Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承."— Presentation transcript:

1 Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承

2 Outline Problem Properties Background and Definitions Solution

3 Problem Pre-stored data search Cipher text AliceBob (untrusted server) Where the pre-stored data is some set of doucuments encryptedfrom Alice

4 properties Controlled searching: the un-trusted server can not search for an arbitrary word without user’s authorization Hidden searches: the user may ask the un-trusted server to search for a secret word without revealing the word to the server Query isolation: the un-trusted server can not learn anything more about the plaintext than the search result

5 Background and Definitions Pseudorandom generator Pseudorandom function Pseudorandom permutation

6 Let A : {0, 1} n  {0, 1} be an arbitrary algorithm and let X and Y be random variables distributed on {0, 1} n. The distinguishing probability of A --- sometimes called the advantage of A --- for X and Y is Adv A = | Pr[ A(X) = 1] - Pr[ A(Y) = 1] |.

7 Pseudorandom generator A pseudorandom generator G, i.e., a stream cipher. We say that G: κ G  S is a (t, e)- secure pseudorandom generator if every algorithm A with running time at most t has advantage Adv A < e. The advantage of an adversary A is defined as Adv A = | Pr[ A(U κ G ) = 1] - Pr[ A(U s ) = 1] |, where U κ G,, U s are random variables distributed uniformly on κ G, S.

8 Pseudorandom function A pseudorandom function F. We say that F: κ F × X  Y is a (t, q, e)- secure pseudorandom function if every oracle algorithm A making at most q oracle queries and with running time at most t has advantage Adv A < e. The advantage is defined as Adv A = | Pr[ A F k = 1] - Pr[ A R = 1] |, where R represents a random function selected uniformly from the set of all maps from X to Y, and where the probabilities are taken over the choice of k and R.

9 Pseudorandom permutation A pseudorandom permutation E, i.e., a block cipher. We say that E: κ E × Z  Z is a (t, q, e)- secure pseudorandom permutation if every oracle algorithm A making at most q oracle queries and with running time at most t has advantage Adv A < e. The advantage is defined as Adv A = | Pr[ A E k, E k -1 = 1] - Pr[ A π, π -1 = 1] |, where π represents a random permutation selected uniformly from the set of all bijections on Z, and where the probabilities are taken over the choice of k and π. Notice that the adversary is given an oracle for encryption as well as for decryption; this corresponds to the adaptive chosen-plaintext/ ciphertext attack model.

10 Our solution with sequential scan Where S i are pseudorandom values generated by pseudorandom generator, F is a pseudorandom function. The scheme 1: The basic scheme Alice produces S i and k i. n bits n-m bitsm bits

11 The scheme 2: The controlled search Let k i = f k’ (W i ), where k’ be chosen uniformly randomly by Alice and never be revealed. If Alice wish to allow Bob to search for the word W, she reveals f k’ (W), and W to him. Alice produces S i and k’.

12 The scheme 3: Support for hidden searches Alice produces S i, k’ and k’’. We let X i = E k’’ (W i ) Let k i = f k’ (X i ), where k’ be chosen uniformly randomly by Alice and never be revealed. If Alice wish to allow Bob to search for the word W, she reveals f k’ (E k’’ ( W)), and E k’’ (W) to him.

13 The scheme 4: The final scheme Let k i = f k’ (L i ), where k’ be chosen uniformly randomly by Alice and never be revealed. If Alice wish to allow Bob to search for the word W, she reveals f k’ (E k’’ ( W)), and E k’’ (W) to him. Alice produces S i, k’ and k’’. We let X i = E k’’ (W i )

Download ppt "Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承."

Similar presentations

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.

1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Public-Key Cryptosystems Based on Composite Degree Residuosity Classes Presenter: 陳國璋 EUROCRYPT'99, LNCS 1592, pp. 223-238, 1999. By Pascal Paillier Efficient.

Public-Key Cryptosystems Based on Composite Degree Residuosity Classes Presenter: 陳國璋 EUROCRYPT'99, LNCS 1592, pp , By Pascal Paillier Efficient.
1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.
1 Intro To Encryption Exercise 4. 2 Defining Pseudo-Random Permutation Let A be alg. with oracle to a function from {0,1} k to {0,1} k Notation: let A.

1 Intro To Encryption Exercise 4. 2 Defining Pseudo-Random Permutation Let A be alg. with oracle to a function from {0,1} k to {0,1} k Notation: let A.
1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.

1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography

Similar presentations

Ads by Google