WO2015088448A1 - Method for matching probabilistic encrypted data - Google Patents
Method for matching probabilistic encrypted data Download PDFInfo
- Publication number
- WO2015088448A1 WO2015088448A1 PCT/SG2014/000590 SG2014000590W WO2015088448A1 WO 2015088448 A1 WO2015088448 A1 WO 2015088448A1 SG 2014000590 W SG2014000590 W SG 2014000590W WO 2015088448 A1 WO2015088448 A1 WO 2015088448A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- cyclic group
- encrypted data
- data
- data value
- encrypted
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Definitions
- the present invention relates to a new method for matching probabilistic encrypted data.
- a user may delegate the data storage and query processing functions to an un-trusted third-party server. This gives rise to the need to safeguard and ensure the privacy of the database as well as the user queries being sent to the database.
- IT Information Technology
- a method of preserving data privacy is by applying a deterministic encryption scheme to the data record values before storing them in the un-trusted servers. Therefore the un-trusted servers only see the encrypted data record values and never see the actual data record values.
- this method of preserving data privacy is not secure. For example, it allows other parties to deduce whether two data record values are the same.
- the object of the invention is thus to overcome the above problems and provide a new method for matching probabilistic encryption data.
- a method for determining whether a first encrypted data of a first data value is equal to a second encrypted data of a second data value comprising the steps of composing a first cyclic group, the first cyclic group comprising a plurality of elements; and composing a second cyclic group, the second cyclic group comprising a plurality of elements including a first element.
- the method further comprises the step of applying a mathematical operation to the first cyclic group to map elements of the first cyclic group to one of the elements in the second cyclic group.
- the method further comprises the steps of randomly selecting a second element from the first cyclic group; and producing the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group.
- the method further comprises the steps of randomly selecting a third element from the first cyclic group; and producing the second encrypted data by mapping the third element and the second data value into one or more elements of the first cyclic group.
- the method further comprises the step of performing a test condition by applying the mathematical operation to the first encrypted data and the second encrypted data to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
- the method further comprises the steps of randomly selecting integers to form a secret key; and generating a token, the token being a function of the secret key.
- the step of producing the first encrypted data comprises the step of mapping the second element, the first data value and the secret key into one or more elements of the first cyclic group.
- the step of producing the second encrypted data comprises the step of mapping the third element, the second data value and the secret key into one or more elements of the first cyclic group.
- the step of performing a test condition comprises the step of applying the mathematical operation to the first encrypted data, the second encrypted data and the token.
- the mathematical operation is a bilinear mapping operation.
- the first element is an identity element of the second cyclic group.
- a method for determining which probabilistically encrypted values in a first set is equal to the probabilistically encrypted values in a second set comprising the steps of extracting a first data value from the first set; and extracting a second data value from the second set.
- the method further comprises the step of determining whether a first encrypted data of the first data value is equal to a second encrypted data of the second data value by using the method as described in the first aspect of the invention.
- a method for determining which probabilistically encrypted values in a first table is equal to the probabilistically encrypted values in a second table comprising the steps of extracting a first record from the first table, the first record having a first attribute with a first data value; and extracting a second record from the second table, the second record having a second attribute with a second data value.
- the method further comprises the step of determining whether a first encrypted data of the first data value is equal to a second encrypted data of the second data value by using the method as described in the first aspect of the invention.
- a system for determining whether a first encrypted data of a first data value is equal to a second encrypted data of a second data value comprising a client machine.
- the client machine is configured to compose a first cyclic group, the first cyclic group comprising a plurality of elements; and compose a second cyclic group, the second cyclic group comprising a plurality of elements including a first element.
- the client machine is further configured to apply a mathematical operation to the first cyclic group to map elements of the first cyclic group to one of the elements in the second cyclic group; randomly select a second element from the first cyclic group; and produce the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group.
- the client machine is further configured to randomly select a third element from the first cyclic group; and produce the second encrypted data by mapping the third element and the second data value into one or more elements of the first cyclic group.
- the system further comprises a server, the server configured to receive the first encrypted data and the second encrypted data from the client machine; and perform a test condition by applying the mathematical operation to the first encrypted data and the second encrypted data to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
- the client machine is further configured to randomly select integers to form a secret key; and generate a token, the token being a function of the secret key.
- the client machine is further configured to produce the first encrypted data by mapping the second element, the first data value and the secret key into one or more elements of the first cyclic group; and produce the second encrypted data by mapping the third element, the second data value and the secret key into one or more elements of the first cyclic group.
- the server is further configured to receive the token from the client machine; and apply the mathematical operation to the first encrypted data, the second encrypted data and the token to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
- the mathematical operation is a bilinear mapping operation.
- the first element is an identity element of the second cyclic group.
- Figure 1 is a flow chart that depicts a method for determining whether two probabilistically encrypted values are equal in accordance with a preferred embodiment of the invention.
- Figure 2 is a flow chart that depicts a method for determining which probabilistically encrypted values in a first set of values match with the probabilistically encrypted values in a second set of values in accordance with a preferred embodiment of the invention.
- Figure 3 is a flow chart that depicts a equijoin method to discover pairs of records from two tables, whose attribute value in a record in the first table matches with an attribute value in a record in the second table.
- Figure 4 depicts a system for implementing the method in accordance with a preferred embodiment of the invention.
- Figure 1 shows a method for determining whether two probabilistically encrypted values are equal.
- two cyclic groups G and G T with bilinear mapping e: G x G ⁇ GT are composed.
- G is the first cyclic group and GT is the second cyclic group.
- the bilinear mapping operation is applied to the first cyclic group G, so as to map elements of the first cyclic group G to one of the elements in the second cyclic group GT.
- the group structure G has prime order p.
- the group structure Gj also has a plurality of elements and 1 is also the identity element of GT.
- e(gi a , g! b ) e(g l5 gi) ab .
- step 102 a client machine chooses random integers ⁇ , ⁇ and ⁇ 2 in the range
- step 103 the client machine stores ⁇ , ⁇ and ⁇ 2 as a secret key, and releases p, gj and g 2 to the un-trusted server as a public key.
- step 104 the client machine randomly selects integers ⁇ , ⁇ 2 , KA and TA in the range [l ...p], and randomly selects element x from the first cyclic group G.
- the client machine adds KA and TA to the secret key.
- step 106 the client machine randomly selects integers ⁇ 1; ⁇ 2 ⁇ ⁇ 3 ⁇ 4 and TB in the range [l ...p], and randomly selects element y from the first cyclic group G.
- the client machine adds ⁇ 3 ⁇ 4 and TB to the secret key.
- encrypted data B does not necessarily need eight components and the eight components described here is used as an illustration for the preferred embodiment.
- step 108 the client machine then deposits encrypted data A and encrypted data B in un-trusted server.
- the token is a function of the secret key (as the secret key comprises of
- first data value u and second data value v are equal.
- the denominator of the test condition works out to be:- e ⁇ x,x) ⁇ xu+ ⁇ ⁇ e ⁇ y,yY ⁇ v - ⁇ ⁇ e(g 2 ,x) x ⁇ ⁇ e(g 2 ,y) ⁇ ⁇ ⁇ e(g 2 ,y)** ⁇ e(jg 2l x) ⁇ ⁇
- test condition works out to be:- e(x ⁇ ) lXU+ff2 -e(x CTl(u_ ) - yo _CTl ⁇
- trusted server determines that first data value u is equal to second data value v.
- This encryption method is advantageous as it is probabilistic. This is because integers and ⁇ 2 as well as element x are randomly selected each time first data value u is encrypted, and integers ⁇ and ⁇ 2 as well as element y are randomly selected each time second data value v is encrypted. Therefore, for data value u or v, encrypted at different times, the encrypted data A and B will be different. Despite the fact that every encryption of first data value u and second data value v will generate different encrypted data A and B, the test
- Another advantage of the encryption method is that the un-trusted server can perform the test condition only after receiving token ⁇ ⁇ from the client machine.
- G x G ⁇ GT two cyclic groups G and Gx with bilinear mapping e: G x G ⁇ GT are composed.
- G is the first cyclic group and G-r is the second cyclic group.
- the bilinear mapping operation is applied to the first cyclic group G, so as to map elements of the first cyclic group G to one of the elements in the second cyclic group GT.
- the group structure G has prime order p.
- step 202 a client machine chooses random integers ⁇ , ⁇ ] and ⁇ 2 in the range
- step 203 the client machine stores ⁇ , ⁇ and ⁇ 2 as a secret key, and releases p, gi and g 2 to the un-trusted server as a public key.
- step 204 for the first set of values U— i , u 2 , ⁇ ⁇ ⁇ , m ⁇ , the client machine randomly selects integers A and XA in the range [1...p]. The client machine adds KA and XA to the secret key.
- step 205 for every value Ui of U, the client machine randomly selects integers ⁇ 1;1 and ⁇ ;2 ⁇ the range [l ...p], and randomly selects element x, from the first cyclic group G.
- step 208 for every value Vj of V, the client machine randomly selects integers uj j and ⁇ ⁇ ;2 in the range [1 ...p], and randomly selects element _3 ⁇ 4 from the first cyclic group G.
- step 209 for every value j of V, the client machine generates encrypted data
- step 210 the client machine then deposits encrypted data Ai for U and encrypted data B j for V in the un-trusted server.
- the token is a function of the secret key (as the secret key comprises of ⁇ ⁇ , ⁇ ⁇ , x A , ⁇ ⁇ ).
- the test condition involves applying bilinear mappings to components of encrypted data A,-, components of encrypted data Bj, token 3 ⁇ 4 B and g 2 .
- Another advantage of the encryption method is that the un-trusted server can perform the test condition only after receiving token ⁇ ⁇ from the client machine. Further still, token T AB can only be used for discovering matching values across U and V specifically, and cannot be used for other sets of values. .
- Figure 3 shows a method for performing an equality join (or equijoin) on two tables.
- An equijoin is one of the most common operations in a relational Database Management System.
- An equijoin on two tables is able to determine if an attribute in a record in the first table is equal in value to an attribute in a record in the second table.
- first table R fa, r 2
- second table S ⁇ s x , s 2 ,••- , s n ⁇ .
- Each record in R (rj) has attribute u with attribute value .
- Each record in S (s j ) has attribute v with attribute value Sj.
- the equijoin method involves discovering pairs of R and S records, whose attribute value u in a record in R matches with attribute value v in a record in S.
- two cyclic groups G and GT with bilinear mapping e G x G ⁇ GT are composed.
- G is the first cyclic group and GT is the second cyclic group.
- the bilinear mapping operation is applied to the first cyclic group G, so as to map elements of the first cyclic group G to one of the elements in the second cyclic group G -
- the group structure G has prime order p.
- step 302 a client machine chooses random integers ⁇ , ⁇ and ⁇ 2 in the range
- step 303 the client machine stores ⁇ , ⁇ and ⁇ 2 as a secret key, and releases p, gi and g 2 to the un-trusted server as a public key.
- step 305 for attribute value r t . u in each record r t of R, the client machine randomly selects integers ⁇ and ⁇ , >2 in the range [1 ...p], and randomly selects element ,- from the first cyclic group G.
- step 308 for attribute value sj. v in each record Sj of S, the client machine randomly selects integers Ujj and Uj 2 in the range [1...p], and randomly selects element jy, from the first cyclic group G.
- step 310 the client machine then deposits the encrypted data A, for each record r t of R and encrypted data B j for each record Sj of S in the un-trusted server.
- step 31 1 To perform an equijoin of R and S on their attributes u and v, in step 31 1, the client machine generates a token ⁇ ⁇ — ( ⁇ / ⁇ ⁇ > ⁇ ⁇ ⁇ / ⁇ ⁇ ) , an d sends token ⁇ ⁇ to the un- trusted server.
- the token is a function of the secret key (as the secret key comprises of
- step 312 the un-trusted server then applies bilinear mappings to components of encrypted data Aj and encrypted data B j to result in the test condition 1 for each record
- test condition involves applying bilinear mappings to the components of encrypted data Aj, the components of encrypted data B j , token 3 ⁇ 4and g 2 .
- attribute value / . u matches attribute value Sj. v.
- This encryption method is advantageous as it is probabilistic. This is because integers ⁇ , ⁇ and ⁇
- ;2 as well as element x,- are randomly selected each time r £ . u is encrypted, and integers and uj ;2 as well as element y y are randomly selected each time Sj. v is encrypted. Therefore, for r £ . u or Sj. v encrypted at different times, the encrypted data A, and B j will be different. Despite the fact that every encryption of r £ . u and Sj. v will result in different encrypted data Aj and B j , the test condition 1 will always determine
- Another advantage of the encryption method is that the un-trusted server can perform the equijoin only after receiving token x AB from the client machine. Further still, token ⁇ ⁇ can only be used for an equijoin of table R and table S on attribute u in R and attribute v in S. The token cannot be used to join R and S on any other attributes, nor for joining other tables.
- Figure 4 shows a system for implementing the method in accordance with the preferred embodiment and shows the data exchange between client machine 401 and un- trusted server 402.
- client machine 401 sends p, gi and g 2 as a public key to un- trusted sever 402.
- This public key is stored in un-trusted server 402.
- Un-trusted server 402 requires this public key to perform the test condition.
- Client machine 401 does the encryption of data and stores encrypted data A and B in un-trusted server 402.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Optimization (AREA)
- Signal Processing (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Analysis (AREA)
- Computing Systems (AREA)
- Algebra (AREA)
- Computer Networks & Wireless Communication (AREA)
- Mathematical Physics (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Determining if a first encrypted data of a first data value is equal to a second encrypted data of a second data value. Comprising: a first cyclic group; a second cyclic group including a first element. Applying an operation to the first cyclic group to map its elements to an element in the second cyclic group. Randomly selecting a second element from the first cyclic group; producing the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group. Randomly selecting a third element from the first cyclic group; producing the second encrypted data by mapping the third element and the second data value into one or more elements of the first cyclic group. Applying the operation to the first encrypted data and the second encrypted data to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
Description
METHOD FOR MATCHING PROBABILISTIC ENCRYPTED DATA
FIELD OF THE INVENTION
[0001] The present invention relates to a new method for matching probabilistic encrypted data.
BACKGROUND
[0002] Typically in Information Technology (IT) outsourcing, a user may delegate the data storage and query processing functions to an un-trusted third-party server. This gives rise to the need to safeguard and ensure the privacy of the database as well as the user queries being sent to the database.
[0003] A method of preserving data privacy is by applying a deterministic encryption scheme to the data record values before storing them in the un-trusted servers. Therefore the un-trusted servers only see the encrypted data record values and never see the actual data record values. However, this method of preserving data privacy is not secure. For example, it allows other parties to deduce whether two data record values are the same.
[0004] Concerns over data control and protection may be mitigated if a probabilistic encryption scheme is applied to the data record values before they are stored in the un-trusted servers. In doing so, multiple encryptions of one data record value can produce different encrypted values. However, the obvious challenge would then be how to match probabilistic encryption data when that very one data record can produce different encrypted values?
[0005] The object of the invention is thus to overcome the above problems and provide a new method for matching probabilistic encryption data.
SUMMARY OF INVENTION
[0006] According to a first aspect of the invention, a method for determining whether a first encrypted data of a first data value is equal to a second encrypted data of a second data value is described, the method comprising the steps of composing a first cyclic group, the first cyclic group comprising a plurality of elements; and composing a second cyclic group, the
second cyclic group comprising a plurality of elements including a first element. The method further comprises the step of applying a mathematical operation to the first cyclic group to map elements of the first cyclic group to one of the elements in the second cyclic group. The method further comprises the steps of randomly selecting a second element from the first cyclic group; and producing the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group. The method further comprises the steps of randomly selecting a third element from the first cyclic group; and producing the second encrypted data by mapping the third element and the second data value into one or more elements of the first cyclic group. The method further comprises the step of performing a test condition by applying the mathematical operation to the first encrypted data and the second encrypted data to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
[0007] Preferably, the method further comprises the steps of randomly selecting integers to form a secret key; and generating a token, the token being a function of the secret key. Wherein the step of producing the first encrypted data comprises the step of mapping the second element, the first data value and the secret key into one or more elements of the first cyclic group. Wherein the step of producing the second encrypted data comprises the step of mapping the third element, the second data value and the secret key into one or more elements of the first cyclic group. Wherein the step of performing a test condition comprises the step of applying the mathematical operation to the first encrypted data, the second encrypted data and the token.
[0008] Preferably, the mathematical operation is a bilinear mapping operation.
[0009] Preferably, the first element is an identity element of the second cyclic group.
[0010] According to a second aspect of the invention, a method for determining which probabilistically encrypted values in a first set is equal to the probabilistically encrypted values in a second set is described, the method comprising the steps of extracting a first data value from the first set; and extracting a second data value from the second set. The method further comprises the step of determining whether a first encrypted data of the first data value is equal to a second encrypted data of the second data value by using the method as described in the first aspect of the invention.
[0011] According to a third aspect of the invention, a method for determining which probabilistically encrypted values in a first table is equal to the probabilistically encrypted values in a second table is described, the method comprising the steps of extracting a first record from the first table, the first record having a first attribute with a first data value; and extracting a second record from the second table, the second record having a second attribute with a second data value. The method further comprises the step of determining whether a first encrypted data of the first data value is equal to a second encrypted data of the second data value by using the method as described in the first aspect of the invention.
[0012] According to a fourth aspect of the invention, a system for determining whether a first encrypted data of a first data value is equal to a second encrypted data of a second data value is described, the system comprising a client machine. The client machine is configured to compose a first cyclic group, the first cyclic group comprising a plurality of elements; and compose a second cyclic group, the second cyclic group comprising a plurality of elements including a first element. The client machine is further configured to apply a mathematical operation to the first cyclic group to map elements of the first cyclic group to one of the elements in the second cyclic group; randomly select a second element from the first cyclic group; and produce the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group. The client machine is further configured to randomly select a third element from the first cyclic group; and produce the second encrypted data by mapping the third element and the second data value into one or more elements of the first cyclic group. The system further comprises a server, the server configured to receive the first encrypted data and the second encrypted data from the client machine; and perform a test condition by applying the mathematical operation to the first encrypted data and the second encrypted data to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
[0013] Preferably, the client machine is further configured to randomly select integers to form a secret key; and generate a token, the token being a function of the secret key. The client machine is further configured to produce the first encrypted data by mapping the second element, the first data value and the secret key into one or more elements of the first cyclic group; and produce the second encrypted data by mapping the third element, the second data value and the secret key into one or more elements of the first cyclic group.
[0014] Preferably, the server is further configured to receive the token from the client machine; and apply the mathematical operation to the first encrypted data, the second encrypted data and the token to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
[0015] Preferably, the mathematical operation is a bilinear mapping operation.
[0016] Preferably, the first element is an identity element of the second cyclic group.
[0017] The invention will now be described in detail with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0018] The accompanying figures illustrate disclosed embodiment(s) and serve to explain principles of the disclosed embodiment(s). It is to be understood, however, that these drawings are presented for purposes of illustration only, and not for defining limits of the application.
[0019] Figure 1 is a flow chart that depicts a method for determining whether two probabilistically encrypted values are equal in accordance with a preferred embodiment of the invention.
[0020] Figure 2 is a flow chart that depicts a method for determining which probabilistically encrypted values in a first set of values match with the probabilistically encrypted values in a second set of values in accordance with a preferred embodiment of the invention.
[0021] Figure 3 is a flow chart that depicts a equijoin method to discover pairs of records from two tables, whose attribute value in a record in the first table matches with an attribute value in a record in the second table.
[0022] Figure 4 depicts a system for implementing the method in accordance with a preferred embodiment of the invention.
[0023] Exemplary, non-limiting embodiments of the present application will now be described with references to the_above-mentioned figures.
DETAILED DESCRIPTION
[0024] Figure 1 shows a method for determining whether two probabilistically encrypted values are equal.
[0025] Referring to step 101 in figure 1, two cyclic groups G and GT with bilinear mapping e: G x G→ GT are composed. G is the first cyclic group and GT is the second cyclic group. The bilinear mapping operation is applied to the first cyclic group G, so as to map elements of the first cyclic group G to one of the elements in the second cyclic group GT. The group structure G has prime order p. The group structure G has a plurality of elements, among which is a generator g\. As gi is the generator, therefore Gi = {gl5 g\2, g\3, gip} and gip = 1, where 1 is the identity element of G. The group structure Gj also has a plurality of elements and 1 is also the identity element of GT. For any integers a and b, e(gia, g!b) = e(gl5 gi)ab.
[0026] In step 102, a client machine chooses random integers σ, σι and σ2 in the range
[l ..p] and computes g2 = g^, where g2 is an element of G. g2 is used to give a safeguarded form of secret value σ to the server. The server needs g2 to compute the test condition. The server cannot get the actual value of σ without doing a discrete log operation, which is a hard computational problem.
[0027] In step 103, the client machine stores σ, σι and σ2 as a secret key, and releases p, gj and g2 to the un-trusted server as a public key.
[0028] In step 104, the client machine randomly selects integers λι, λ2, KA and TA in the range [l ...p], and randomly selects element x from the first cyclic group G. The client machine adds KA and TA to the secret key.
[0029] In step 105, for a first data value u, the client machine uses the secret key to generate encrypted data A having eight components i.e. A = (Aj, A2, A3, A4, A5, A6, A7, A8), where Ax =
AQ = e(x, x)UlXU+Ci2. One skilled in the art will appreciate that encrypted data A does not necessarily need eight components and the eight components described here is used as an illustration for the preferred embodiment.
[0030] In step 106, the client machine randomly selects integers μ1; μ2ι κ¾ and TB in the range [l ...p], and randomly selects element y from the first cyclic group G. The client machine adds κ¾ and TB to the secret key.
[0031] In step 107, for a second data value v, the client machine uses the secret key to generate encrypted data B having eight components i.e. B = (Bl s B2, B3, B , B5, B6, B7, B ), where B1 = y"i , B2 = , B3 = . ^ B^ = y Bs = ya B(> = y /K B ? Β η = g^lK B, Bs = β(γ, γ σιΧν+σ2. One skilled in the art will appreciate that encrypted data B does not necessarily need eight components and the eight components described here is used as an illustration for the preferred embodiment.
[0032] In step 108, the client machine then deposits encrypted data A and encrypted data B in un-trusted server.
[0033] To test whether first data value u and second data value v are equal, in step 109, the client machine generates a token τΑΒ = (κΒ/τΑ,—κΑ/τΒ) , and sends token τΑΒ to the un- trusted server. The token is a function of the secret key (as the secret key comprises of
[0034] In step 1 10, the un-trusted server then applies bilinear mappings to components of encrypted data A and encrypted data B to result in the test condition — e^Al g-L/TD = 1 to determine whether first
>l8·β8-1■ e(A1 ■β 52)·e(A7,β6 ¾ τΛ)■ e(B7 '¾ τβ, l6)■ e(yl2 ■β2-1,A5 ■β5)
identity element of Gj. The test condition involves applying bilinear mappings to components of encrypted data A, components of encrypted data B, token ¾Band g2.
= 1, then
ΑΆ-Β^-β{Αί-Β^,92)·β{Α7,Β6 ΚΒ,τΑ)·β{Β7 ,A6ye(A2-B2 A5-B5
first data value u and second data value v are equal.
[0036] The components of the denominator of the test condition works out to be:-
= e(gllXy^ = e<jgZ,x)-K = e{g2,x)-^ e(A2 ■ B2 AS
= eigf.xyY*-^ = e g2,xy ^~^ = e(gz,x ^■ e{g2,y 1^
[0037] Therefore, the denominator of the test condition works out to be:- e{x,x)^xu+^■ e{y,yY^ v-^■ e(g2,x)x^■ e(g2,y)~^■ e(g2,y)** · e(jg2lx)~^
[0038] The numerator of the test condition works out to be:-
[0039] Therefore, the test condition works out to be:- e(x^) lXU+ff2-e(x CTl(u_ )- yo _CTl ^
e(x,x)CTixu+c2-e(y, )-CTixl;-('2 e(52,%)¾-1+ l2-'"i_'u2-e 52,y) li+ l2_'"i_'I'2
[0040] When first data value u and second data value v are equal, e x, yy^u v^ — e(x, y)Gl(^ = ° = 1 , where 1 is the identity element of GT. Therefore, if test condition = 1 holds, un-
trusted server determines that first data value u is equal to second data value v.
[0041] This encryption method is advantageous as it is probabilistic. This is because integers and λ2 as well as element x are randomly selected each time first data value u is encrypted, and integers μι and μ2 as well as element y are randomly selected each time second data value v is encrypted. Therefore, for data value u or v, encrypted at different times, the encrypted data A and B will be different. Despite the fact that every encryption of first data value u and second data value v will generate different encrypted data A and B, the test
,.+.
deteraiine correctly whether first data value u is equal to second data value v. This is due to the specific structure of the test condition, encrypted data A and B and token τΑΒ, which results in the condition e{x, yy^u~v^ = 1 , so that integer σ1 ; element x and element y will be neutralized when first data value u is equal to second data value v.
[0042] Another advantage of the encryption method is that the un-trusted server can perform the test condition only after receiving token τΑΒ from the client machine.
[0043] Figure 2 shows a method for determining which probabilistically encrypted values in a first set of values U = {uit u2, ··· ,½}, match with the probabilistically encrypted values in a second set of values V = v^, v2, · · · , vm}.
[0044] Referring to step 201 in figure 2, two cyclic groups G and Gx with bilinear mapping e: G x G→ GT are composed. G is the first cyclic group and G-r is the second cyclic
group. The bilinear mapping operation is applied to the first cyclic group G, so as to map elements of the first cyclic group G to one of the elements in the second cyclic group GT. The group structure G has prime order p. The group structure G has a plurality of elements, among which is a generator gj. As gi is the generator, therefore Gi = {gi, gi2, gi3, ..., gip} and gip = 1 , where 1 is the identity element of G. The group structure GT also has a plurality of elements and 1 is also the identity element of G - For any integers a and b, e(g1 a, g! b) = e(gls g ab.
[0045] In step 202, a client machine chooses random integers σ, σ] and σ2 in the range
[l ...p] and computes g2 = g^, where g2 is an element of G. g2 is used to give a safeguarded form of secret value σ to the server. The server needs g2 to compute the test condition. The server cannot get the actual value of σ without doing a discrete log operation, which is a hard computational problem.
[0046] In step 203, the client machine stores σ, σι and σ2 as a secret key, and releases p, gi and g2 to the un-trusted server as a public key.
[0047] In step 204, for the first set of values U— i, u2, · · · , m}, the client machine randomly selects integers A and XA in the range [1...p]. The client machine adds KA and XA to the secret key.
[0048] In step 205, for every value Ui of U, the client machine randomly selects integers λ1;1 and λί;2 ίη the range [l ...p], and randomly selects element x, from the first cyclic group G.
[0049] In step 206, for every value Uj of U, the client machine generates encrypted data = Aiil, Ali2, Aii3, AlA, AiiS, Aii6, Aii7t Alfi ') , where A l =
, Aii3 = σι Μί+σ2 ,x+ z . _ . _ a . _ σ/κ„ . _ i,iX A xi i» 2 ' ',4 — ' xl ' i,5 ~~ xi ? -"1,6 ~ xi J nl,7 ~ til '
■^i,8 = e(^i^i)Cl X"i+a2 - One skilled in the art will appreciate that encrypted data A; does not necessarily need eight components and the eight components described here is used as an illustration for the preferred embodiment.
[0050] In step 207, for the second set of values V = {v1( v2, · ·· , vn}, the client machine randomly selects integers KB and τΒ in the range [1 ...p]. The client machine adds ¾ and xe to the secret key.
[0051] In step 208, for every value Vj of V, the client machine randomly selects integers ujj and μϋ;2 in the range [1 ...p], and randomly selects element _¾ from the first cyclic group G.
[0052] In step 209, for every value j of V, the client machine generates encrypted data
Bj Q = e .,y )AIXVJ+TT2. One skilled in the art will appreciate that encrypted data Bj does not necessarily need eight components and the eight components described here is used as an illustration for the preferred embodiment.
[0053] In step 210, the client machine then deposits encrypted data Ai for U and encrypted data Bj for V in the un-trusted server.
[0054] To test whether u, of U and Vj of V are equal, in step 21 1, the client machine ... generates a token xAB = —Α¾/τβ), and sends token τΑΒ to the un-trusted server. The token is a function of the secret key (as the secret key comprises of κΑ, κΒ, xA, τΒ).
[0055] In step 212, the un-trusted server then applies bilinear mappings to components of encrypted data Aj and encrypted data Bj to result in the test condition
= 1, for every u; oi U and v, of V, to determine whether u, of U matches Vj of V. :— -— J- ——k ΖΪ is an element in GT and 1 is the identity element of Gj. The test condition involves applying bilinear mappings to components of encrypted data A,-, components of encrypted data Bj, token ¾Band g2.
[0057] The components of the denominator of the test condition works out to be:-
e(_ w · B ,g ,x^■ yj" )
e(Aii2 ■ (xty)°)
= eC ,^1*11^2■ e( /,y_/r°ix,,J-<¾ ' β(02,χ ί)Ηι+λί,2~μ'·1~μ'·2■ e(g2lyj)Xi'i+Xi^-^
[0059] The numerator of the test condition works out to be:-
[0061] When w, is equal to v , then e^ yy)01^1-^5 = e(xif yy)° = 1, where 1 is the identity element of G . Therefore, if test condition Ϊ— r ' . ' ; = 1 holds, un-trusted server will determine that Uj matches Vj.
[0062] This encryption method is advantageous as it is probabilistic. This is because integers λ,;ι and j;2 as well as element x, are randomly selected each time w, is encrypted, and integers and uj;2 as well as element ¾· are randomly selected each time ν· is encrypted. Therefore, for «, and vj, encrypted at different times, the encrypted data A, and Bj will be different. Despite the fact that every encryption of w, and v, will result in different encrypted data Aj and Bj, the test condition :— i— ' . ' ' i = 1 will always determine correctly whether «,· is equal to ν7·. This is due to the specific structure of the test condition, encrypted data Aj and Bj and token xAB, which results in the condition e xi, /)ai(-Ui_v^ = 1, so that integer σ1> element x, and element ¾ will be neutralized when «,· is equal to vj.
[0063] Another advantage of the encryption method is that the un-trusted server can perform the test condition only after receiving token τΑΒ from the client machine. Further still, token TAB can only be used for discovering matching values across U and V specifically, and cannot be used for other sets of values. .
[0064] Figure 3 shows a method for performing an equality join (or equijoin) on two tables. An equijoin is one of the most common operations in a relational Database
Management System. An equijoin on two tables is able to determine if an attribute in a record in the first table is equal in value to an attribute in a record in the second table. Assume first table R = fa, r2, and second table S = {sx, s2,••- , sn} . Each record in R (rj) has attribute u with attribute value . ΐί. Each record in S (sj) has attribute v with attribute value Sj. v. The equijoin method involves discovering pairs of R and S records, whose attribute value u in a record in R matches with attribute value v in a record in S.
[0065] Referring to step 301 in figure 3, two cyclic groups G and GT with bilinear mapping e: G x G→ GT are composed. G is the first cyclic group and GT is the second cyclic group. The bilinear mapping operation is applied to the first cyclic group G, so as to map elements of the first cyclic group G to one of the elements in the second cyclic group G - The group structure G has prime order p. The group structure G has a plurality of elements, among which is a generator g^ As gi is the generator, therefore Gj = {gi, g^, % , g\p} and g! P = 1, where 1 is the identity element of G. The group structure GT also has a plurality of elements and 1 is also the identity element of GT. For any natural numbers a and b, e(g!a, gib) = e(gl5 gi)ab-
[0066] In step 302, a client machine chooses random integers σ, σι and σ2 in the range
[l ...p] and computes g2 = gja, where g2 is an element of G. g2 is used to give a safeguarded form of secret value σ to the server. The server needs g2 to compute the test condition. The server cannot get the actual value of σ without doing a discrete log operation, which is a hard computational problem.
[0067] In step 303, the client machine stores σ, σι and σ2 as a secret key, and releases p, gi and g2 to the un-trusted server as a public key.
[0068] In step 304, for the first table of records R = fa, r2, · · · , rm}, the client machine randomly selects integers KA and XA in the range [1...p]. The client machine adds KA and XA to the secret key.
[0069] In step 305, for attribute value rt. u in each record rt of R, the client machine randomly selects integers λ^ι and λ,>2 in the range [1 ...p], and randomly selects element ,- from the first cyclic group G.
[0070] In step 306, for attribute value r{. u in each record of /?, the client machine generates encrypted data Ai = ( ,i< ^ ' ^D' ^t ' ^5' ^,6> ^i,7' ^i,8) » where -4i(1 = x^'1 ,
4 _ „Ai.2 4 _ lWi-U+ffi , lU¾ 4 _ r. _ γσ . _ σ/ 4. _ Λι,2— i χ J Λι,3 — xi 2 ? ^[, - χι Λι,5 — xi ■> nl,6 — xi ■> Λ1,7 —
^l'l Ti4, Ai S— e (Xi, i)CIlXri'u+cf2. One skilled in the art will appreciate that encrypted data Ai does not necessarily need eight components and the eight components described here is used as an illustration for the preferred embodiment.
[0071] In step 307, for the second table of records S = {¾, ¾< •••, sn}, the client machine randomly selects integers ¾ and Τβ ίη the range [l ...p]. The client machine adds KB and TB to the secret key.
[0072] In step 308, for attribute value sj. v in each record Sj of S, the client machine randomly selects integers Ujj and Uj 2 in the range [1...p], and randomly selects element jy, from the first cyclic group G.
[0073] In step 309, for attribute value Sj. v in each record Sj of S, the client machine i 1 generates encrypted data Bj = . = yj J' ,
g^'1 B , Bj>8 = e yj, y^)ai Sj V+az . One skilled in the art will appreciate that encrypted data Bj does not necessarily need eight components and the eight components described here is used as an illustration for the preferred embodiment.
[0074] In step 310, the client machine then deposits the encrypted data A, for each record rt of R and encrypted data Bj for each record Sj of S in the un-trusted server.
[0075] To perform an equijoin of R and S on their attributes u and v, in step 31 1, the client machine generates a token τΑΒ — (κΒ/τΑ> ~ κΑ/τΒ) , and sends token τΑΒ to the un- trusted server. The token is a function of the secret key (as the secret key comprises of
ΚΑ· ΚΒ> ΧΑ· Β)·
[0076] In step 312, the un-trusted server then applies bilinear mappings to components of encrypted data Aj and encrypted data Bj to result in the test condition
1 for each record
and each record Sj of S, to determine whether attribute value rt. u matches attribute value Sj. v.
eiAi -Bj An-Bj i)
i— Ϊ— ——1— ' i is an element in GT and 1 is the identity element of GT. The test condition involves applying bilinear mappings to the components of encrypted data Aj, the components of encrypted data Bj, token ¾and g2.
then attribute value /. u matches attribute value Sj. v.
[0078] The components of the denominator of the test condition works out to be:-
e (si^1)■ e (g2, yj ^'1) = {g2l x )x^■ e{g2,yjy^
[0079] Therefore, the denominator of the test condition works out to be:-
yj†*-**
·
[0080] The numerator of the test condition works out to be:-
[0081] . Therefore, the test condition works out to be:-
will determine that r£. u matches s . v.
[0083] This encryption method is advantageous as it is probabilistic. This is because integers λί,ι and λ|;2 as well as element x,- are randomly selected each time r£. u is encrypted, and integers and uj;2 as well as element yy are randomly selected each time Sj. v is encrypted. Therefore, for r£. u or Sj. v encrypted at different times, the encrypted data A, and Bj will be different. Despite the fact that every encryption of r£. u and Sj. v will result in different
encrypted data Aj and Bj, the test condition = 1 will always determine
correctly whether rt. u is equal to Sj . v. This is due to the specific structure of the test condition, encrypted data Aj and Bj and token τΑ Β , which results in the condition e Xi, yj)Gl^ri'u~si'v^ = 1, so that integer σ1ι element x, and element ¾ will be neutralized when r^ . u is equal to Sj . v.
[0084] Another advantage of the encryption method is that the un-trusted server can perform the equijoin only after receiving token xAB from the client machine. Further still, token τΑΒ can only be used for an equijoin of table R and table S on attribute u in R and attribute v in S. The token cannot be used to join R and S on any other attributes, nor for joining other tables.
[0085] Figure 4 shows a system for implementing the method in accordance with the preferred embodiment and shows the data exchange between client machine 401 and un- trusted server 402. As shown, client machine 401 sends p, gi and g2 as a public key to un- trusted sever 402. This public key is stored in un-trusted server 402. Un-trusted server 402 requires this public key to perform the test condition. Client machine 401 does the encryption of data and stores encrypted data A and B in un-trusted server 402. To test whether two data values are equal, the token τΑ Β = — ¾As) is sent t0 un-trusted server 402 so that un- trusted server 402 can perform the test condition. If the test condition holds, un-trusted server 402 would have determined that the two data values are equal, all the while not being privy to the actual values of the two data values.
[0086] It will be apparent that various other modifications and adaptations of the application will be apparent to the person skilled in the art after reading the foregoing disclosure without departing from the spirit and scope of the application and it is intended that all such modifications and adaptations come within the scope of the appended claims.
[0087] In the application, unless specified otherwise, the terms "comprising",
"comprise", and grammatical variants thereof, are intended to represent "open" or "inclusive" language such that they include recited elements but also permit inclusion of additional, non- explicitly recited elements.
Claims
1. A method for determining whether a first encrypted data of a first data value is equal to a second encrypted data of a second data value, the method comprising the steps of :- composing a first cyclic group, the first cyclic group comprising a plurality of elements; composing a second cyclic group, the second cyclic group comprising a plurality of elements including a first element;
applying a mathematical operation to the first cyclic group to map elements of the first cyclic group to one of the elements in the second cyclic group;
randomly selecting a second element from the first cyclic group;
producing the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group;
randomly selecting a third element from the first cyclic group;
producing the second encrypted data by mapping the third element and the second data value into one or more elements of the first cyclic group; and
performing a test condition by applying the mathematical operation to the first encrypted data and the second encrypted data to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
2. The method of claim 1 further comprising the steps of randomly selecting integers to form a secret key; and generating a token, the token being a function of the secret key; and wherein the step of producing the first encrypted data comprises the step of mapping the second element, the first data value and the secret key into one or more elements of the first cyclic group; and
wherein the step of producing the second encrypted data comprises the step of mapping the third element, the second data value and the secret key into one or more elements of the first cyclic group; and
wherein the step of performing a test condition comprises the step of applying the mathematical operation to the first encrypted data, the second encrypted data and the token.
3. The method of claim 1 or claim 2 wherein the mathematical operation is a bilinear mapping operation.
4. The method of any one of the preceding claims wherein the first element is an identity element of the second cyclic group.
5. A method for determining which probabilistically encrypted values in a first set is equal to the probabilistically encrypted values in a second set, the method comprising the steps of :- extracting a first data value from the first set;
extracting a second data value from the second set; and
determining whether a first encrypted data of the first data value is equal to a second encrypted data of the second data value by using the method as claimed in any one of claims 1 to 4.
6. A method for determining which probabilistically encrypted values in a first table is equal to the probabilistically encrypted values in a second table, the method comprising the steps of :- extracting a first record from the first table, the first record having a first attribute with a first data value;
extracting a second record from the second table, the second record having a second attribute with a second data value; and
determining whether a first encrypted data of the first data value is equal to a second encrypted data of the second data value by using the method as claimed in any one of claims 1 to 4.
7. A system for determining whether a first encrypted data of a first data value is equal to a second encrypted data of a second data value, the system comprising :- a client machine, the client machine configured to :- compose a first cyclic group, the first cyclic group comprising a plurality of elements;
compose a second cyclic group, the second cyclic group comprising a plurality of elements including a first element;
apply a mathematical operation to the first cyclic group to map elements of the first cyclic group to one of the elements in the second cyclic group;
randomly select a second element from the first cyclic group;
produce the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group;
randomly select a third element from the first cyclic group; and
produce the second encrypted data by mapping the third element and the second data value into one or more elements of the first cyclic group;
and a server, the server configured to :- receive the first encrypted data and the second encrypted data from the client machine; and
perform a test condition by applying the mathematical operation to the first encrypted data and the second encrypted data to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
8. The system of claim 7 wherein the client machine is further configured to :- randomly select integers to form a secret key;
generate a token, the token being a function of the secret key;
produce the first encrypted data by mapping the second element, the first data value and the secret key into one or more elements of the first cyclic group; and
produce the second encrypted data by mapping the third element, the second data value and the secret key into one or more elements of the first cyclic group.
9. The system of claim 8 wherein the server is further configured to :- receive the token from the client machine;
apply the mathematical operation to the first encrypted data, the second encrypted data and the token to obtain a fourth element in the second cyclic group, wherein the fourth element is equal to the first element when the first data value is equal to the second data value.
10. The system of any one of claims 7 to 9 wherein the mathematical operation is a bilinear mapping operation.
11. The system of any one of claims 7 to 10 wherein the first element is an identity element of the second cyclic group.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG11201506331SA SG11201506331SA (en) | 2013-12-11 | 2014-12-10 | Method for matching probabilistic encrypted data |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201361914559P | 2013-12-11 | 2013-12-11 | |
US61/914,559 | 2013-12-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015088448A1 true WO2015088448A1 (en) | 2015-06-18 |
Family
ID=53371585
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG2014/000590 WO2015088448A1 (en) | 2013-12-11 | 2014-12-10 | Method for matching probabilistic encrypted data |
Country Status (2)
Country | Link |
---|---|
SG (1) | SG11201506331SA (en) |
WO (1) | WO2015088448A1 (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130083921A1 (en) * | 2010-07-23 | 2013-04-04 | Nippon Telegraph And Telephone Corporation | Encryption device, decryption device, encryption method, decryption method, program, and recording medium |
-
2014
- 2014-12-10 SG SG11201506331SA patent/SG11201506331SA/en unknown
- 2014-12-10 WO PCT/SG2014/000590 patent/WO2015088448A1/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130083921A1 (en) * | 2010-07-23 | 2013-04-04 | Nippon Telegraph And Telephone Corporation | Encryption device, decryption device, encryption method, decryption method, program, and recording medium |
Non-Patent Citations (2)
Title |
---|
G. FUCHSBAUER ET AL.: "Proofs on Encrypted Values in Bilinear Groups and an Application to Anonymity of Signatures'';", PAIRING-BASED CRYPTOGRAPHY - PAIRING 2009; LECTURE NOTES IN COMPUTER SCIENCE, vol. 5671, 2009, pages 132 - 149 * |
J.L. MASSEY;: "Logarithms in Finite Cyclic Groups - Cryptographic Issues'';", PROC. 4TH BENELUX SYMPOSIUM ON INFORMATION THEORY;, 1983, pages 17 - 25 * |
Also Published As
Publication number | Publication date |
---|---|
SG11201506331SA (en) | 2015-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10211981B2 (en) | System and method for generating a server-assisted strong password from a weak secret | |
KR102627049B1 (en) | Computer-implemented method for generating threshold vaults | |
US10027654B2 (en) | Method for authenticating a client device to a server using a secret element | |
EP3005608B1 (en) | Authentication | |
CN107342859B (en) | Anonymous authentication method and application thereof | |
US20100217986A1 (en) | Authenticated secret sharing | |
US9106644B2 (en) | Authentication | |
JP2014002365A5 (en) | ||
US20140359290A1 (en) | Authentication | |
CN107248909A (en) | It is a kind of based on SM2 algorithms without Credential-Security endorsement method | |
Kang et al. | Certificateless Public Auditing with Privacy Preserving for Cloud‐Assisted Wireless Body Area Networks | |
US8438393B2 (en) | Quadratic residue based password authenticated key exchange method and system | |
CN108599934A (en) | It is a kind of to test safe and secret Enhancement Method for quantum key distribution | |
CN106712942B (en) | SM2 digital signature generation method and system based on privacy sharing | |
JP2016526851A (en) | System for sharing encryption keys | |
CN109903158A (en) | The method that transaction amount is in some section is proved using zero knowledge probative agreement | |
CN105631347B (en) | File access method and client terminal device | |
CN113779606A (en) | Information verification method and system for reducing privacy disclosure risk | |
CN115473703A (en) | Identity-based ciphertext equivalence testing method, device, system and medium for authentication | |
Nam et al. | Password‐Only Authenticated Three‐Party Key Exchange with Provable Security in the Standard Model | |
JP2012527678A (en) | Method and apparatus enabling portable user reputation | |
NL1043779B1 (en) | Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge | |
Mao et al. | Trusted authority assisted three‐factor authentication and key agreement protocol for the implantable medical system | |
Yang et al. | Provably‐Secure (Chinese Government) SM2 and Simplified SM2 Key Exchange Protocols | |
WO2020144110A1 (en) | Authentication system with reduced attack surface |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14870246 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14870246 Country of ref document: EP Kind code of ref document: A1 |