Multi-client Predicate-only Encryption for Conjunctive Equality Tests Tim van de Kamp Andreas Peter Maarten Everts Willem Jonker 16th International Conference on Cryptology And Network Security, 2017
Monitoring over Encrypted Data Tim van de Kamp Andreas Peter Maarten Everts Willem Jonker 16th International Conference on Cryptology And Network Security, 2017
This Talk: Monitoring over Encrypted Data rule data to be monitored Monitoring of sensitive data using sensitive monitoring rules. 2
Background: Predicate Encryption � m if f y ( x ) = TRUE decryption x ( m ) ⊥ if f y ( x ) = FALSE message: m decryption key y label: x label: y Predicate encryption for relation R ( x, y ) . Examples Identity-based encryption Attribute-based encryption Hidden vector encryption Inner-product predicate encryption 3
Multi-client Predicate-only Encryption – Concept x 1 ( x 1 ) ( x 2 ) test returns f y ( x 1 , . . . , x n ) x 2 ( · ) . . . ( x n ) token y label: y x n Multi-client predicate-only encryption for relation R ( x 1 , . . . , x n , y ) . 4
Multi-client Predicate-only Encryption – Security aggregate and test ( y ) result TRUE / FALSE ) ( ID , x 1 ) 2 ( ID , x 4 ) ( ID , x ( I D , x 3 ) 5
Multi-client Predicate-only Encryption – Security plaintext-privacy aggregate and test ( y ) result TRUE / FALSE ( ID , x 1 ) ) 2 ( ID , x 4 ) ( ( ID , x I D , x 3 ) 5
Multi-client Predicate-only Encryption – Security predicate-privacy aggregate and test ( y ) result TRUE / FALSE ) ( ID , x 1 ) 2 ( ID , x 4 ) ( ID , x ( I D , x 3 ) 5
Multi-client Predicate-only Encryption – Security corruptions aggregate and test ( y ) result TRUE / FALSE 1 ( ID , x 4 ) 2 ( I D , x 3 ) 5
Multi-client Predicate-only Encryption – Security mix-and-match attacks prevention aggregate and test ( y ) result TRUE / FALSE ) ( ID ′ , x 1 ) 2 , x ( ID , x 4 ) ( I D ′ , ( ID x 3 ) 5
Construction: Schematic Overview � y ? � aggregate and test = x ( y ) evaluate ✓ no match � � ) 37 23 43 6 ( ID , x 1 ) y = 2 ( ID , x 4 ) ( ID , x ( I D , x 3 ) x 1 = 37 x 2 = 8 x 3 = 43 x 4 = 0 6
Construction: Schematic Overview � y ? � aggregate and test = x ( y ) evaluate raise alarm � � ) 37 23 43 6 ( ID , x 1 ) y = 2 ( ID , x 4 ) ( ID , x ( I D , x 3 ) x 1 = 37 x 2 = 23 x 3 = 43 x 4 = 6 6
Construction: Schematic Overview � y ? � aggregate and test = x ( y ) evaluate raise alarm � � ) 37 23 6 ( ID , x 1 ) y = ⋆ 2 ( ID , x 4 ) ( ID , x ( I D , x 3 ) x 1 = 37 x 2 = 23 x 3 = 43 x 4 = 6 6
Construction: Simplified & Highlights Setup( 1 λ ) prime-order asymmetric pairing e : G 1 × G 2 → G T hash function H : {0 , 1} ∗ → G 1 usk i = ( g 1 α i , ) � � ( g 2 α i , msk = ) i ∈ [ n ] 7
Construction: Simplified & Highlights Setup( 1 λ ) prime-order asymmetric pairing e : G 1 × G 2 → G T hash function H : {0 , 1} ∗ → G 1 usk i = ( g 1 α i , ) � � ( g 2 α i , msk = ) i ∈ [ n ] Encrypt( usk i , ID , x i ) , g r i � 1 , g 1 α i x i r i � ct i = GenToken( msk , y ) g u i � 2 , g 2 α i y i u i � tk y = i ∈ [ n ] , Test( tk y , {ct i } i ∈ [ n ] ) � ? � � , g u i g r i � g 1 α i x i r i � 1 , g 2 α i y i u i � e = e 2 i ∈ [ n ] i ∈ [ n ] 7
Construction: Simplified & Highlights Setup( 1 λ ) prime-order asymmetric pairing e : G 1 × G 2 → G T hash function H : {0 , 1} ∗ → G 1 usk i = ( g 1 α i , δ i ) � ( g 2 α i , g δ i � msk = 2 ) i ∈ [ n ] Encrypt( usk i , ID , x i ) H ( ID ) , g r i � 1 , g 1 α i x i r i H ( ID ) δ i � ct i = GenToken( msk , y ) � g u i ( g δ i � 2 , g 2 α i y i u i � 2 ) u i tk y = i ∈ [ n ] , i ∈ [ n ] Test( tk y , {ct i } i ∈ [ n ] ) � ? � � � g 1 α i x i r i H ( ID ) δ i , g u i g r i ( g δ i � � 1 , g 2 α i y i u i � � 2 ) u i � e = e e H ( ID ) , 2 i ∈ [ n ] i ∈ [ n ] i ∈ [ n ] 7
Construction: Simplified & Highlights Setup( 1 λ ) prime-order asymmetric pairing e : G 1 × G 2 → G T hash function H : {0 , 1} ∗ → G 1 usk i = ( g 1 α i , δ i ) � ( g 2 α i , g δ i � msk = 2 ) i ∈ [ n ] Encrypt( usk i , ID , x i ) H ( ID ) , g r i � 1 , g 1 α i π i ( x i ) r i H ( ID ) δ i � ct i = GenToken( msk , y ) � g u i ( g δ i � 2 , g 2 α i π i ( y i ) u i � 2 ) u i tk y = i ∈ [ n ] , i ∈ [ n ] Test( tk y , {ct i } i ∈ [ n ] ) � ? � � � g 1 α i π i ( x i ) r i H ( ID ) δ i , g u i g r i ( g δ i � � 1 , g 2 α i π i ( y i ) u i � � 2 ) u i � e = e e H ( ID ) , 2 i ∈ [ n ] i ∈ [ n ] i ∈ [ n ] 7
Evaluation Proof-of-concept implementation in Go [CRIPTIM]. MNT-159 curve Encrypt (single client): 2.6 ms 3 Time (seconds) 2 1 0 5 25 50 100 Number of clients GenT oken Setup T est 8
Evaluation Proof-of-concept implementation in Go [CRIPTIM]. MNT-159 curve MNT-224 curve Encrypt (single client): 2.6 ms Encrypt (single client): 4.4 ms 3 3 Time (seconds) 2 2 1 1 0 0 5 25 50 100 5 25 50 100 Number of clients Number of clients GenT oken Setup T est 8
Summary Monitoring over encrypted data Defined multi-client predicate-only encryption Simple and efficient construction for conjunctive equality tests 9
Summary Monitoring over encrypted data Defined multi-client predicate-only encryption Simple and efficient construction for conjunctive equality tests Interested? Contact: t.r.vandekamp@utwente.nl References [CRIPTIM] Implementations of Private Information Sharing Schemes . CRIPTIM consortium. URL: https://github.com/CRIPTIM/ . 9
Recommend
More recommend
