The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Un chiffrement authentifié par clé publique avec recherche par mot-clé (PAEKS) a été proposé, dans lequel la clé secrète de l'expéditeur est requise pour le chiffrement et une trappe est associée non seulement à un mot-clé mais également à l'expéditeur. Ce paramètre nous permet d'empêcher les fuites d'informations sur les mots-clés provenant des trappes. Liu et coll. (ASIACCS 2022) a proposé une construction générique de PAEKS basée sur des fonctions de hachage projective lisse (SPHF) indépendantes des mots et des PEKS. Dans cet article, nous proposons une nouvelle construction générique de PAEKS, qui est plus efficace que celle de Liu et al. dans le sens où nous n'utilisons qu'un seul SPHF, mais Liu et al. utilisé deux SPHF. De plus, par souci de cohérence, nous avons considéré un modèle de sécurité plus solide que celui de Liu et al. En bref, Liu et al. pris en compte uniquement les mots-clés même si une trappe est associée non seulement à un mot-clé mais également à un expéditeur. Ainsi, une trappe associée à un expéditeur ne devrait pas fonctionner contre les textes chiffrés générés par la clé secrète d'un autre expéditeur, même si le même mot-clé est associé. Autrement dit, dans les définitions précédentes, il est possible qu'un texte chiffré puisse être recherché même si l'expéditeur n'a pas été spécifié lors de la génération de la trappe, ce qui viole l'authenticité de PAKES. Notre définition de cohérence prend en compte un paramètre multi-expéditeurs et capture ce cas. De plus, pour l’indiscernabilité contre une attaque par mot-clé choisi (IND-CKA) et l’indiscernabilité contre une attaque par mot-clé interne (IND-IKGA), nous utilisons un modèle de sécurité plus fort défini par Qin et al. (ProvSec 2021), où un adversaire est autorisé à interroger des mots-clés de défi aux oracles de chiffrement et de trappe. Nous soulignons également plusieurs problèmes associés à l'étude de Liu et al. construction en termes de fonctions de hachage, par exemple, leur construction ne satisfait pas à la cohérence qu'ils prétendaient détenir.
Keita EMURA
Kanazawa University,National Institute of Information and Communications Technology (NICT)
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Keita EMURA, "Generic Construction of Public-Key Authenticated Encryption with Keyword Search Revisited" in IEICE TRANSACTIONS on Fundamentals,
vol. E107-A, no. 3, pp. 260-274, March 2024, doi: 10.1587/transfun.2023CIP0005.
Abstract: Public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender's secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. This setting allows us to prevent information leakage of keyword from trapdoors. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS, which is more efficient than Liu et al.'s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.'s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. That is, in the previous definitions, there is room for a ciphertext to be searchable even though the sender was not specified when the trapdoor is generated, that violates the authenticity of PAKES. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2023CIP0005/_p
Copier
@ARTICLE{e107-a_3_260,
author={Keita EMURA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Generic Construction of Public-Key Authenticated Encryption with Keyword Search Revisited},
year={2024},
volume={E107-A},
number={3},
pages={260-274},
abstract={Public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender's secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. This setting allows us to prevent information leakage of keyword from trapdoors. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS, which is more efficient than Liu et al.'s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.'s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. That is, in the previous definitions, there is room for a ciphertext to be searchable even though the sender was not specified when the trapdoor is generated, that violates the authenticity of PAKES. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold.},
keywords={},
doi={10.1587/transfun.2023CIP0005},
ISSN={1745-1337},
month={March},}
Copier
TY - JOUR
TI - Generic Construction of Public-Key Authenticated Encryption with Keyword Search Revisited
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 260
EP - 274
AU - Keita EMURA
PY - 2024
DO - 10.1587/transfun.2023CIP0005
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E107-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2024
AB - Public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender's secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. This setting allows us to prevent information leakage of keyword from trapdoors. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS, which is more efficient than Liu et al.'s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.'s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. That is, in the previous definitions, there is room for a ciphertext to be searchable even though the sender was not specified when the trapdoor is generated, that violates the authenticity of PAKES. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold.
ER -