guess output β’∈R{0,1}if β =β’ win the game
Trapdoor Oracles
Trapdoor Queries (Qi ≠w0,w1)
Outline Introduction Preliminaries
Generic Model for PECK Adversarial Models for PECK
IND-CC-KA IND-CR-KA
Proposed PECK Scheme Multi-user PECK System Construction
Adversarial Models for PECK
CA
Setup
Keygen(1k):pk,sk(保有 )
pk,params
Phase 1
queries a number of keyword setsQ1,…Qd
Trapdoor (sk,Qi)TQi
Trapdoor Queries (Qi)
Trapdoor Oracles
IND-CR-KA game
Adversarial Models for PECK
Challenger C
CA
select W*W*
select random keyword set R(W*無法區別來自哪個 trapdoor)
pick β∈R{0,1}Sβ =PECK(pk,wβ),where w0=W*,w1=R Sβ
Phase 2queries keyword sets Qd+1,…Qr
Trapdoor (sk,Qi): TQi
if TQi 無法區別 w0,w1TQi
Guess output β’∈R{0,1}if β =β’ win the game
Trapdoor Oracles
Trapdoor Queries (Qi ≠w0,w1)
Adversarial Models for PECK Adversary of adversary A
IC-CC-CKA
IC-CR-CKA
In the IND-CC-CKA game the adversary A selects two target keyword sets, w0 and w1, and gives them to the challenger C.
In the IND-CR-CKA game A selects a target keyword set w0 and gives it to C.
IND-CC-CKA
,
1Adv (1 ) Pr '
2k
PECK A
IND-CR-CKA
,
1Adv (1 ) Pr '
2k
PECK A
Outline Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System Conclusion
Proposed PECK Scheme KeyGen(1k): params=(G1,G2,ê,H1(·),H2(·),g),
(pk,sk) H1(·):{0,1}logw→G1 , H2(·):{0,1}logw→G1 , g is a
generator of G1
select x∈R Zp* , compute y=gx , (pk,sk)=(y,x)
PECK(pk,W): S=(A,B,C1,…,Cl) Sender select W={w1,…,w2} , s,r ∈R Zp*
compute A=gr, B=ys, Ci=hirfi
s , 1 i ≦ ≦l ,hi=H1(wi), fi=H2(wi)
Proposed PECK Scheme Trapdoor (sk,Q): TQ=(TQ,1,TQ,2,TQ,3,I1,…,Im)
select t ∈R Zp*
compute TQ,1=gt ,TQ,2=(hI1,…hIm), TQ,3=(fI1,…fIm), where Q={I1,…,Im}
Test(pk,S,TQ): check
,1 1 ,2 ,3ˆ ˆ ˆ( , ) ( , ) ( , )m
Q i Ii Q Qe T C e A T e B T
Outline Introduction Preliminaries
Generic Model for PECK Adversarial Models for PECK
Proposed PECK Scheme Multi-user PECK System Conclusion
mPECK scheme KeyGen(1k): params=(G1,G2,ê,H1(·),H2(·),g),
(pk1,sk1),…,(pkn,skn) H1(·):{0,1}logw→G1 , H2(·):{0,1}logw→G1 , g is a
generator of G1
select x1,…,xn∈R Zp* , compute yi=gxi , (pki,ski)=(yi,xi)
mPECK(pk1,…,pkn ,W): S=(A,B1,…,Bn,C1,…,Cl) Sender select W={w1,…,w2} , s,r ∈R Zp*
compute A=gr, Bj=yjs, Ci=hi
rfis , 1 i ≦ ≦l , hi=H1(wi), fi=H2(wi)
mPECK scheme Trapdoor (skj,Q): Tj,Q=(Tj,Q,1,Tj,Q,2,Tj,Q,3,I1,…,Im)
select t ∈R Zp*
compute Tj,Q,1=gt ,Tj,Q,2=(hI1,…hIm)t, Tj,Q,3=(fI1,…fIm)t/xj, where Q={I1,…,Im}
Test(pkj,S,Tj,Q): check
, ,1 1 , ,2 , ,3ˆ ˆ ˆ( , ) ( , ) ( , ) m
j Q i Ii j Q j j Qe T C e A T e B T
Security game for mPECK
CA
Setup
Keygen(k):pk1,,…,pkn sk1 ,…, skn (保有 )
pk1 ,…,pkn , params
Phase 1
queries a number of keyword setsQ1,…Qd
Trapdoor (skj ,Qi)T j,Qi
Trapdoor Queries (j,Qi)
Trapdoor Oracles
Adversarial Models for PECK
Challenger C
CA
Select W* W*
select random keyword set R(W*無法區別來自哪個 trapdoor)
pick β∈R{0,1}Sβ =PECK(pk1,…,pkn ,Wβ), w0=W*,w1=R Sβ ,w0,w1
Phase 2queries keyword sets Qd+1,…Qr
Trapdoor (skj,Qi): Tj,Qi
if Tj,Qi 無法區別 w0,w1Tj,Qi
Guess output β’∈R{0,1}if β =β’ win the game
Trapdoor Oracles
Trapdoor Queries (j,Qi ≠w0,w1)
Outline Introduction Preliminaries
Generic Model for PECK Adversarial Models for PECK
Proposed PECK Scheme Multi-user PECK System Conclusion
Conclusion To send an encrypted message with conjunctive
keyword search to n users, the sender has only to add Bi from the recipient’s public keys.
The server should separately store ciphertexts for each user.
Introduce a new concept called a multi-user PECK scheme, which can achieve an efficient computation and communication overhead and effectively manage the storage in a server for a number of users.
