798 字
4 分钟
Manuscript for "Public Key Encryption with Keyword Search"
2025-03-03
Crypto
Crypto

Paper reference: Public Key Encryption with Keyword Search | SpringerLink

PEKS using Bilinear Maps#

Construction#

素数p阶群, (乘法群)定义双线性映射:#

非退化性:

  • e(g,g)g,  where  g  is  a  generator  of  G2e(g,g) \rightarrow g' , \; where \; g' \; is \; a \; generator \; of \; G_2

Hash functions:#

  • H1:{0,1}G1H_1: \{0,1\}^* \rightarrow G_1
  • H2:G2{0,1}logpH_2 : G_2 \rightarrow \{0,1\}^{\log{p}}

PEKS Scheme#

PEKS  Scheme:=(KeyGen,PEKS,Trapdoor,Test)PEKS \; Scheme:=(KeyGen,PEKS,Trapdoor,Test)

KeyGen:#

input 安全参数λ\lambda , 群阶p, G1G_1 ,G2G_2α$Zp\alpha \xleftarrow{\text\$} Z^*_p, g是 G1G_1 的一个生成元

output Apub=[g,h=gα]  and  Apriv=αA_{pub} = [g,h=g^\alpha] \; and \; A_{priv} =\alpha

一个典型的RSA公私钥分发

PEKS(Apub,WA_{pub},W):#

r$Zpr \xleftarrow{\text\$} Z^*_p , then compute t=e(H1(W),hr)t = e(H_1(W),h^r)

output S=[gr,H2(t)]S=[g^r,H_2(t)]

Trapdoor(Apriv,W)=>TW=H1(W)αTrapdoor(A_{priv},W) => T_W =H_1(W)^\alpha#

Notice that tG2t ∈ G_2  and TWG1T_W ∈ G_1

Test(ApubA_{pub}, S, TWT_W)#

S=[A,B]

output H2(e(TW,A))==BH_2(e(T_W,A)) == B

proof:#

H2(e(TW,A))=H2(e(H1(W)α,gr))=H2(e(H1(W),g)αr)H_2(e(T_W,A)) = H_2(e(H_1(W)^\alpha,g^r)) = H_2(e(H_1(W),g)^{\alpha r}) H2(t)=H2(e(H1(W),hr))=H2(e(H1(W),gαr))=H2(e(H1(W),g)αr)H_2(t) = H_2(e(H_1(W),h^r)) = H_2(e(H_1(W),g^{\alpha r}))= H_2(e(H_1(W),g)^{\alpha r})

BDH Assumption#

“Bilinear Diffie-Hellman Problem (BDH): Fix a generator g of G1. The BDH problem is as follows: given g, ga, gb, gc ∈ G1 as input, compute e(g, g)abc ∈ G2. We say that BDH is intractable if all polynomial time algorithms have a negligible advantage in solving BDH.” (Boneh et al., 2004, p. 512)

安全性证明#

定理1. 非交互式PEKS在适应性选择关键词攻击下具有语义安全,如果BDH是难解问题。#

  • 安全目标:在自适应选择关键词攻击下语义安全。

  • 归约到BDH问题

    • 假设存在攻击者 A 能以优势 ϵ 区分关键词加密,构造算法 B 利用 A 解决BDH问题。

    • 模拟过程

      1. B 接收BDH挑战 (g,gα,gβ,gγ)(g,g^α,g^β,g^γ) ,模拟公钥 h=gαh=g^α

      2. 对 A 的陷门查询,若关键词关联 gβg^β ,则终止;否则返回合法陷门。

      3. 挑战阶段,随机选择 WbW^b ​,构造密文 (gγ,H2(e(gβ,gαγ)))(g^γ,H_2​(e(g^β,g^{αγ})))

      4. 攻击者成功时,B 从哈希列表提取  e(g,g)αβγ e(g,g)^{αβγ}

  • 优势分析

    • B 的成功概率为 ϵ/(eqTqH2​​)ϵ/(e \cdot q_T \cdot ​q_{H_2}​​ ) ,其中 qTq_T ​ 为陷门查询次数, qH2q_{H_2} ​​ 为哈希查询次数。
阅读量:0
Manuscript for "Public Key Encryption with Keyword Search"
https://blog.twlmgatito.cn/posts/manuscript-for-peks/
本文同步发布于 博客园、CSDN等技术论坛 微信公众号仅与WPF Develops官方合作 转载请保留所有信息
作者
TwilightLemon
发布于
2025-03-03
许可协议
CC BY-NC-SA 4.0
Manuscript for "Identity-Based Encryption from the Weil Pairing"
Note(Manuscript) for "Device-Enhanced Secure Cloud Storage with Keyword Searchable Encryption and Deduplication"
总访问量:00000
© 2017~2024 TwilightLemon All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari