The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Foi proposta a criptografia autenticada por chave pública com pesquisa por palavra-chave (PAEKS), onde a chave secreta do remetente é necessária para a criptografia e um alçapão é associado não apenas a uma palavra-chave, mas também ao remetente. Essa configuração nos permite evitar o vazamento de informações de palavras-chave em alçapões. Liu et al. (ASIACCS 2022) propôs uma construção genérica de PAEKS baseada em funções hash projetivas suaves independentes de palavras (SPHFs) e PEKS. Neste artigo, propomos uma nova construção genérica de PAEKS, que é mais eficiente que a de Liu et al. No sentido de que usamos apenas um SPHF, mas Liu et al. usou dois SPHFs. Além disso, para fins de consistência, consideramos um modelo de segurança mais forte que o de Liu et al. Resumidamente, Liu et al. considerado apenas palavras-chave, embora um alçapão esteja associado não apenas a uma palavra-chave, mas também a um remetente. Assim, um alçapão associado a um remetente não deve funcionar contra textos cifrados gerados pela chave secreta de outro remetente, mesmo que a mesma palavra-chave esteja associada. Ou seja, nas definições anteriores, há espaço para um texto cifrado ser pesquisável mesmo que o remetente não tenha sido especificado quando o alçapão é gerado, o que viola a autenticidade do PAKES. Nossa definição de consistência considera uma configuração multi-remetente e captura esse caso. Além disso, para indistinguibilidade contra ataque de palavra-chave escolhida (IND-CKA) e indistinguibilidade contra ataque de adivinhação de palavra-chave interna (IND-IKGA), usamos um modelo de segurança mais forte definido por Qin et al. (ProvSec 2021), onde um adversário pode consultar palavras-chave desafiadoras para os oráculos de criptografia e alçapão. Destacamos também várias questões associadas ao estudo de Liu et al. construção em termos de funções hash, por exemplo, sua construção não satisfaz a consistência que afirmam ter.
Keita EMURA
Kanazawa University,National Institute of Information and Communications Technology (NICT)
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Keita EMURA, "Generic Construction of Public-Key Authenticated Encryption with Keyword Search Revisited" in IEICE TRANSACTIONS on Fundamentals,
vol. E107-A, no. 3, pp. 260-274, March 2024, doi: 10.1587/transfun.2023CIP0005.
Abstract: Public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender's secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. This setting allows us to prevent information leakage of keyword from trapdoors. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS, which is more efficient than Liu et al.'s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.'s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. That is, in the previous definitions, there is room for a ciphertext to be searchable even though the sender was not specified when the trapdoor is generated, that violates the authenticity of PAKES. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2023CIP0005/_p
Copiar
@ARTICLE{e107-a_3_260,
author={Keita EMURA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Generic Construction of Public-Key Authenticated Encryption with Keyword Search Revisited},
year={2024},
volume={E107-A},
number={3},
pages={260-274},
abstract={Public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender's secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. This setting allows us to prevent information leakage of keyword from trapdoors. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS, which is more efficient than Liu et al.'s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.'s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. That is, in the previous definitions, there is room for a ciphertext to be searchable even though the sender was not specified when the trapdoor is generated, that violates the authenticity of PAKES. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold.},
keywords={},
doi={10.1587/transfun.2023CIP0005},
ISSN={1745-1337},
month={March},}
Copiar
TY - JOUR
TI - Generic Construction of Public-Key Authenticated Encryption with Keyword Search Revisited
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 260
EP - 274
AU - Keita EMURA
PY - 2024
DO - 10.1587/transfun.2023CIP0005
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E107-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2024
AB - Public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender's secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. This setting allows us to prevent information leakage of keyword from trapdoors. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS, which is more efficient than Liu et al.'s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.'s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. That is, in the previous definitions, there is room for a ciphertext to be searchable even though the sender was not specified when the trapdoor is generated, that violates the authenticity of PAKES. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold.
ER -