Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions

Abdalla, Michel; Bellare, Mihir; Catalano, Dario; Kiltz, Eike; Kohno, Tadayoshi; Lange, Tanja; Malone-Lee, John; Neven, Gregory; Paillier, Pascal; Shi, Haixia

doi:10.1007/s00145-007-9006-6

Cited by 284 publications

(150 citation statements)

References 24 publications

Supporting

Mentioning

147

Contrasting

Unclassified

Order By: Relevance

“…The concept of anonymity for encryption schemes has been around for sometime but was first formalized in the context of symmetric-key encryption [1,11,14] and was later extended to the case of public-key encryption (PKE) and identity-based encryption (IBE) [5,2]. Several PKE and IBE schemes in the literature such as the Cramer-Shoup [10], and the Boyen-Waters [9] in the standard model, and DHIES [4] and Boneh-Franklin [8] in the random oracle model are shown to be anonymous.…”

Section: Anonymity Of Hybrid Encryption Schemesmentioning

confidence: 99%

“…Traditionally, the definitions of privacy [15,19,12] and anonymity [5,2] for encryption schemes are introduced separately. However, when considering robustness, it makes sense to consider both notions simultaneously.…”

Section: Preliminariesmentioning

confidence: 99%

“…Previous works on anonymous public-key and identity-based encryption [5,2] have studied this security notion and provided constructions satisfying it. However, in most scenarios in practice, PKE and IBE schemes are used in the KEM/DEM paradigm.…”

Section: Anonymous-cca Hybrid Encryptionmentioning

confidence: 99%

“…Furthermore, it is sufficient for us to let k = 256 where r is chosen from {0, 1} k . 2 This means that the PKE scheme has to encrypt a message that is only 256 bits longer than the original message and the ciphertext is at most expanded by an additive factor of 384 bits as opposed to 768 bits in construction of Abdalla et al [3]. Proof.…”

Section: Id)mentioning

confidence: 99%

“…Two such properties, which have been the subject of formal studies in the cryptographic literature, are anonymity [5,2] and robustness [3]. Anonymity helps keep the identity of the key-holders in an encryption scheme private, while robustness provides a layer of protection against misuse or error by ensuring that a single ciphertext can only be decrypted by the intended user.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A Closer Look at Anonymity and Robustness in Encryption Schemes

Mohassel

2010

Advances in Cryptology - ASIACRYPT 2010

View full text Add to dashboard Cite

Abstract. In this work, we take a closer look at anonymity and robustness in encryption schemes. Roughly speaking, an anonymous encryption scheme hides the identity of the secret-key holder, while a robust encryption scheme guarantees that every ciphertext can only be decrypted to a valid plaintext under the intended recipient's secret key.In case of anonymous encryption, we show that if an anonymous PKE or IBE scheme (in presence of CCA attacks) is used in a hybrid encryption, all bets regarding the anonymity of the resulting encryption are off. We show that this is the case even if the symmetric-key component is anonymous. On the positive side, however, we prove that if the keyencapsulation method is, additionally weakly robust the resulting hybrid encryption remains anonymous. Some of the existing anonymous encryption schemes are known to be weakly robust which makes them more desirable in practice.In case of robust encryption, we design several efficient constructions for transforming any PKE/IBE scheme into weakly and strongly robust ones. Our constructions only add a minor computational overhead to the original schemes, while achieving better ciphertext sizes compared to the previous constructions. An important property of our transformations is that they are non-keyed and do not require any modifications to the public parameters of the original schemes.We also introduce a relaxation of the notion of robustness we call collision-freeness. We primarily use collision-freeness as an intermediate notion by showing a more efficient construction for transforming any collision-free encryption scheme into a strongly robust one. We believe that this simple notion can be a plausible replacement for robustness in some scenarios in practice. The advantage is that most existing schemes seem to satisfy collision-freeness without any modifications.

show abstract

Section: Anonymity Of Hybrid Encryption Schemesmentioning

confidence: 99%

Section: Preliminariesmentioning

confidence: 99%

Section: Anonymous-cca Hybrid Encryptionmentioning

confidence: 99%

Section: Id)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Closer Look at Anonymity and Robustness in Encryption Schemes

Mohassel

2010

Advances in Cryptology - ASIACRYPT 2010

View full text Add to dashboard Cite

show abstract

Privacy‐preserving data search and sharing protocol for social networks through wireless applications

Wang

Chen

2016

Concurrency and Computation

View full text Add to dashboard Cite

SUMMARYData search and sharing are two important functionalities in social networks. The social network users can form a peer-to-peer group and securely and flexibly search and share cloud data through wireless applications. When the number of users increases, the communication, storage, and computational overheads will be increased, and the quality of services such as searching and data sharing for clients could be affected. In order to solve these problems, we formalize an ID-based multi-user searchable encryption (IDB-MUSE) and formally define its security model, where the security notions accommodate indistinguishability against insider's keyword guessing attack, indistinguishability against chosen keyword attack, and indistinguishability against insider's identity guessing attack. We present an IDB-MUSE scheme, where the index and search trapdoor are of constant size. We formally prove its security properties. To improve the search efficiency, we divide the computation of the trapdoor into two phases, that is, the offline phase and the online phase. The computation cost for the online phase trapdoor remains constant with respect to the number of users. Based on the IDB-MUSE scheme, a privacy-preserving data search and sharing protocol is proposed, where only the authorized user can access the shared group data. It captures the properties of source authenticity, data and search pattern privacy-preserving, anonymity, and request unlinkability. The experimental results show that the protocol is practical for wireless applications. Copyright © 2016 John Wiley & Sons, Ltd.Received 11 December 2015; Revised 9 March 2016; Accepted 11 April 2016 KEY WORDS: social network; peer-to-peer group; searchable encryption; data sharing; insider attack; anonymity INTRODUCTIONData search and sharing are widely used in social networks. As there is no group manager, the users in social networks form a peer-to-peer group. With the popularity of wireless communication, users usually search and share their data through wireless devices, which offer great convenience and flexibility. However, the wireless devices usually have a limited storage. Therefore, the social networks users often outsource their data to cloud, for example, the dropbox [1], amazon cloud [2], google cloud [3], and others, because of their great advantages of the powerful computation capability, the abundant storage resource and the on demand high-quality services.As a common scenario shown in Figure 1, a group of social network users access and share the cloud data through their mobile phones, laptops, and smart watches. They can outsource their shared data on the cloud storage, while any authorized user in the social network can access the data through their mobile devices. The privacy protection and system performance are regarded as two major concerns when social network users retrieve and share the cloud data via these resource constrained mobile devices.As the data is outsourced to the cloud and the cloud server may be untrusted, it need to protect the dat...

show abstract

An efficient KP design framework of attribute‐based searchable encryption for user level revocation in cloud

Mamta

Gupta

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary Attribute‐based searchable encryption (ABSE) is the combination of attribute‐based encryption (ABE) and searchable encryption with the inherent benefits of fine‐grained access control and expressive searching capabilities in multiuser setting. In this paper, we have used the key‐policy (KP) design framework of ABE and named the scheme KP‐ABSE. The proposed KP‐ABSE scheme efficiently supports user revocation where the computationally intensive tasks are delegated to the cloud server. Furthermore, the proposed scheme generates constant‐size user secret keys and trapdoors and has constant number of pairing operations, which in other schemes typically varies with the number of attributes associated with them. Thus, the proposed scheme reduces computational and storage costs and supports fast searching. Finally, the proposed scheme can be proven secure under a decision linear assumption in a selective security model.

show abstract

Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions

Cited by 284 publications

References 24 publications

A Closer Look at Anonymity and Robustness in Encryption Schemes

A Closer Look at Anonymity and Robustness in Encryption Schemes

Privacy‐preserving data search and sharing protocol for social networks through wireless applications

An efficient KP design framework of attribute‐based searchable encryption for user level revocation in cloud

Contact Info

Product

Resources

About