多媒體網路安全實驗室
Practical Searching Over
Encrypted Data By Private
Information Retrieval
Date：2011.05.19
Reporter: Chien-Wen Huang
出處:GLOBECOM 2010, 2010 IEEE Global Telecommunications
Conference
多媒體網路安全實驗室
Outline
1
INTRODUCTION
2
PREPARATION
3
4
PRIVATE INFORMATION RETRIEVAL
OUR PROPOSAL AND
PERFORMANCE ANALYSIS
5
3
COMPARISON
6
4
CONCLUSION
2
多媒體網路安全實驗室
1.INTRODUCTION
there are Sender and User (Receiver) who
want to communicate mainly via the “honestbut-curious” database.
 Sender: only permitted to send a couple of
keywords, but not the whole data which is
commonly a relatively large file(videos or photos)
 User: could efficiently search and retrieve the
information those Sender submitted
3
多媒體網路安全實驗室
2.PREPARATION
Boneh et al.proposed the scheme:
 PIR technique aims to retrieve the target data
Several techniques have been employed
 Bloom filter: used only as the intermediate storage
of the information on addresses of data
 color survival game
 modified encrypted data
4
多媒體網路安全實驗室
5
多媒體網路安全實驗室
Bloom Filters
It’s used to verify that some data is not in
the database (mismatch)
 List of bad credit card numbers
 Useful when the data consumes a very small
portion of search space
A bloom filter is a bit string
n hash functions that map the data into n
bits in the bloom filter
6
多媒體網路安全實驗室
Simple Example
Use a bloom filter of 16 bits
 h1(key) = key mod 16
 h2(key) = key mod 14 + 2
Insert numbers 27, 18, 29 and 28
1 1
1
1 1
1
1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
• Check for 22:

H1(22) = 6, h2(22) = 10 (not in filter)
• Check for 51:

H1(51) = 3, h2(51) = 11 (false positive)
7
多媒體網路安全實驗室
3.PRIVATE INFORMATION RETRIEVAL
A. IPIR
 Then he sends to DB a query of whole dataset,so
that DB replies all of dataset.
B. Block PIR
 uses multiple databases
 Like Chor et.al.(by 1995)
 BlockPIR scheme is secure, if DBs do not collude
together.
8
多媒體網路安全實驗室
C. Computational PIR
 Based on Paillier cryptosystem
 the computation cost instead of communication cost
here is the bottleneck of the operation time
The homomorphic encryption is assumed as
follows: E pk ( M 1 ) E pk ( M 2 )  E pk ( M 1  M 2 )
1)Compute n  pq and   lcm(p-1,q-1 )
*
*
2)Select random g  Zn and r  Z n
3) c  g m r n mod n 2
4)
2
9
多媒體網路安全實驗室
4.OUR PROPOSAL AND PERFORMANCE
ANALYSIS
A. Proposed Scheme
DB: has a size of N bits and can store n
messages in maximum.
Buffer: has a size of M bits(we assume M is a
square)
R(receiver): has the key pair and a length of
cipher text is k
S(sender): uses the keyword of w words
(k,m)-Bloom Filter: has k hash functions and
outputs value with a length of m bits.
10
多媒體網路安全實驗室
11
多媒體網路安全實驗室
Assume there are two buffers, Buffer1 and
Buffer2
1. S associates keyword W to the message M and
send E(M) to DB.
2. DB stores E(M) in main database, returns the
corresponding address ρ.
3. S inputs W to Bloom filter to get the k outputs as
addresses of Buffer(1,2)
4. S then encrypts the r copies of ρ as
and
writes them into r addresses of Buffer1 and Buffer2
5. S modifies the encrypted data
12
多媒體網路安全實驗室
R intends to search the keyword W associated
with the message from DB.
1) Input W to Bloom filter and get the k addresses
H(W) of Buffer.
2) Execute BlockPIR to the addresses k times, and
get k outputs of
.
a) R generates random vector   {0,1}m and  '    i
b) Repeat k times to recover
3) R decrypts
and gets
4) R executes CPIR to the ρ of DB and gets the M
associated with W.
13
多媒體網路安全實驗室
B. Performance of Previous Scheme
 the time required for CPIR is shown as follows:
C. Implementation with IPIR - For Comparison
 the time required for IPIR is shown as follows:
14
多媒體網路安全實驗室
D.Performance of Our Proposal
 it is obvious to see that by using BlockPIR the
computation cost is reduced a lot.
 the communication cost is also acceptable
considering the current networking technology.
15
多媒體網路安全實驗室
5. COMPARISON
16
多媒體網路安全實驗室
6.CONCLUSION
We have proposed a practical keyword search
scheme which performs better than the
previous work which is only theoretically
interesting but less of practice
A simple but effective modification to overcome
this problem, which greatly enhances the
performance and furthermore enables the
privacy-preserving outsourcing techniques
17
多媒體網路安全實驗室