Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using secret sharing for searching in encrypted data.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Using secret sharing for searching in encrypted data."— Presentation transcript:

1 Using secret sharing for searching in encrypted data

2 Ring F[x]/s(x) = {f(x) | deg(f(x)) < deg(s(x)) and coefficients of f(x)  F } FF q [x]/(x q-1 −1) (where q is a prime power q = p e. For the reader’s convenience, all proofs will be given for q prime) ex: when q = 5 (x-3)((x-2)(x-4))2 ≡88x 3 -252x 2 +353x-207(mod x 4 -1)  3x 3 +3x 2 +3x+3

3 Ring ZZ[x]/(r(x)) : (where r(x) is an irreducible polynomial) –If f(x)=g(x)h(x) ( f(x) has degree ≧ 2 ) ( g(x),h(x) has degree ≧ 1 ) we call f(x) reducible. ex: when r(x) = x 2 +1 (x-3)((x-2)(x-4))2 ≡265x+45 (mod x 2 +1)

4 1.Define a mapping function Z (map : tagnames → Z ) 2.Transform the tree of tag names into a tree of polynomials 3.Using ring to reduce 4.Data sharing 5.Querying

5 (x-2)(x-4) (x-4) (x-3)((x-2)(x-4))2 (x-4) (x-2)(x-4) client name customers name client tagname customers client name 324324 Z (a) XML example(b) Mapping from tagname to numbers (c) Data representation in non-compressed form

6 Data sharing += Pseudorandom generator

7 Querying ex : //client. This XPath expression means that we want to find ‘client’ elements somewhere in the tree.

8 Querying 1.translate ‘client’ to x = 2 2.The server evaluates the polynomials in the given point (x = 2) and sent back to the client. tagname customers client name 324324 Z

9 Querying 3.The client does the same thing on its own side and calculates the sum of the client element and the server element.  sum = 0, i.e. the element contains a factor (x − 2)  sum ≠ 0, The branch is dead the client informs the server so that the server can stop evaluating polynomials for elements in the tree starting with that branch.

10 Querying 4.Each zero element in the sum tree that does not have a zero sub element represents an answer to the query. 0 3 0 3 0 sum

11 Querying To reconstruct the element value, let f – sum of the polynomials q 1,..., q n – the combined polynomials of all its direct children. i.e. f = (x-t)Π i=1 n q i (mod r) f(x) = 0 solve t → check the correctness (in example : t = 2)

12 Theorem 2 proves that there is just a single solution for t. d = d(r) q 1...q n (x − t) = 0 (mod r)  a d-1 x d-1 +a d-2 x d-2 +…+a 1 x+a 0 = 0  a d-1 (t) = 0 … a 0 (t) = 0

13 advanced querying More elaborate XPath queries can be performed. ex : //a/b//c/d/e follow these steps and increase efficiency 1.from the root node find all ‘a’ elements that have b, c, d and e elements somewhere deeper in the tree 2.from the found nodes find all direct children ‘b’ that have elements c, d and e as descendants 3.…

14 Fermat's little theorem if p is a prime number,prime number then for any integer a, (a p − a) will be evenly divisible by p.integer i.e. a p ≡ a ( mod p ) a p-1 ≡ 1 ( mod p ) (a,p)=1

15 Lemma 1. If p is prime then Π i=1 p-1 (x − i) ≡ x p-1 − 1 (mod p). Let f(x) = Π i=1 p-1 (x − i) and g(x) = x p-1 − 1. All elements of F*p = {1,..., p − 1} are roots of f(x). By Fermat’s little theorem, for p prime all these p−1 roots of f(x) are also roots for g(x). Thus the two polynomials are equal.

16 Lemma 2. Let p be prime and f(x)  Fp[x]. ﹁ q→ ﹁ p If f(x) is non-zero mod x−(p−1)  p →q then f(x) is also non-zero modulo x p-1 − 1. Since f(x) ≡ 0 (mod x p-1 −1)  (x p-1 −1)|f(x) and x−(p−1)| x p-1 −1 in Fp[x] ( from lemma 1 )  x−(p−1)|f(x)  f(x) ≡ 0 (mod x − (p − 1)).

17 Lemma 3. Let p be prime, and let f(x)  Fp[x] be defined as f(x) = Then f(x) 0 (mod x p-1 − 1). Consider the evaluation of f(x) at p − 1: f(p − 1) = Because  i  {1,..., p − 2} : i  p−1, f(p − 1)  0. Thus x − (p − 1) cannot be a factor of f(x), and we have that f(x) 0 (mod x − (p − 1)). By lemma 2 this implies that f(x) 0 (mod x p-1 − 1).

18 Theorem 1. Given a polynomial f(x) in Fp[x]/(x p-1 − 1) (p prime) of an element node and all polynomials (q 1,..., q n ) of its children, the mapped value map(node) can be retrieved uniquely.

19 Proof we know at least one solution exists for the equation f(x) ≡ q 1 (x) · · · q n (x)(x − t) ( t − mapped value ) Suppose there are two solutions t 1 and t 2 : f(x) ≡ q 1 (x) · · · q n (x)(x− t 1 ) and f(x) ≡ q 1 (x) · · · q n (x)(x− t 2 ) Then q 1 (x) · · · q n (x)(x− t 1 ) ≡ q 1 (x) · · · q n (x)(x− t 2 )  q 1 (x) · · · q n (x)(t 1 − t 2 ) ≡ 0 (mod p).  q 1 (x) · · · q n (x) ≡ 0 (mod p) or (t 1 − t 2 ) ≡ 0 (mod p). Since we know that q 1 (x) · · · q n (x) 0 (mod p) by lemma 3 (the q i ’s match the required form by construction), we can conclude that t 1 ≡ t 2 (mod p).

20 Theorem 2. Given a polynomial f(x) in Z[x]/(r(x)) of an element node and all polynomials (q 1,..., q n ) of its children, the mapped value map(node) can uniquely be retrieved.

21 Proof As in theorem 1 due to construction there exists at least one t that satisfies f(x) ≡ q 1 (x) · · ·q n (x)(x − t) (mod p). suppose there are two solutions t 1 and t 2. Then q 1 (x) · · ·q n (x)(t 1 −t 2 ) ≡ 0 (mod r(x)). Since r(x) is irreducible, and none of the q i (x) are zero modulo r(x) (by construction), we have that t 1 − t 2 ≡ 0 (mod r(x)). Therefore t 1 = t 2.

22 Conclusion It has only a small penalty in storage space compared to the unencrypted case. a branch can be marked as a dead-end in a very early stage and only a small portion of the tree has to be examined. It cannot straightforwardly use the same method for the actual data.

23 Comment What kind of rings do we choose? Which one can be more efficient in our situation?

Download ppt "Using secret sharing for searching in encrypted data."

Similar presentations

Rational Root Theorem.

Rational Root Theorem.
Having Proofs for Incorrectness

Having Proofs for Incorrectness
Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou
More about Polynomials

More about Polynomials
Information and Coding Theory Finite fields. Juris Viksna, 2015.

Information and Coding Theory Finite fields. Juris Viksna, 2015.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.

Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.
Chapter 11 Algebraic Coding Theory. Single Error Detection M = (1, 1, …, 1) is the m  1 parity check matrix for single error detection. If c = (0, 1,

Chapter 11 Algebraic Coding Theory. Single Error Detection M = (1, 1, …, 1) is the m  1 parity check matrix for single error detection. If c = (0, 1,
Introduction Polynomials

Introduction Polynomials
5.IV. Jordan Form 5.IV.1. Polynomials of Maps and Matrices 5.IV.2. Jordan Canonical Form.

5.IV. Jordan Form 5.IV.1. Polynomials of Maps and Matrices 5.IV.2. Jordan Canonical Form.
6.5 & 6.6 Theorems About Roots and the Fundamental Theorem of Algebra

6.5 & 6.6 Theorems About Roots and the Fundamental Theorem of Algebra
Finite fields.

Finite fields.
2.4 – Zeros of Polynomial Functions

2.4 – Zeros of Polynomial Functions
Polynomial Factorization Olga Sergeeva Ferien-Akademie 2004, September 19 – October 1.

Polynomial Factorization Olga Sergeeva Ferien-Akademie 2004, September 19 – October 1.
EXAMPLE 3 Use zeros to write a polynomial function Write a polynomial function f of least degree that has rational coefficients, a leading coefficient.

EXAMPLE 3 Use zeros to write a polynomial function Write a polynomial function f of least degree that has rational coefficients, a leading coefficient.
The Remainder and Factor Theorems Check for Understanding 2.3 – Factor polynomials using a variety of methods including the factor theorem, synthetic division,

The Remainder and Factor Theorems Check for Understanding 2.3 – Factor polynomials using a variety of methods including the factor theorem, synthetic division,
Bell Work: Find the values of all the unknowns: R T = R T T + T = 60 R = 3 R = 6 1 1 2 2 1 2 1 2.

Bell Work: Find the values of all the unknowns: R T = R T T + T = 60 R = 3 R =
FINITE FIELDS 7/30 陳柏誠.

FINITE FIELDS 7/30 陳柏誠.
The Polynomial Time Algorithm for Testing Primality George T. Gilbert.

The Polynomial Time Algorithm for Testing Primality George T. Gilbert.

Similar presentations

Ads by Google