Danial Shiraly; Nasrollah Pakniat; Ziba Eslami
Abstract
Public key encryption with keyword search (PEKS) is a cryptographic primitive designed for performing secure search operations over encrypted data stored on untrusted cloud servers. However, in some applications of cloud computing, there is a hierarchical access-privilege setup among users so that upper-level ...
Read More
Public key encryption with keyword search (PEKS) is a cryptographic primitive designed for performing secure search operations over encrypted data stored on untrusted cloud servers. However, in some applications of cloud computing, there is a hierarchical access-privilege setup among users so that upper-level users should be able to monitor data used by lower-level ones in the hierarchy. To support such situations, Wang et al. introduced the notion of hierarchical ID-based searchable encryption. However, Wang et al.'s construction suffers from a serious security problem. To provide a PEKS scheme that securely supports hierarchical structures, Li et al. introduced the notion of hierarchical public key encryption with keyword search (HPEKS). However, Li et al.'s HPEKS scheme is established on traditional public key infrastructure (PKI) which suffers from costly certificate management problem. To address these issues, in this paper, we consider designated-server HPEKS in identity-based setting. We introduce the notion of designated-server hierarchical identity-based searchable encryption (dHIBSE) and provide a formal definition of its security model. We then propose a dHIBSE scheme and prove its security under our model. Finally, we provide performance analysis as well as comparisons with related schemes to show the overall superiority of our dHIBSE scheme.
Hamid Mala; Mohammad Reza Saeidi
Abstract
In the last two decades bilinear pairings have found many applications in cryptography. Meanwhile identity-based cryptosystems based on bilinear pairings have received particular attention. The IEEE, IETF, and ISO organizations have been working on standardization of pairing-based cryptographic schemes. ...
Read More
In the last two decades bilinear pairings have found many applications in cryptography. Meanwhile identity-based cryptosystems based on bilinear pairings have received particular attention. The IEEE, IETF, and ISO organizations have been working on standardization of pairing-based cryptographic schemes. The Boneh-Franklin identity-based encryption and Sakai-Kasahara identity-based signature are the most well-known identity-based schemes that have been standardized. So far, various schemes have been proposed to reduce the computational overhead of pairing operations. All these schemes are trying to outsource pairing operations in a secure manner. But besides pairing operations, there are other basic and costly operations in pairing-based cryptography and identity-based schemes, including scalar multiplication on elliptic curves. In this research, we outsource the Boneh-Franklin encryption in a more secure and efficient (in terms of computational and communication complexity) way than existing schemes. Also we outsource the BLMQ signature (based on Sakai-Kasahara) scheme for the first time. The proposed schemes are secure in the OMTUP model. Also, unlike previous schemes, we considered communication channels insecure. Moreover, compared with the trivial solution which outsources every single operation (such as pairing, scalar multiplication and modular exponentiation) as a separate subroutine, our schemes offer less complexity by seamlessly outsourcing the whole encryption scheme for the first time.