5.1 Summary
We introduced the idea of searchable encryption that is used to solve the problem of how to efficiently search on encrypted data. In Chapter 2, we introduced the mathematical background including elliptic curve and bi-linear pairings. In Chapter 3, we reviewed three prominent public key searchable encryptions: public key encryption with keyword search, mul-ti-user searchable data encryption, and hidden-vector encryption. We de-scribed the scheme, and then gave out its definition as well as its concrete construction. In Chapter 4, we described our design of searchable encryp-tion, providing a solution to sharing data on untrusted server with con-junctive keyword search. After describing our construction in detail, we introduced several applications of our scheme, including conjunctive comparison queries, range queries, and subset queries. We mentioned an interesting application that can reduce the space needed by conjunctive subset queries by apply Bloom filters on the hidden vectors. Then we de-scribed our implementation and evaluated the performance of our algo-rithms.
5.2 Future Work
For further research, we recommend for the following topics:
1. Multi-user searchable data encryption without key management
center: In our design and DGD scheme, we need a key management
center to hold the master key. Generating user side and server side keys of all users with a single master key implies the risk of collusion attack. Also, renewing master keys requires the user to encrypt his previous encrypted data and searchable encryption again. We expect there is a multi-user searchable encryption scheme that runs without key management center.
2. Improve the performance of HVE encryption. As we can see in the performance evaluation in Chapter 4.3, most computation are cost by pairing computation. By redesigning the algorithms, we expect the precompile pairing comes in handy while, if possible, consecutive pairing computes with the same first argument. Precompile pairing improves performance significantly on a type A pairing.
3. Applications of HVE. By designing the hidden vector
and properly, the hidden vector encryption provides can do many opera-tions while the vectors are hidden. We look for more applicaopera-tions of HVE.Bibliography
[1] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J.
Malone-Lee, G. Neven, P. Paillier, and H. Shi, “Searchable encryption revisited:
consistency properties, relation to anonymous IBE, and extensions,” Journal of Cryptology, vol. 21, no. 3, pp. 350–391, 2008.
[2] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” in Pro-ceedings of the 12th Annual Network and Distributed System Security Symposi-um, 2005, pp. 29–44.
[3] I. F. Blake, G. Seroussi, and N. P. Smart, Advances in elliptic curve cryptog-raphy. Cambridge Univ Pr, 2005.
[4] B. H. Bloom, “Space/time trade-offs in hash coding with allowable errors,”
Communications of the ACM, vol. 13, no. 7, pp. 422–426, 1970.
[5] D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryp-tion with keyword search,” in Advances in Cryptology-Eurocrypt 2004, 2004, pp.
506–522.
[6] D. Boneh, and B. Waters, “Conjunctive, subset, and range queries on encrypted data,” Theory of Cryptography, pp. 535–554, 2007.
[7] R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, “Searchable symmetric en-cryption: improved definitions and efficient constructions,” in Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006, pp.
79–88.
[8] A. De Caro, V. Iovino, and G. Persiano, “Fully secure anonymous hibe and se-cret-key anonymous ibe with short ciphertexts,” Pairing-Based Cryptog-raphy-Pairing 2010, pp. 347–366, 2010.
[9] C. Dong, G. Russello, and N. Dulay, “Shared and searchable encrypted data for untrusted servers,” Journal of Computer Security, vol. 19, no. 3, pp. 367–397, 2011.
[10] T. ElGamal, “A public key cryptosystem and a signature scheme based on dis-crete logarithms,” in Advances in Cryptology, 1985, pp. 10–18.
[11] D. Freeman, “Constructing pairing-friendly elliptic curves with embedding de-gree 10,” Algorithmic Number Theory, pp. 452–465, 2006.
[12] D. Freeman, “Converting pairing-based cryptosystems from composite-order groups to prime-order groups,” Advances in Cryptology–EUROCRYPT 2010, pp.
44–61, 2010.
[13] M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in Applied Cryptography and Network Security, 2007, pp. 288–306.
[14] E. J. Goh, “Secure indexes,” Technical Report 2003/216, IACR ePrint Cryptog-raphy Archive (2003), http://eprint.iacr.org/2003/216
[15] P. Golle, J. Staddon, and B. Waters, “Secure conjunctive keyword search over encrypted data,” in Applied Cryptography and Network Security, 2004, pp. 31–
45.
[16] J. Hoffstein, J. C. Pipher, and J. H. Silverman, An introduction to mathematical cryptography. Springer Verlag, 2008.
[17] V. Iovino, and G. Persiano, “Hidden-vector encryption with groups of prime order,” Pairing-Based Cryptography–Pairing 2008, pp. 75–88, 2008.
[18] A. Ivan and Y. Dodis, “Proxy cryptography revisited,” in Proceedings of the Network and Distributed System Security Symposium (NDSS), 2003.
[19] M. Jakobsson, “On quorum controlled asymmetric proxy re-encryption,” in Pub-lic Key Cryptography, 1999, pp. 632–632.
[20] J. Katz, A. Sahai, and B. Waters, “Predicate encryption supporting disjunctions, polynomial equations, and inner products,” in Proceedings of the Theory and
Applications of Cryptographic Techniques 27th Annual International Conference on Advances in Cryptology, 2008, pp. 146–162.
[21]N. Koblitz and A. Menezes, “Pairing-based cryptography at high security levels,”
Cryptography and Coding, pp. 13–36, 2005.
[22] A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters, “Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption,” Advances in Cryptology–EUROCRYPT 2010, pp. 62–91, 2010.
[23] B. Lynn, “PBC library–the pairing-based cryptography library,”
http://crypto.stanford.edu/pbc/
[24] V. Miller, “Short programs for functions on curves,” Unpublished manuscript, vol. 97, pp. 101–102, 1986.
[25] A. Miyaji, M. Nakabayashi, and S. Takano, “New explicit conditions of elliptic curve traces for FR-reduction,” IEICE Transactions on Fundamentals of Elec-tronics, Communications and Computer Sciences, 2001.
[26] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” Advances in Cryp-tology–EUROCRYPT 2005, pp. 557–557, 2005.
[27] S. Sedghi, J. Doumen, P. Hartel, and W. Jonker, “Towards an information theo-retic analysis of searchable encryption,” Information and Communications Secu-rity, pp. 345–360, 2008.
[28] L. C. Washington, Elliptic curves: number theory and cryptography, vol. 50.
Chapman & Hall, 2008.
[29] “NIST Recommended Key Sizes.”
http://www.nsa.gov/business/programs/elliptic_curve.shtml.
Appendix : Source Code
We call our construction as EPSE, where E stands for Elliptic curve cryptography, P for Proxy Encryption, SE stands for Searchable Encryp-tion. The following is our C code for our construction: A.1 gives our header file, A.2 gives an example test file of using our construction head-er file, and A.3 is our EPSE.c code.