Multi-client Predicate-only Encryption for Conjunctive Equality - - PowerPoint PPT Presentation

multi client predicate only encryption for conjunctive
SMART_READER_LITE
LIVE PREVIEW

Multi-client Predicate-only Encryption for Conjunctive Equality - - PowerPoint PPT Presentation

Jan 09, 2024 274 likes •498 views

Multi-client Predicate-only Encryption for Conjunctive Equality Tests Tim van de Kamp Andreas Peter Maarten Everts Willem Jonker 16th International Conference on Cryptology And Network Security, 2017 Monitoring over Encrypted Data Tim van de

slide-1
SLIDE 1

Multi-client Predicate-only Encryption for Conjunctive Equality Tests

Tim van de Kamp Andreas Peter Maarten Everts Willem Jonker

16th International Conference on Cryptology And Network Security, 2017

slide-2
SLIDE 2

Monitoring over Encrypted Data

Tim van de Kamp Andreas Peter Maarten Everts Willem Jonker

16th International Conference on Cryptology And Network Security, 2017

slide-3
SLIDE 3

This Talk: Monitoring over Encrypted Data

rule data to be monitored Monitoring of sensitive data using sensitive monitoring rules.

2

slide-4
SLIDE 4

Background: Predicate Encryption

message: m label: x decryption key

y

label: y decryption

  • m

if fy(x) = TRUE ⊥ if fy(x) = FALSE

x(m)

Predicate encryption for relation R(x, y).

Examples

Identity-based encryption Attribute-based encryption Hidden vector encryption Inner-product predicate encryption

3

slide-5
SLIDE 5

Multi-client Predicate-only Encryption – Concept

x1 x2

. . .

xn token

y

label: y test returns fy(x1, . . . , xn) ( x1 ) (x2) ( · ) (xn) Multi-client predicate-only encryption for relation R(x1, . . . , xn, y).

4

slide-6
SLIDE 6

Multi-client Predicate-only Encryption – Security

TRUE/FALSE (y) (ID, x1) (ID, x

2

) (

I D

, x

3

) (ID, x4)

aggregate and test result

5

slide-7
SLIDE 7

Multi-client Predicate-only Encryption – Security

TRUE/FALSE (y) (ID, x1) (ID, x

2

) (

I D

, x

3

) (ID, x4)

aggregate and test result plaintext-privacy

5

slide-8
SLIDE 8

Multi-client Predicate-only Encryption – Security

TRUE/FALSE (y) (ID, x1) (ID, x

2

) (

I D

, x

3

) (ID, x4)

aggregate and test result predicate-privacy

5

slide-9
SLIDE 9

Multi-client Predicate-only Encryption – Security

TRUE/FALSE (y)

1 2

(

I D

, x

3

) (ID, x4)

aggregate and test result corruptions

5

slide-10
SLIDE 10

Multi-client Predicate-only Encryption – Security

TRUE/FALSE (y) (ID′, x1) (ID

, x

2

) (

I D

, x

3

) (ID, x4)

aggregate and test result mix-and-match attacks prevention

5

slide-11
SLIDE 11

Construction: Schematic Overview

y =

  • 37 23 43 6
  • ✓ no match

x1 = 37 x2 = 8 x3 = 43 x4 = 0

(y) (ID, x1) (ID, x

2

) (

I D

, x

3

) (ID, x4)

aggregate and test

  • y ?

= x

  • evaluate

6

slide-12
SLIDE 12

Construction: Schematic Overview

y =

  • 37 23 43 6
  • raise alarm

x1 = 37 x2 = 23 x3 = 43 x4 = 6

(y) (ID, x1) (ID, x

2

) (

I D

, x

3

) (ID, x4)

aggregate and test

  • y ?

= x

  • evaluate

6

slide-13
SLIDE 13

Construction: Schematic Overview

y =

  • 37 23

6

  • raise alarm

x1 = 37 x2 = 23 x3 = 43 x4 = 6

(y) (ID, x1) (ID, x

2

) (

I D

, x

3

) (ID, x4)

aggregate and test

  • y ?

= x

  • evaluate

6

slide-14
SLIDE 14

Construction: Simplified & Highlights

Setup(1λ) prime-order asymmetric pairing e: G1 × G2 → GT hash function H: {0, 1}∗ → G1 uski = (g1αi, ) msk =

  • (g2αi,

)

  • i∈[n]

7

slide-15
SLIDE 15

Construction: Simplified & Highlights

Setup(1λ) prime-order asymmetric pairing e: G1 × G2 → GT hash function H: {0, 1}∗ → G1 uski = (g1αi, ) msk =

  • (g2αi,

)

  • i∈[n]

Encrypt(uski, ID, xi) cti =

  • , gri

1 , g1αixiri

  • GenToken(msk, y)

tky =   gui

2 , g2αiyiui i∈[n],

  Test(tky, {cti}i∈[n])

  • i∈[n]

e

  • g1αixiri

, gui

2

? =

  • i∈[n]

e

  • gri

1 , g2αiyiui 7

slide-16
SLIDE 16

Construction: Simplified & Highlights

Setup(1λ) prime-order asymmetric pairing e: G1 × G2 → GT hash function H: {0, 1}∗ → G1 uski = (g1αi, δi) msk =

  • (g2αi, g δi

2 )

  • i∈[n]

Encrypt(uski, ID, xi) cti =

  • H(ID), gri

1 , g1αixiriH(ID)δi

GenToken(msk, y) tky =   gui

2 , g2αiyiui i∈[n],

  • i∈[n]

(g δi

2 )ui

  Test(tky, {cti}i∈[n])

  • i∈[n]

e

  • g1αixiriH(ID)δi, gui

2

? =

  • i∈[n]

e

  • gri

1 , g2αiyiui

e

  • H(ID),
  • i∈[n]

(g δi

2 )ui 7

slide-17
SLIDE 17

Construction: Simplified & Highlights

Setup(1λ) prime-order asymmetric pairing e: G1 × G2 → GT hash function H: {0, 1}∗ → G1 uski = (g1αi, δi) msk =

  • (g2αi, g δi

2 )

  • i∈[n]

Encrypt(uski, ID, xi) cti =

  • H(ID), gri

1 , g1αiπi(xi)riH(ID)δi

GenToken(msk, y) tky =   gui

2 , g2αiπi(yi)ui i∈[n],

  • i∈[n]

(g δi

2 )ui

  Test(tky, {cti}i∈[n])

  • i∈[n]

e

  • g1αiπi(xi)riH(ID)δi, gui

2

? =

  • i∈[n]

e

  • gri

1 , g2αiπi(yi)ui

e

  • H(ID),
  • i∈[n]

(g δi

2 )ui 7

slide-18
SLIDE 18

Evaluation

Proof-of-concept implementation in Go [CRIPTIM].

MNT-159 curve

Encrypt (single client): 2.6 ms

5 25 50 100 1 2 3 Number of clients Time (seconds) GenT

  • ken

Setup T est

8

slide-19
SLIDE 19

Evaluation

Proof-of-concept implementation in Go [CRIPTIM].

MNT-159 curve

Encrypt (single client): 2.6 ms

5 25 50 100 1 2 3 Number of clients Time (seconds)

MNT-224 curve

Encrypt (single client): 4.4 ms

5 25 50 100 1 2 3 Number of clients GenT

  • ken

Setup T est

8

slide-20
SLIDE 20

Summary

Monitoring over encrypted data Defined multi-client predicate-only encryption Simple and efficient construction for conjunctive equality tests

9

slide-21
SLIDE 21

Summary

Monitoring over encrypted data Defined multi-client predicate-only encryption Simple and efficient construction for conjunctive equality tests

Interested?

Contact: t.r.vandekamp@utwente.nl

References

[CRIPTIM] Implementations of Private Information Sharing

  • Schemes. CRIPTIM consortium. URL:

https://github.com/CRIPTIM/.

9