2016.01.28_ Liudx's Report on PKE-AET（I）

PKE-AET：Public Key Encryption with Authorized Equality Test

PKE-AET 密文相等性测试公钥加密机制。经授权的用户有权检测用不同公钥加密的两个密文是否相等（检测密文而不是明文）。

PKE-AET提出了两种授权方式：Receiver‘s warrants 和 cipher-warrants.

Reciever‘s warrants：Receiver 对 Tester授权（Receiver’s Warrant），tester 可以对receiver的所有密文进行测试。

Tester‘s warrants：Receiver 将自己的某一个特定密文对 Tester 授权（Cipher’s Warrant），tester只能对receiver 的某个特定密文进行测试。

补充：PEKS：Public key Encryption scheme with Keyword Search（可搜索密文关键字的公钥加密机制）

Sender—original ciphertext & encrypted keyword

Receiver—trapdoors for keywords

Server—test ciphertext and trapdoors，return ciphertexts which matched

PEKS不足之处：只能对由相同公钥加密的密文进行相等性测试。

补充：相等性测试

输入：Enc(pk,m) 和Enc(pk′,m′)。

输出：m=m′， 返回1 ； m!=m′，返回0.

Def of PKE-AET

SenderA+PKA=CA+WA

SenderB+PKB=CB+WB （Tester is permitted to test on B’s ciphertext）

If，A authorized a warrant（rw or cw）to Tester，the Tester can verify the equivalence of CA and CB without decryption.

(???是CA 和CB还是 WA 和 WB)

Framework of PKE-AET

Assume：Tester owns(sk1,pk1);

Setup：λ—>pp(a series of public params) and publishes to all users[by setup algorithm]

KeyGeneration：pp—>pk，sk [by generation algorithm ]

Encryption：pk+m—>c [by encryption algorithm ]

Decryption：sk+c—>m [by decryption algorithm ]

Authorization：Receiver gives rw or cw corresponding to a specific c. [by authorization algorithm ]

authorization algorithm

Autr: sk+pkt——All ciphertext encrypted under pk is equality testable for tester.

Autc: sk+pkt+c——A specific ciphertext c encrypted under pk is equality testable for tester.

Verification：

verification algorithm

Verr：on input pk and skt [rw]；

Verc：on input pk 、skt and c [cw].

Test：ciphertext c、c′ ，wattants w、w′，tester’s secrect key skt

Test(c,w,c′,w′,skt)

Properties of PKE-AET

Property	Detail
Correctness	∀m∈G,Pr[Dec(sk,Enc(pk,m))=m]=1
Consistency	∀m,m′≠⊥∧m=m′,Pr[1←Test(c,w,c′,w′,skt)]=1
Soundness	∀m,m′≠⊥∧m≠m′,Pr[1←Test(c,w,c′,w′,skt)]≤ϵ（λ）
Compatibility	∀w∈{rw,cw},∀w′∈{rw′,cw′},Test(c,w,c′,w′,skt) isidentical.

正确性：已知sk 和密文（pk+m）能解密出明文；

一致性：对于相同的密文，Test结果是1的概率（Pr）是1；

完整性：对于不同的密文，Test结果是1的概率可以忽略不计；

通用性：∀w∈{rw,cw},∀w′∈{rw′,cw′}，Test(c,w,c′,w′,skt)都是恒等的。

Sumarry

输入安全参数λ，通过setup算法产生一系列公共参数pp，分发给系统中的所有用户；

输入一个pp（接受者的），通过keygeneration算法产生（pk,sk）一对密钥——这对密钥代表接收者；

（发送者）利用pk加密明文m，产生密文c；

接收者对信任的用户(这里指Tester[pkt,skt])进行授权（rw，cw）；

sk+pkt→rw [ all ciphertext]

sk+pkt+c→cw [ciphertext c]

Tester进行相等性测试。

Test(c,w,c′,w′,skt)

Contrast with PKEET-FA

In order to prevent the attacker from doing the public test at random without obtaining the data owner’s permission,onliy with permissions and authorizations from the data owners can someone do the test.

(Assumed Alice is a receiver.)PKEET-FA proposed four types of authorization:

User Level: All cyphertexts of Alice could be compared with all cyphertexts of any other receivers.

[All Cyphertexts to All Cyphertexts of Any other Receivers]

Cyphertext Level: A specific cyphertext of Alice could be compared with a specific cyphertext of any other receivers.

[A Specific Cyphertext to A Specific Cyphertext of Any other Receivers]

User−specific cyphertext Level: A specific cyphertext of Alice could be only compared with a specific cyphertexts of a specific receiver.

[A Specific Cyphertext to A Specific Cyphertext of A Specific Receiver]

Cyphertext−to−user Level: A specific cyphertext of Alice could be compared with all cyphertexts of any other receivers.

[A Specific Cyphertext to All Cyphertext of Any other Receivers]

Similarity	Difference
Autr和User Level类似，User Level=Test(c,rw,c′,rw′∥∀skt);Autc和Cyphertext Level类似,Cyphertext Level=Test(c,cw,c′,cw′∥∀skt)。	User−Specific CyphertextLevel=Test(c,cw,c′,cw′,skt);Cyphertext−to−UserLevel=Test(c,cw,c′,rw′∥∀skt)。

PKEET-FA和PKE-AET的最主要的区别在于：

PKEET−FA既可以对任何一个Tester授权（rw,cw）,也可以只对特定的Tester授权（cw）.