Download presentation
Presentation is loading. Please wait.
1
Improved Searchable Public Key Encryption with Designated Tester Author : Hyun Sook Rhee, Jong Hwan Park, Willy Susilo, Dong Hoon Lee Presenter: Li-Tzu Chang
2
Improved Searchable Public Key Encryption with Designated Tester 2 Outline Introduction Preliminaries Definition Our security model Bilinear pairings A new DPEKS scheme Conclusion
3
Improved Searchable Public Key Encryption with Designated Tester 3 Introduction PEKS scheme 加密過的訊息 訊息傳送者 伺服器 訊息接收者 傳回使用者 所需的文件 關鍵字的暗門
4
Improved Searchable Public Key Encryption with Designated Tester 4 Introduction In Baek et al.'s security model, an attacker is only provided with trapdoors, but cannot get the relation between a encrypted mail and a trapdoor. An attacker in the model has to reveal her secret key to a third party.
5
Improved Searchable Public Key Encryption with Designated Tester 5 Outline Introduction Preliminaries Definition Our security model Bilinear pairings A new DPEKS scheme Conclusion
6
Improved Searchable Public Key Encryption with Designated Tester 6 Preliminaries- Definition GlobalSetup(λ): Takes a security parameter λ, generates a global parameter GP. KeyGen Server (GP): Takes as input GP. Output the public/secret pair (pk S, sk S ) of server S. KeyGen Receiver (GP): Takes as input GP, generates public/secret pair (pk R, sk R ) of receiver R. dPEKS(GP, pk R, pk S, w): Takes as input GP, a receiver's public key pk R, a server's public key pk S, and a keyword w.Return a ciphertext C of w. Trapdoor(GP, sk R, w): Takes as input GP, a receiver's secret key sk R and a keyword w. Generate a trapdoor T w. dTest(GP, C, sk S, T w ): Takes as input GP, C, a server's secret key sk S, and a trapdoor T w. Output “yes” if w = w' and “no” otherwise, where C = dPEKS(GP, pk R, pk S., w').
7
Improved Searchable Public Key Encryption with Designated Tester 7 Outline Introduction Preliminaries Definition Our security model Bilinear pairings A new DPEKS scheme Conclusion
8
Improved Searchable Public Key Encryption with Designated Tester 8 Preliminaries - Our security model Game 1: the server is the attacker A1A1 B pk s pk R Trapdoor and Test queries C* Trapdoor queries challenge
9
Improved Searchable Public Key Encryption with Designated Tester 9 Preliminaries - Our security model Game 2: the outer attacker A2A2 B pk R pk S dTest queries C* dTest queries challenge
10
Improved Searchable Public Key Encryption with Designated Tester 10 Outline Introduction Preliminaries Definition Our security model Bilinear pairings A new DPEKS scheme Conclusion
11
Improved Searchable Public Key Encryption with Designated Tester 11 Preliminaries- Bilinear pairing Bilinear pairings G1 : cyclic additive group generated by P whose order is a prime q. G2 : cyclic multiplicative group of the same order q. e : G1 × G1 → G2 with the following properties: Computable: there is an efficient algorithm to compute e(P,Q) for all P,Q ∈ G 1
12
Improved Searchable Public Key Encryption with Designated Tester 12 Outline Introduction Preliminaries Definition Our security model Bilinear pairings A new DPEKS scheme Conclusion
13
Improved Searchable Public Key Encryption with Designated Tester 13 A new DPEKS scheme Global Setup: Given a security parameter λ, it return a global parameter, where are random values. KeyGen Server (GP): Takes as inpute GP, chooses a random exponent sk s and compute. Output (pk s,sk s ) to the server S and publish pk s. KeyGen Receiver (GP): Takes as inoute GP, chooses a random exponent sk R and compute Output (pk s,sk R ) to the receiver R and publish pk R.
14
Improved Searchable Public Key Encryption with Designated Tester 14 A new DPEKS scheme dPEKS(GP,pk R,pk s,w): Takes as input GP, receiver’s public key,a server’s public key, and a keyword w. This algorithm checks if If any of these conditions is false, this algorithm stops. Otherwise, this algorithm chooses a random value and compute a ciphertext
15
Improved Searchable Public Key Encryption with Designated Tester 15 A new DPEKS scheme Trapdoor(GP,sk R,w): Takes as input GP, a receiver’s secret key sk R, a keyword w, Compute and output. dTest(GP,C,sk s,T w ): Takes as input GP, C=[A,B], a secret key of server sk s, and a trapdoor Tw. This algorithm checks if. If the above equalities are satisfied, then output “yes”; otherwise, output “no”.
16
Improved Searchable Public Key Encryption with Designated Tester 16 Outline Introduction Preliminaries Definition Our security model Bilinear pairings A new DPEKS scheme Conclusion
17
Improved Searchable Public Key Encryption with Designated Tester 17 Conclusion In our enhanced security model, an attacker publishes only her public key without revealing her secret key. An attacker is also allowed to obtain the relation between non-target ciphertexts and a trapdoor.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.