public key encryption that allows pir queries
DESCRIPTION
Public Key Encryption That Allows PIR Queries. Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky, William E. Skeith III Presenter: 紀汶承. Outline. Introduction Tools Definition Main Construction. Introduction Tools Definition Main Construction. PIR(Private Information Retrieval). - PowerPoint PPT PresentationTRANSCRIPT
Public Key Encryption That Allows PIR Queries
Dan Boneh, Eyal Kushilevitz, Rafail Ostrovsky,
William E. Skeith IIIPresenter: 紀汶承
Outline
Introduction Tools Definition Main Construction
Introduction Tools Definition Main Construction
PIR(Private Information Retrieval)
允許 user 從擁有 database 的 server 中取回資料 (item) ,但不洩漏取回的是什麼資料。
PIR solutions 藉由 address ,從 database 中,取回一
個 ( 明文 或 加密過 ) 的 record 。 靠關鍵字搜尋一個未加密的資料 (data)
Introduction Tools Definition Main Construction
Bloom filter
觀念 : Hash function: suppose A array: such that
and such that Note that ,then
kiih 1}{ ][}1,0{: * mhi
*1 }1,0{}{
liiaS
miitT 1}{ ][1 kjt i
][' lj iah jj )( '
Sa ][,1)( kit ahi
Bloom filter(cont.)Input a to hi, i: 1~k
0
1
1
1
0
h1 h2 hk T
H1(a)
H2(a)
Hk(a)
If
then
][,1)( kit ahi
Sa
驗證 :
Bloom filter(cont.)
儲存什麼 ? 不只是單單儲存 element ,改儲存 : 表示與 elements 的關係 ( 表達 element
所存放的位址 ) 現今儲存 (a,v), , where
v 被加入 for all If a S,∈
Vv
*}1,0{a mjjB 1}{ VB j
)(ahiB ][ki
)(][ ahki iBv
Bloom filter(cont.)
v1
v1
v1
v1,v2
v1
v2,v3
v1,v2,v3
v3
Insert: (a1,v1) Insert: (a2,v2)
H1(a1)
H2(a1)
Hk(a1)
B1
B2
B3
B4
Bm
)1(][ ahki iBv
{v1,v2}
{v1}
{v1,v2,v3}
∩
∩
∩
={v1}
Modifying Encrypted Data in a Communication Efficient Way
Based on group homomorphic encryption with communication O(√n).
Technique : : database (not encrypted) (i*,j*): the position of particular element α: the value we want to add. v , w: two vector of length √n where
Here δkl = 1 when k=l and 0 otherwise Then
njiijx 1,}{
*iivi *jjjw
otherwise
jjiiifwv ji
0
)( **
Modifying Encrypted Data in a Communication Efficient Way (cont.)
Parameters: (K, , D): a CPA-secure public-key encry
ption : an array of ciphertexts which i
s held by a party S. Define F(X, Y, Z)=X+YZ. By our assumpti
on, there exists some such that
nlll xc 1)}({
F~
),,()))(),(),((~
( zyxFzyxFD
Modifying Encrypted Data in a Communication Efficient Way (cont.)
Protocol: ModifyU,S(l, α) where l and α are private input to U.1. U compute i*, j* as the coordinates of l (i.e., i* and
j* are quotient and remainder of l/n, respectively)
2. U sends to S where all values are encrypted under Apublic.
3. S computes for all , and replaces each cij with the corresponding resulting ciphertext.
nii iiv 1
* )}({ nij jjw 1
* )}({
),,(~
jiij wvcF ][, nji
每一次修改都對所有的 Cij 作修改,因此,可以簡易看出保有私密性
Introduction Tools Definition Main Construction
Definition
參數 : X: message sending parties. Y: message receiving party. S: server/storage provider
定義 : KeyGen(1S): 產生公密鑰對 SendX,S(M, K, Apublic) RetrieveY,S(w, Aprivate)
Introduction Tools Definition Main Construction
Main Construction
S maintains in its storage space encryptions of the buffers, denote these encryptions
For , we defined KeyGen(k) :Run K(1s), generate Apublic
and Aprivate.
mjjB 1}{
*}1,0{w ]}[|)({ kiwhH iw
SendX,S(M, K, Apublic)
Sender Server/Storage
Bloom filter buffer
ε(M)
ρ
γcopies of the address ρ
ρ
ρε(M) M + K
mjjB 1}{
ρ
Message buffer
ρ
ρρ
wKw Hj
RetrieveY,S(w, Aprivate)
Receiver
mjjB 1}{
Bloom filter buffer
Message buffer
Server/Storage
PIR query
wHjjB }ˆ{
PIR query, L
ε(M)
wHjjB }ˆ{解密
jHj BLw m
jjB 1}{
))(()( MDM privateA 解密
wHjjB }{