Download presentation
Presentation is loading. Please wait.
Published byBernard Hampton Modified over 8 years ago
1
Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System Source: Pairing 2007, LNCS 4575, pp.2-22, 2007 Author: Yong Ho Hwang and Pil Joong Lee Presenter: Li-Tzu Chang
2
Outline Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System Conclusion
3
Introduction B A [E A pub [M], PECK (A pub, (W 1, W 2, …, W m ))] 傳回 Alice 的文件 搜尋包含關鍵字 的文件, 產生一個暗門 T w TwTw 傳送文件 S A2A2 A3A3 AnAn B B BnBn
4
Outline Introduction Preliminaries Generic Model for PECK Adversarial Models for PECK Proposed PECK Scheme Multi-user PECK System Conclusion
5
Generic Model for PECK KeyGen ( security parameter ) : pk, sk Takes as input a security parameter and returns params (system parameters) and the public/private key pair (pk, sk). PECK(pk,W ) : S Executed by the sender to encrypt a keyword set W = {w 1,..., w}.It produces a searchable keyword encryption S of W with the public key pk. Trapdoor (sk,Q i ):T Qi Takes as input the secret key sk and the keyword query Q ={I 1,..., I m, w I1,..., w Im } for m ≤ where I i is an index to denote a location of w Ii, and returns a trapdoor T Q for the conjunctive search of a given keyword query. Test (pk,S) : 0,1 Executed by the server to search the documents with the keywords of a trapdoor T Q. It takes as input the public key pk, the searchable keyword encryption S, Then output ‘1’ if S includes Q and ‘0’ otherwise.
6
Outline Introduction Preliminaries Generic Model for PECK Adversarial Models for PECK IND-CC-KA IND-CR-KA Proposed PECK Scheme Multi-user PECK System Construction
7
Adversarial Models for PECK C C A Setup Keygen(1 k ):pk,sk ( 保有 ) pk,params Phase 1 queries a number of keyword sets Q 1,…Q d Trapdoor (sk,Q i ) T Qi Trapdoor Queries (Qi) Trapdoor Oracles IND-CC-KA game
8
Adversarial Models for PECK Challenger C C A select w 0,w 1 w 0, w 1 ( 無法區別來自哪個 trapdoor) pick β ∈ R {0,1} S β =PECK(pk,W β ) SβSβ Phase 2 queries keyword sets Q d+1,…Q r Trapdoor (sk,Q i ): T Qi if T Qi 無法區別 w 0,w 1 T Qi Guess output β’ ∈ R {0,1} if β =β’ win the game Trapdoor Oracles Trapdoor Queries (Q i ≠w 0,w 1 )
9
Outline Introduction Preliminaries Generic Model for PECK Adversarial Models for PECK IND-CC-KA IND-CR-KA Proposed PECK Scheme Multi-user PECK System Construction
10
Adversarial Models for PECK C C A Setup Keygen(1 k ):pk,sk ( 保有 ) pk,params Phase 1 queries a number of keyword sets Q 1,…Q d Trapdoor (sk,Q i ) T Qi Trapdoor Queries (Qi) Trapdoor Oracles IND-CR-KA game
11
Adversarial Models for PECK Challenger C C A select W* W* select random keyword set R (W* 無法區別來自哪個 trapdoor) pick β ∈ R {0,1} S β =PECK(pk,w β ), where w 0 =W*,w 1 =R SβSβ Phase 2 queries keyword sets Q d+1,…Q r Trapdoor (sk,Q i ): T Qi if T Qi 無法區別 w 0,w 1 T Qi Guess output β’ ∈ R {0,1} if β =β’ win the game Trapdoor Oracles Trapdoor Queries (Q i ≠w 0,w 1 )
12
Adversarial Models for PECK Adversary of adversary A IC-CC-CKA IC-CR-CKA In the IND-CC-CKA game the adversary A selects two target keyword sets, w 0 and w 1, and gives them to the challenger C. In the IND-CR-CKA game A selects a target keyword set w 0 and gives it to C.
13
Outline Introduction Preliminaries Proposed PECK Scheme Multi-user PECK System Conclusion
14
Proposed PECK Scheme KeyGen(1 k ): params=(G 1,G 2,ê,H 1 (·),H 2 (·),g),(pk,sk) H 1 (·):{0,1} logw →G 1 , H 2 (·):{0,1} logw →G 1 , g is a generator of G 1 select x ∈ R Z p * , compute y=g x , (pk,sk)=(y,x) PECK(pk,W): S=(A,B,C 1,…,C l ) Sender select W={w 1,…,w 2 } , s,r ∈ R Z p * compute A=g r, B=y s, C i =h i r f i s, 1 ≦ i ≦ l,h i =H 1 (w i ), f i =H 2 (w i )
15
Proposed PECK Scheme Trapdoor (sk,Q): T Q =(T Q,1,T Q,2,T Q,3,I 1,…,I m ) select t ∈ R Z p * compute T Q,1 =g t,T Q,2 =(h I1,…h Im ), T Q,3 =(f I1,…f Im ), where Q={I 1,…,I m } Test(pk,S,T Q ): check
16
Outline Introduction Preliminaries Generic Model for PECK Adversarial Models for PECK Proposed PECK Scheme Multi-user PECK System Conclusion
17
mPECK scheme KeyGen(1 k ): params=(G 1,G 2,ê,H 1 (·),H 2 (·),g), (pk 1,sk 1 ),…,(pk n,sk n ) H 1 (·):{0,1} logw →G 1 , H 2 (·):{0,1} logw →G 1 , g is a generator of G 1 select x 1,…,x n ∈ R Z p * , compute y i =g xi , (pk i,sk i )=(y i,x i ) mPECK(pk 1,…,pk n,W): S=(A,B 1,…,B n,C 1,…,C l ) Sender select W={w 1,…,w 2 } , s,r ∈ R Z p * compute A=g r, B j =y j s, C i =h i r f i s, 1 ≦ i ≦ l, h i =H 1 (w i ), f i =H 2 (w i )
18
mPECK scheme Trapdoor (sk j,Q): T j,Q =(T j,Q,1,T j,Q,2,T j,Q,3,I 1,…,I m ) select t ∈ R Z p * compute T j,Q,1 =g t,T j,Q,2 =(h I1,…h Im ) t, T j,Q,3 =(f I1,…f Im ) t/xj, where Q={I 1,…,I m } Test(pk j,S,T j,Q ): check
19
Security game for mPECK C C A Setup Keygen(k):pk 1,,…,pk n sk 1,…, sk n ( 保有 ) pk 1,…,pk n, params Phase 1 queries a number of keyword sets Q 1,…Q d Trapdoor (sk j,Q i ) T j,Qi Trapdoor Queries (j,Q i ) Trapdoor Oracles
20
Adversarial Models for PECK Challenger C C A Select W* W* select random keyword set R (W* 無法區別來自哪個 trapdoor) pick β ∈ R {0,1} S β =PECK(pk 1,…,pk n,W β ), w 0 =W*,w 1 =R S β,w 0,w 1 Phase 2 queries keyword sets Q d+1,…Q r Trapdoor (sk j,Q i ): T j,Qi if T j,Qi 無法區別 w 0,w 1 T j,Qi Guess output β’ ∈ R {0,1} if β =β’ win the game Trapdoor Oracles Trapdoor Queries (j,Q i ≠w 0,w 1 )
21
Outline Introduction Preliminaries Generic Model for PECK Adversarial Models for PECK Proposed PECK Scheme Multi-user PECK System Conclusion
22
To send an encrypted message with conjunctive keyword search to n users, the sender has only to add B i from the recipient’s public keys. The server should separately store ciphertexts for each user. Introduce a new concept called a multi-user PECK scheme, which can achieve an efficient computation and communication overhead and effectively manage the storage in a server for a number of users.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.