inverted index based multi-keyword public-key searchable encryption with strong privacy guarantee

37
Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee Bing Wang, Wei Song, Wenjing Lou, Y. Thomas Hou INFOCOM 2015 SWIM Seminar October 21, 2016 Mateus Cruz

Upload: mateus-s-h-cruz

Post on 15-Apr-2017

228 views

Category:

Technology


3 download

TRANSCRIPT

Page 1: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Inverted Index BasedMulti-Keyword Public-key

Searchable Encryption withStrong Privacy Guarantee

Bing Wang, Wei Song, Wenjing Lou, Y. Thomas Hou

INFOCOM 2015

SWIM SeminarOctober 21, 2016

Mateus Cruz

Page 2: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

OUTLINE

1 Introduction

2 Preliminaries

3 Proposal

4 Experiments

5 Conclusion

Page 3: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

OUTLINE

1 Introduction

2 Preliminaries

3 Proposal

4 Experiments

5 Conclusion

Page 4: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

OVERVIEW

Search encrypted dataUse of inverted indexPreserve query privacyEfficiency using cheap operations

1 / 21

Page 5: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

CONTRIBUTIONS

Use the same index more than onceSupport conjunctive multi-keyword queriesTrapdoor unlinkability

Ï The same query have multiple trapdoorsEfficiency

Ï Only use multiplication and exponentiationÏ No use of pairing

2 / 21

Page 6: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

RELATED WORK

Bloom filter indexÏ Only supports single keyword search

Self-designed indicesÏ Not compatible with each other

One-time-only search limitationÏ Leaks query information from trapdoor

No support for multi-keyword search

3 / 21

Page 7: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

OUTLINE

1 Introduction

2 Preliminaries

3 Proposal

4 Experiments

5 Conclusion

Page 8: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

INVERTED INDEX

Multiple inverted lists: I = (Iw1, Iw2, . . . , Iwm)Ï The list Iwi has all documents containing wi

Efficient for large datasetsCan be extended

Ï Result rankingÏ Phrase search

4 / 21

Page 9: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

PRIVATE SET INTERSECTION

Only reveals the intersectionÏ No other information is leaked

FNP protocol1Ï Uses Paillier cryptosystem

– E(a1 +a2) = E(a1)E(a2)

1Freedman, Nissim and Pinkas: “Efficient private matching and setintersection” (EUROCRYPT 2004)

5 / 21

Page 10: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

FNP PROTOCOL

1 Alice represents her set A as a polynomialÏ f (x) =∏

ai∈A (x−ai)

2 Alice encrypts the coefficients using Paillier3 Alice sends f ′(x) = Enc(f (x)) to Bob4 Bob calculates R : {rj = f ′(bj)+h bj}

Ï bj ∈B

5 Bob sends R to Alice6 Alice decrypts R as R ′

7 Alice obtains A ∩B from calculating A ∩R ′

6 / 21

Page 11: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

OUTLINE

1 Introduction

2 Preliminaries

3 Proposal

4 Experiments

5 Conclusion

Page 12: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

SYSTEM ARCHITECTURE

Honest-but-curious cloud serverTrusted users

7 / 21

Page 13: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

THREAT MODEL

Confidentiality of documentsIndex privacyTrapdoor privacyAccess pattern privacy

8 / 21

Page 14: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

NOTATIONS

Document collection: Σ= (σ1,σ2, . . . ,σn)

Keyword collection: D = (w1,w2, . . . ,wm)Inverted index: I = (Iw1, Iw2, . . . , Iwm)

Ï Iwi contains Σi = (σi1,σi2, . . . ,σip)– Σi ⊂Σ– wi ∈σij,1 ≤ j ≤ p

Encrypted index I based on I

Query: Q ⊂ D

Trapdoor for query Q: TQ

9 / 21

Page 15: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

STEPS OVERVIEW

10 / 21

Page 16: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

SYSTEM INITIALIZATION

Done by the data ownerReceives security parameter kGenerate key pair for the Paillier algorithm

Ï Secret key skÏ Public key pk

Output master key MK = {sk, f ,M}Ï f : Pseudorandom permutationÏ M: Invertible matrix of degree m

11 / 21

Page 17: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

ENCRYPTED INDEX GENERATION

Done by the data ownerReceives master key MK and index I

Transform inverted lists into polynomialsEncrypt coefficients using pk

Ï I = Enc(I)

Construct a dictionary matrix MDÏ Encrypt MD as M ′

D = M ·MD

Send M ′D and I to the server

12 / 21

Page 18: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

ENCRYPTED INDEX GENERATION

12 / 21

Page 19: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

TRAPDOOR GENERATION

Pre-compute a polynomial for all keywordsÏ

∏m1 (x−wi)

Generate a polynomial for user query QÏ PQ(x) = PD/

∏wi∈Q(x−wi)

Apply padding to hide the query lengthSend trapdoor TQ to the server

Ï TQ = {(am,am−1, . . . ,a1) ·M−1,Enc(a0)}

13 / 21

Page 20: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

TRAPDOOR GENERATION

13 / 21

Page 21: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

QUERYING

Calculate V = TQ[1] ·M ′D = (v1,v2, · · · ,vm)

For each vi, calculate v ′i = Enc(vi)+h TQ[2]

Ï V ′ = (v ′1,v ′

2, . . . ,v ′m)

Calculate result polynomial PR(x) = V ′ · IT

Return PR(x) to the user

14 / 21

Page 22: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

QUERYING

14 / 21

Page 23: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

RESULT DECRYPTION

Requires assistance of data ownerFind the roots of PR(x)

Ï The roots are the IDs of the result documents

15 / 21

Page 24: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

OUTLINE

1 Introduction

2 Preliminaries

3 Proposal

4 Experiments

5 Conclusion

Page 25: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

SETUP

EnvironmentÏ Intel Core i3 3.3GHz 4GB RAMÏ Windows 8.1Ï Python

DatasetÏ Enron emails

16 / 21

Page 26: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

SYSTEM INITIALIZATION

Generation of public and private keysÏ 512-bit: 0.40sÏ 1024-bit: 3.03s

17 / 21

Page 27: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

ENCRYPTED INDEX GENERATION

One-time process1 Calculate polynomials for keyword lists2 Encrypt polynomials

Cost increases with dictionary size

18 / 21

Page 28: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

TRAPDOOR GENERATION

Matrix multiplication is the most expensiveÏ Can be optimized

19 / 21

Page 29: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

QUERYING

Multiply trapdoor with the dictionary matrixEncryption is expensive

Ï Can be parallelized

20 / 21

Page 30: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

OUTLINE

1 Introduction

2 Preliminaries

3 Proposal

4 Experiments

5 Conclusion

Page 31: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

Introduction Preliminaries Proposal Experiments Conclusion

SUMMARY

Searchable encryption schemeÏ Public keyÏ Based on inverted indexÏ Multi-keyword queries

Prevents trapdoor linkingÏ Hides the number of keywords in query

EfficiencyÏ Uses only multiplication and exponentiation

21 / 21

Page 32: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

EXTRA SLIDES

Page 33: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

PAILLIER CRYPTOSYSTEM

Key generationÏ pk = (n,g)

– n = pq,GCD(pq, (p−1)(q−1)) = 1– g ∈Z∗

n2

Ï sk = (λ,µ)– λ= LMC(p−1,q−1)

– µ= ( gλ mod n2−1n )−1 mod n

Encrypt message m into ciphertext cÏ c = gm · rn mod n2,r ∈Zn

Decrypt ciphertext c into message mÏ m = cλ mod n2−1

n ·µ mod n

Page 34: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

ENCRYPTED INDEX GENERATION [1/2]

For each keyword wi and its list Iwi

Ï Generate tags for keywords: twi = f (wi)Ï Generate tags for documents: tσi = f (σi)

Generate random numbers Ri = {rj} for Iwi

Ï rj ∈Z∗n,rj ∉ f (D)

Generate polynomial Pwi(x) for Iwi

Ï Pwi (x) = ∏σj∈Iwi

(x− tσj )∏

rj∈Ri

(x− rj)

Calculate a polynomial vectorÏ I = (Pw1 ,Pw2 , . . . ,Pwm )T

Page 35: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

ENCRYPTED INDEX GENERATION [2/2]

Encrypt coefficients of each Pwi

Ï I = Enc(n,g)(I)

Construct dictionary matrix MD

MD =

tm

w1tm

w2· · · tm

wm

tm−1w1

tm−1w2

· · · tm−1wm... ... . . . ...

tw1 tw2 · · · twm

Encrypt M as M ′

D = M ·MD

Outsource M ′D and I to the cloud

Page 36: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

TRAPDOOR GENERATION

Encrypt all keywords as PD(x) = ∏wi∈D

(x− twi)

Receive a query request Q

Construct PQ(x) = PD/∏

wi∈Q(x−wi)

Generate P ′Q(x) by padding random terms

Ï P ′Q(x) = PQ(x)

m∏q+1

(x− rj),q = |Q|,rj ∉ f (D)

Send trapdoor to userÏ TQ = {(am,am−q, . . . ,a1)∗M−1,Enc(n,g)(a0)}

– (am,am−q, . . . ,a1) are the coefficients of P ′Q(x)

Page 37: Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee

COMPARISON WITH OTHER WORKS

P: Map-to-point hashM: MultiplicationE: Exponentiatione: Pairing