Shuo Qiu

Attribute-Based Proxy Re-Encryption with Keyword Search

Keyword search on encrypted data allows one to issue the search token and conduct search operations on encrypted data while still preserving keyword privacy. In the present paper, we consider the keyword search problem further and introduce a novel notion called attribute-based proxy re-encryption with keyword search (), which introduces a promising feature: In addition to supporting keyword search on encrypted data, it enables data owners to delegate the keyword search capability to some other data users complying with the specific access control policy. To be specific, allows (i) the data owner to outsource his encrypted data to the cloud and then ask the cloud to conduct keyword search on outsourced encrypted data with the given search token, and (ii) the data owner to delegate other data users keyword search capability in the fine-grained access control manner through allowing the cloud to re-encrypted stored encrypted data with a re-encrypted data (embedding with some form of access control policy). We formalize the syntax and security definitions for , and propose two concrete constructions for : key-policy and ciphertext-policy . In the nutshell, our constructions can be treated as the integration of technologies in the fields of attribute-based cryptography and proxy re-encryption cryptography.

Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack

Attribute-based encryption with keyword search (ABKS) enables data owners to grant their search capabilities to other users by enforcing an access control policy over the outsourced encrypted data. However, existing ABKS schemes cannot guarantee the privacy of the access structures, which may contain some sensitive private information. Furthermore, resulting from the exposure of the access structures, ABKS schemes are susceptible to an off-line keyword guessing attack if the keyword space has a polynomial size. To solve these problems, we propose a novel primitive named hidden policy ciphertext-policy attribute-based encryption with keyword search (HP-CPABKS). With our primitive, the data user is unable to search on encrypted data and learn any information about the access structure if his/her attribute credentials cannot satisfy the access control policy specified by the data owner. We present a rigorous selective security analysis of the proposed HP-CPABKS scheme, which simultaneously keeps the indistinguishability of the keywords and the access structures. Finally, the performance evaluation verifies that our proposed scheme is efficient and practical.创新点在基于属性的可检索加密方案中, 数据拥有者可以通过设定访问控制策略将自己的密文检索能力授权给其他用户, 实现了云环境下的数据共享。但是, 现有基于属性的可检索方案都未考虑密文策略的隐私性, 因此无法抵抗关键字猜测攻击。为了解决以上问题, 本文使用非对称双线性映射, 提出了一种可抵抗关键字猜测攻击的隐藏策略属性基可检索加密方案HP-CPABKS, 成功实现密文策略的隐藏, 从而抵抗了关键字猜测攻击。且通过理论和实验分析了其效率。

CreditCoin: A Privacy-Preserving Blockchain-Based Incentive Announcement Network for Communications of Smart Vehicles

The vehicular announcement network is one of the most promising utilities in the communications of smart vehicles and in the smart transportation systems. In general, there are two major issues in building an effective vehicular announcement network. First, it is difficult to forward reliable announcements without revealing users’ identities. Second, users usually lack the motivation to forward announcements. In this paper, we endeavor to resolve these two issues through proposing an effective announcement network called CreditCoin, a novel privacy-preserving incentive announcement network based on Blockchain via an efficient anonymous vehicular announcement aggregation protocol. On the one hand, CreditCoin allows nondeterministic different signers (i.e., users) to generate the signatures and to send announcements anonymously in the nonfully trusted environment. On the other hand, with Blockchain, CreditCoin motivates users with incentives to share traffic information. In addition, transactions and account information in CreditCoin are tamper-resistant. CreditCoin also achieves conditional privacy since Trace manager in CreditCoin traces malicious users’ identities in anonymous announcements with related transactions. CreditCoin thus is able to motivate users to forward announcements anonymously and reliably. Extensive experimental results show that CreditCoin is efficient and practical in simulations of smart transportation.

Deterministic attribute-based encryption

Attribute-based encryption enables data owners to share their information by specifying access control policies while outsourcing their encrypted data to the cloud. However, there are no efficient searchable schemes over encrypted data in attribute-based setting. In this paper, we propose a novel primitive called deterministic attribute-based encryption DABE, which simultaneously supports data sharing and retrieving in time logarithmic in the size of the database. We formalise the security properties for DABE with respect to auxiliary inputs. Furthermore, we propose a generic construction in the random oracle model and a selectively secure concrete key-policy DABE in the standard model under decisional bilinear Diffie-Hellman assumption.

Identity-Based Symmetric Private Set Intersection

A private set intersection (PSI) protocol enables two parties to privately compute the intersection of their inputs. Most of its previous versions are unilateral, that is, only one party can learn the intersection and the other learns nothing. Many applications require that both parties can obtain the final result. Whats more, all of the previous PSI protocols are based on traditional PKI. In this paper, we first present the cryptographic primitive of identity-based symmetric private set intersection (IBSPSI) protocol and give the first construction. To get an efficient construction, we propose an identity-based proxyre-encryption scheme using combined public keys(IBR-CPK), which is the first identity-based proxy re-encryption without pairing. Our IBR-CPK scheme almost as efficient as traditional ECC. It is not only ensures the privacy of the information during the transmission process but also holds perfect additive homomorphism. The IBSPSI protocol that we construct based on IBR-CPK efficiently solves the unilateral PSI problem and simplifies the certificate management. We prove that our IBSPSI protocol achieves perfect privacy in the semi-honest model.

Locally private Jaccard similarity estimation: Locally Private Jaccard Similarity Estimation

Jaccard Similarity has been widely used to measure the distance between two sets (or preference profiles) owned by two different users. Yet, in the private data collection scenario, it requires the untrusted curator could only estimate an approximately accurate Jaccard similarity of the involved users but without being allowed to access their preference profiles. This paper aims to address the above requirements by considering the local differential privacy model. To achieve this, we initially focused on a particular hash technique, MinHash, which was originally invented to estimate the Jaccard similarity efficiently. We designed the PrivMin algorithm to achieve the perturbation of MinHash signature by adopting Exponential mechanism and build the Locally Differentially Private Jaccard Similarity Estimation (LDP‐JSE) protocol for allowing the untrusted curator to approximately estimate Jaccard similarity. Theoretical and empirical results demonstrate that the proposed protocol can retain a highly acceptable utility of the estimated similarity as well as preserving privacy.

Toward Practical Privacy-Preserving Frequent Itemset Mining on Encrypted Cloud Data

Frequent itemset mining, which is the essential operation in association rule mining, is one of the most widely used data mining techniques on massive datasets nowadays. With the dramatic increase on the scale of datasets collected and stored with cloud services in recent years, it is promising to carry this computation-intensive mining process in the cloud. Amount of work also transferred the approximate mining computation into the exact computation, where such methods not only improve the accuracy also aim to enhance the efficiency. However, while mining data stored on public clouds, it inevitably introduces privacy concerns on sensitive datasets. In this paper, we propose a new framework for enforcing privacy in frequent itemset mining, where data are both collected and mined in an encrypted form in a public cloud service. We specifically design three secure frequent itemset mining protocols on top of this framework. Our first protocol achieves more efficient mining performance while our second protocol provides a stronger privacy guarantee. In order to further optimize the performance of the second protocol, we leverage a minor trade-off of privacy to get our third protocol. Finally, we evaluate the performance of our protocols with extensive experiments, and the results demonstrate that our protocols obviously outperform previous solutions in performance with the same security level.

Multi-party identity-based symmetric privacy-preserving matching with cloud storage

In this paper, we address the problem of multi-party privacy-preserving matching (PPM) over the encrypted data. We firstly construct an efficient identity-based re-encryption scheme like ElGmal (IBR-ElGmal) using combined public keys, which not only ensures the privacy of the information during the transmission process but also holds perfect multiplicative homomorphic property. Then we construct a multi-party identity-based symmetric privacy-preserving matching (M-IBSPM) protocol based on IBR-ElGmal scheme in cloud environments, which realizes the privacy-preserving matching among multiple different parties as well as getting the symmetric output. Furthermore, with our M-IBSPM protocol, most of the computation costs are taken over by cloud service provider without leaking any privacy, and our protocol achieves perfect security and privacy in the semi-honest model. Finally, we analyze the efficiency for our protocol.