• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권9호
• /
• pp.3087-3103
• /
• 2022

Nearest neighbor query in location-based services has become a popular application. Aiming at the shortcomings of the privacy protection algorithms of traditional ciphertext nearest neighbor query having the high system overhead because of the usage of the double Hilbert curves and having the inaccurate query results in some special circumstances, a privacy protection algorithm of ciphertext nearest neighbor query which is based on the single Hilbert curve has been proposed. This algorithm uses a single Hilbert curve to transform the two-dimensional coordinates of the points of interest into Hilbert values, and then encrypts them by the order preserving encryption scheme to obtain the one-dimensional ciphertext data which can be compared in numerical size. Then stores the points of interest as elements composed of index value and the ciphertext of the other information about the points of interest on the server-side database. When the user needs to use the nearest neighbor query, firstly calls the approximate nearest neighbor query algorithm proposed in this paper to query on the server-side database, and then obtains the approximate nearest neighbor query results. After that, the accurate nearest neighbor query result can be obtained by calling the precision processing algorithm proposed in this paper. The experimental results show that this privacy protection algorithm of ciphertext nearest neighbor query which is based on the single Hilbert curve is not only feasible, but also optimizes the system overhead and the accuracy of ciphertext nearest neighbor query result.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권5호
• /
• pp.2629-2650
• /
• 2019

It is important to construct fully homomorphic encryption with ciphertext matrix that makes fully homomorphic encryption become very nature and simple. We present a general design method of constructing fully homomorphic encryption whose ciphertext is matrix. By using this design method, we can deduce a fully homomorphic encryption scheme step by step based on a basic encryption scheme. The process of deduction is similar to solving equation and the final output result is a fully homomorphic encryption scheme with ciphertext matrix. The idea of constructing ciphertext matrix is ciphertexts stack, which don't simply stack ciphertexts together but is to obtain the desired homomorphic property. We use decryption structure as tool to analyze homomorphic property and noise growth during homomorphic evaluation. By using this design method, we obtain three corresponding fully homomorphic encryption schemes. Our obtained fully homomorphic encryption schemes are more efficient. Finally, we introduce the adversary advantage and improve the previous method of estimating concert parameters of fully homomorphic encryption. We give the concert parameters of these schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권7호
• /
• pp.3339-3352
• /
• 2016

In ciphertext-policy attribute-based encryption (CP-ABE) scheme, a user's secret key is associated with a set of attributes, and the ciphertext is associated with an access policy. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. In the present schemes, access policy is sent to the decryptor along with the ciphertext, which means that the privacy of the encryptor is revealed. In order to solve such problem, we propose a CP-ABE scheme with hidden access policy, which is able to preserve the privacy of the encryptor and decryptor. And what's more in the present schemes, the users need to do excessive calculation for decryption to check whether their attributes match the access policy specified in the ciphertext or not, which makes the users do useless computation if the attributes don't match the hidden access policy. In order to solve efficiency issue, our scheme adds a testing phase to avoid the unnecessary operation above before decryption. The computation cost for the testing phase is much less than the decryption computation so that the efficiency in our scheme is improved. Meanwhile, our new scheme is proved to be selectively secure against chosen-plaintext attack under DDH assumption.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권12호
• /
• pp.4042-4061
• /
• 2022

Recently, various security threats such as data leakage and data forgery have been possible in the communication and storage of data shared in the cloud environment. This paper conducted a study on the CP-ABSC scheme to solve these security threats. In the existing CP-ABSC scheme, if the data is obtained by the unsigncryption of the data user incorrectly, the identity of the data owner who uploaded the ciphertext cannot be known. Also, when verifying the leaked secret key, the identity information of the data user who leaked the secret key cannot be known. In terms of efficiency, the number of attributes can affect the ciphertext. In addition, a large amount of computation is required for the user to unsigncrypt the ciphertext. In this paper, we propose ECP-ABSC that provides data user traceability, and use it in a cloud environment to provide an efficient and secure data sharing scheme. The proposed ECP-ABSC scheme can trace and verify the identity of the data owner who uploaded the ciphertext incorrectly and the data user who leaked the secret key for the first time. In addition, the ciphertext of a constant size is output and the efficiency of the user's unsigncryption computation were improved.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권3호
• /
• pp.1315-1329
• /
• 2018

Ciphertext-policy attribute-based encryption (CP-ABE) associates ciphertext with access policies. Only when the user's attributes satisfy the ciphertext's policy, they can be capable to decrypt the ciphertext. Expressivity and security are the two directions for the research of CP-ABE. Most of the existing schemes only consider monotonic access structures are selectively secure, resulting in lower expressivity and lower security. Therefore, fully secure CP-ABE schemes with non-monotonic access structure are desired. In the existing fully secure non-monotonic access structure CP-ABE schemes, the attributes that are set is bounded and a one-use constraint is required by these projects on attributes, and efficiency will be lost. In this paper, to overcome the flaw referred to above, we propose a new fully secure non-monotonic access structure CP-ABE. Our proposition enforces no constraints on the scale of the attributes that are set and permits attributes' unrestricted utilization. Furthermore, the scheme's public parameters are composed of a constant number of group elements. We further compare the performance of our scheme with former non-monotonic access structure ABE schemes. It is shown that our scheme has relatively lower computation cost and stronger security.

• 한국산업정보학회논문지
• /
• 제19권1호
• /
• pp.1-12
• /
• 2014

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

• ETRI Journal
• /
• 제34권1호
• /
• pp.142-145
• /
• 2012

The main challenge at present in constructing hierarchical identity-based encryption (HIBE) is to solve the trade-off between private-key size and ciphertext size. At least one private-key size or ciphertext size in the existing schemes must rely on the hierarchy depth. In this letter, a new hierarchical computing technique is introduced to HIBE. Unlike others, the proposed scheme, which consists of only two group elements, achieves constant-size private keys. In addition, the ciphertext consists of just three group elements, regardless of the hierarchy depth. To the best of our knowledge, it is the first efficient scheme where both ciphertexts and private keys achieve O(1)-size, which is the best trade-off between private-key size and ciphertext size at present. We also give the security proof in the selective-identity model.

• 한국인터넷방송통신학회논문지
• /
• 제8권6호
• /
• pp.15-20
• /
• 2008

증명 가능한 안전성은 암호에서 어떤 암호 시스템의 안전성을 정형적으로 증명하는데 널리 사용되어 왔다. 본 논문에서는, 적응적 선택 암호문 공격에 대해 안전하다고 증명된 Cramer-Shoup 공개키 암호 시스템을 분석하고, 그 안전성 증명이 일반적 의미에서의 적응적 선택 암호문 공격에 대해서는 완전하지 않음을 보인다. 향후 연구 방향으로는 크게 두 가지 방향을 생각할 수 있다. 첫째는, 일반적 의미에서의 적응적 선택 암호문 공격에 대해서 완전하도록 Cramer-Shoup 공개키 암호 시스템을 수정하는 것이며, 둘째는 현재의 Cramer-Shoup 공개키 암호 시스템에 대하여 성공적으로 적응적 선택 암호문 공격을 할 수 있는 예를 보이는 것이다.

• 전자공학회논문지
• /
• 제50권9호
• /
• pp.21-31
• /
• 2013

CP-ABE 방식은 신뢰된 서버 없이 접근 제어 메카니즘을 구현할 수 있다. 본 논문에서는 권한을 부여받은 사용자가 민감한 데이터에 접근할 수 있도록 CP-ABE 방식으로 속성기반 접근 제어 메카니즘을 제안한다. CP-ABE 개념은 암호문에서 접근 제어 방법을 포함하는 것이다. 만약 사용자가 암호문의 접근 구조를 통해 속성을 가진다면 암호문은 복호될 수 있다. 본 논문에서는 제안한 CP-ABE 방식이 비단조 접근 구조로 표현됨을 증명하고 다른 CP-ABE 방식들과 성능 비교한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권1호
• /
• pp.266-286
• /
• 2022

Public key encryption with keyword search (PEKS) allows a user to make search on ciphertexts without disclosing the information of encrypted messages and keywords. In practice, cryptographic operations often occur on insecure devices or mobile devices. But, these devices face the risk of being lost or stolen. Therefore, the secret keys stored on these devices are likely to be exposed. To handle the key exposure problem in PEKS, the notion of key-updatable PEKS (KU-PEKS) was proposed recently. In KU-PEKS, the users' keys can be updated as the system runs. Nevertheless, the existing KU-PEKS framework has some weaknesses. Firstly, it can't update the keyword ciphertexts on the storage server without leaking keyword information. Secondly, it needs to send the search tokens to the storage server by secure channels. Thirdly, it does not consider the search token security. In this work, a new PEKS framework named key-updatable and ciphertext-sharable PEKS (KU-CS-PEKS) is devised. This novel framework effectively overcomes the weaknesses in KU-PEKS and has the ciphertext sharing function which is not supported by KU-PEKS. The security notions for KU-CS-PEKS are formally defined and then a concrete KU-CS-PEKS scheme is proposed. The security proofs demonstrate that the KU-CS-PEKS scheme guarantees both the keyword ciphertext privacy and the search token privacy. The experimental results and comparisons bear out that the proposed scheme is practicable.