Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters."— Presentation transcript:

1 1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters

2 2 Outline  Introduction  Definition  Brute Force Construction  Pairings and complexity assumption  Hidden Vector Encryption  Application of HVE  Conclusion

3 3 Introduction(1/3) Visa Credit card payment Gateway Encrypted Transaction Visa ’ s Public Key Encrypted Transaction Encrypted Transaction Predicate P [value over $1000] Given by Visa Yes No More Secure Processing Normally Secure Processing

4 4 Introduction(2/3) Mail Server PP’P’ Satisfy P Satisfy P ’ inbox Discard Recipient ’ s pager Recipient ’ s Public key Given by Recipient

5 5 Introduction(3/3)  Hidden Vector Encryption (HVE)  Extreme example, Anonymous Identity Based Encryption (AnonIBE)  Query type Equality query Comparison query Subset query

6 6 Outline  Introduction  Definition  Brute Force Construction  Pairings and complexity assumption  Hidden Vector Encryption  Application of HVE  Conclusion

7 7 Definition(1/4)  Σ: finite set of binary strings  Predicate P over Σ is a function P: Σ → {0,1}  S ∈ Σ if P(S)=1

8 8 Definition(2/4)  Φ: set of predicates over Σ  Φ-searchable public key system Setup(λ)  Input security parameter λ  Output public key PK and secret key SK Encrypt(PK,S,M)  Public key PK  S ∈ Σ as the searchable field, called an index  M as the data

9 9 Definition(3/4)  Φ-searchable public key system GenToken(SK, )  Input secret key SK and a predicate P ∈ Φ  Output a token TK Query(TK,C)  Input token TK for some predicate P and a ciphertext C that is an encryption of (S,M)  Output M or ⊥

10 10 Definition(4/4)  Correctness Query correctness

11 11 Outline  Introduction  Definition  Brute Force Construction  Pairings and complexity assumption  Hidden Vector Encryption  Application of HVE  Conclusion

12 12 Brute Force Construction(1/9)  Σ: finite set of binary strings  Build a Φ-searchable public key system ε TR  ε=(Setup ’, Encrypt ’, Decrypt ’ ) be a public key system  Φ={P 1,P 2, …,P t }

13 13 Brute Force Construction(2/9)  Setup(λ) Run Setup ’ (λ) t times PK ← (PK 1, …,PK t ) SK ← (SK 1, …,SK t ) Output (PK, SK)

14 14 Brute Force Construction(3/9)  Encrypt(PK,S,M) For i= 1, …,t define: Output C ← (C 1, …,C t )

15 15 Brute Force Construction(4/9)  GenToken(SK, ) is the description of predicate Φ The index i of P i in Φ Output TK ← (i,SK i )

16 16 Brute Force Construction(5/9)  Query(TK,C) C=(C 1, …,C t ) TK=(i,SK i ) Output Decrypt ’ (SK i,C i )

17 17 Brute Force Construction(6/9)  Example for single query  Σ={1,2,3,4,5}  Φ={P 1,P 2,P 3 }  Setup(λ) Run 3 times Setup ’ (λ) PK ← (PK 1,PK 2,PK 3 ) SK ← (SK 1,SK 2,SK 3 )

18 18 Brute Force Construction(7/9)   Encrypt(PK,4,M) C 1 ← Encrypt ’ (PK 1, ⊥ ) C 2 ← Encrypt ’ (PK 2, ⊥ ) C 3 ← Encrypt ’ (PK 3,M) C ← (C 1,C 2,C 3 ) x12345 P 1 (x)01100 P 2 (x)10000 P 3 (x)00011

19 19 Brute Force Construction(8/9)     x12345 P 1 (x)01100 P 2 (x)10000 P 3 (x)00011 GenToken(SK, ) TK 1 ← (2,SK 2 )TK 2 ← (3,SK 3 ) Query(TK 1,C)Query(TK 2,C) Decrypt ’ (SK 2,C 2 )= ⊥ Decrypt ’ (SK 3,C 3 )=M

20 20 Brute Force Construction(9/9)  Example for conjunctive comparison predicates  Σ={1, …,n} w ={1,2,3,4,5} 4 n is the maximum value for each cell w is the number of the cells  Φ n,w be a set of predicates, |Φ n,w |=n w= 5 4

21 21 Outline  Introduction  Definition  Brute Force Construction  Pairings and complexity assumption  Hidden Vector Encryption  Application of HVE  Conclusion

22 22 Pairings and complexity assumption(1/5)  p, q are two big primes. n =pq  G: bilinear group, order = n  G p : cyclic group, order = p  G q : cyclic group, order = q  G T : cyclic group  e:G 2 → G T satisfied as follows Biliner: ∀ u, v ∈ G, e(u a,v b )=e(u,v) ab Non-degenerate: ∃ g s.t. e(g,g) has order n in G T

23 23 Pairings and complexity assumption(2/5)  The composite Bilinear Diffie-Hellman assumption (cBDH)

24 24 Pairings and complexity assumption(3/5)  The advantage of cBDH

25 25 Pairings and complexity assumption(4/5)  The composite 3-party Diffie-Hellman assumption (c3DH)

26 26 Pairings and complexity assumption(5/5)  The advantage of c3DH

27 27 Outline  Introduction  Definition  Brute Force Construction  Pairings and complexity assumption  Hidden Vector Encryption  Application of HVE  Conclusion

28 28 Hidden Vector Encryption(1/10) Conjunctive General Predicate Multi-cell Practical Value Predicate Vector Practical Vector SK Ciphertext Token Data / ⊥ Data PK GenToken HVE Encrypt HVE Query HVE

29 29 Hidden Vector Encryption(2/10)  Σ: finite set  *: special symbol, plays the role of a wildcard or don ’ t care.  Σ * = Σ ∪ {*}

30 30 Hidden Vector Encryption(3/10) 

31 31 Hidden Vector Encryption(4/10)    

32 32 Hidden Vector Encryption(5/10)  Particular HVE construction  Σ=Z m for some integer m  Σ * =Z m ∪ {*}

33 33 Hidden Vector Encryption(6/10)  Setup HVE (λ) Choose random primes p,q > m Create a bilinear group G of order n Picks random elements

34 34 Hidden Vector Encryption(7/10) 

35 35 Hidden Vector Encryption(8/10)  Encrypt HVE (PK,I,M)

36 36 Hidden Vector Encryption(9/10)  GenToken HVE (SK,I * ) S be a set of all index i s.t. I i ≠ * Choose random Generate a token for the predicate

37 37 Hidden Vector Encryption(10/10)  Query HVE (TK,C) First, compte If M is not in data space, output ⊥. Otherwise, output M.

38 38 Outline  Introduction  Definition  Brute Force Construction  Pairings and complexity assumption  Hidden Vector Encryption  Application of HVE  Conclusion

39 39 Application of HVE(1/15) Conjunctive General Predicate Multi-cell Practical Value Predicate Vector Practical Vector SK Ciphertext Token Data / ⊥ Data PK GenToken HVE Encrypt HVE Query HVE

40 40 Application of HVE(2/15)  Example for conjunctive comparison queries  Σ 01 ={0,1}=Z 2  Σ 01* ={0,1,*}=Z 2 ∪ {*}  Take n=3, w=4, then l =nw=12, m=2  Secure HVE over Σ 01 12 (Setup HVE, Encrypt HVE, GenToken HVE, Query HVE )  Construct a Φ n,w -searchable system as follows

41 41 Application of HVE(3/15)  Setup(λ) Run Setup HVE (λ) Get public key PK and secret ket SK.

42 42 Application of HVE(4/15)  Encrypt(PK,S,M) S=(x 1, …,x w ) ∈ {1, …,n} w ={1,2,3} 4 Build a vector σ(S)=(σ i,j ) ∈ Σ 01 nw =Σ 01 12 σ i,j =1 if x i ≧ j; σ i,j =0, otherwise For example, take S=(1,3,2,1) Vector σ(S) = (100 111 110 100) Output C ← Encrypt HVE (PK,σ(S),M), size = O(nw) x i j123 x 1 =1100 x 2 =3111 x 3 =2110 x 4 =1100

43 43 Application of HVE(5/15)  GenToken(SK, ) a=(a 1,a 2,a 3,a 4 ) ∈ {1, …,n} w ={1,2,3} 4 Build a vector σ * (a)=(σ *i,j ) ∈ Σ 01* nw =Σ 01* 12 σ *i,j =1 if x i =j; σ *i,j =*, otherwise For example, take a = (2,3,1,1) Vector σ * (a) = (*1* **1 1** 1**) Output TK a ← GenToken HVE (SK,σ * (a)), size = O(w) a i j123 a1=2*1* a2=3**1 a3=11** a4=11**

44 44 Application of HVE(6/15)  Query(TK a,C) Run Query HVE (TK a,C)

45 45 Application of HVE(7/15)   S=(1,3,2,1) and a=(2,3,1,1)  P a (S)=(x 1 ≧ 2)^(x 2 ≧ 3)^(x 3 ≧ 1)^(x 4 ≧ 1)=0 

46 46 Application of HVE(8/15)   S=(2,3,2,1) and a=(2,3,1,1)  P a (S)=(x 1 ≧ 2)^(x 2 ≧ 3)^(x 3 ≧ 1)^(x 4 ≧ 1)=1 

47 47 Application of HVE(9/15)  Conjunctive range queries To search for plaintext where x ∈ [a,b] Encrypts the pair (x,x) The predicate then tests x ≧ a ^ x ≦ b

48 48 Application of HVE(10/15)  Subset queries T: set of size n A ⊆ T Subset predicate  P A (x)=1 if x ∈ A; P A (x) = 0, otherwise

49 49 Application of HVE(11/15)  Conjunctive subset predicates over T w  σ=(A 1, …,A w ) where A i ⊆ T, i=1, …,w  σ ∈ (2 T ) w  x=(x 1, …,x w )  P σ (x)=1, if x i ∈ A i ∀ i=1, …,w; P σ (x)=0, otherwise

50 50 Application of HVE(12/15)  T={1,2,3,4,5}, |T|=n=5, w=4  A 1 ={1,2,4}, A 2 ={3,5}, A 3 ={1,5}, A 4 ={2}  Φ={P σ, ∀ σ ∈ (2 T ) w }, |Φ|=2 nw =2 20

51 51 Application of HVE(13/15)  Encrypt(PK,S,M) S=(x 1, …,x w ) ∈ {1, …,n} w ={1,2,3,4,5} 4 Build a vector σ(S)=(σ i,j ) ∈ Σ 01 nw =Σ 01 20 σ i,j =1 if x i ≠j; σ i,j =0, otherwise For example, take S=(4,5,2,3) Vector σ(S) = (11101 11110 10111 11011) Output C ← Encrypt HVE (PK,σ(S),M), size = O(nw) xi j12345 x1=411101 x2=511110 x3=210111 x4=311011

52 52 Application of HVE(14/15)  GenToken(SK, ) a=(A 1,A 2,A 3,A 4 ) ∈ {1, …,n} w ={1,2,3,4,5} 4 Build a vector σ * (a)=(σ *i,j ) ∈ Σ 01* nw =Σ 01* 20 σ *i,j =1 if j≠A i ; σ *i,j =*, otherwise For example, take a = (A 1,A 2,A 3,A 4 ) A 1 ={1,2,4}, A 2 ={3,5}, A 3 ={1,5}, A 4 ={2} Vector σ * (a) = (**1*1 11*1* *111* 1*111) Output TK a ← GenToken HVE (SK,σ * (a)), size = O(nw) Ai j12345 A1={1,2,4}**1*1 A2={3,5}11*1* A3={1,5}*111* A4={2}1*111

53 53 Application of HVE(15/15)   S=(4,5,2,3) and a=(A 1,A 2,A 3,A 4 )  A 1 ={1,2,4}, A 2 ={3,5}, A 3 ={1,5}, A 4 ={2}  P a (S)=(4 ∈ A 1 )^(5 ∈ A 2 )^(2 ∈ A 3 )^(3 ∈ A 4 )=0 

54 54 Outline  Introduction  Definition  Brute Force Construction  Pairings and complexity assumption  Hidden Vector Encryption  Application of HVE  Conclusion

55 55 Conclusion(1/2) Conjunctive General Predicate Multi-cell Practical Value Predicate Vector Practical Vector SK Ciphertext Token Data / ⊥ Data PK GenToken HVE Encrypt HVE Query HVE

56 56 Conclusion(2/2)  As the width of HVE is 1, the HVE scheme is essentially an Aonymous IBE system.  Improve the size of ciphertext.  The predicate vector and the practical vector are unique.  Composite queries. Range query + Subset query

Download ppt "1 Conjunctive, Subset, and Range Queries on Encrypted Data Presenter: 陳國璋 Lecture Notes in Computer Science, 2007 Dan Boneh and Brent Waters."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption

Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
ElGamal Security Public key encryption from Diffie-Hellman

ElGamal Security Public key encryption from Diffie-Hellman
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.

Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Dual System Encryption: Concept, History and Recent works Jongkil Kim.

Dual System Encryption: Concept, History and Recent works Jongkil Kim.
New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:

New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:
7. Asymmetric encryption-

7. Asymmetric encryption-
1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.

1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.
Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.

Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Identity Based Encryption

Identity Based Encryption
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’

1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’
1 Multi-Dimensional Range Query over Encrypted Data Presenter: 陳國璋 Elaine Shi, John Bethencourt, T-H. Hubert Chan, Dawn Song and Adrian Perrig IEEE Symposium.

1 Multi-Dimensional Range Query over Encrypted Data Presenter: 陳國璋 Elaine Shi, John Bethencourt, T-H. Hubert Chan, Dawn Song and Adrian Perrig IEEE Symposium.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :

Similar presentations

Ads by Google