Abstract
It will be convenient for users if there is a market place that sells similar products provided by different suppliers. In physical world, this may not be easy, in particular, if the suppliers are from different regions or countries. On the other hand, this is more feasible in the virtual world. The Global Big Data Exchange in Guiyang, China, which provides a market place for traders to buy and sell data, is a typical example. However, these virtual market places are owned by third parties. The security/privacy is a concern in addition to the expensive service charges. In this work, we propose a new privacy-preserving searching model on blockchain which enables a decentralized and secure virtual search-and-match market place. The core technical contribution is a new searchable encryption scheme for blockchain. We adopt the similarity preserving hash and leverage smart contracts to protect the system from the forgery attack and double-rewarding attack. We formally prove the security and privacy of our protocol, and evaluate our scheme on the private net of Ethereum platform. Our experimental results show that our protocol can work efficiently.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that in case two honest data owners have the same document or two very similar documents, it depends on the probability, the one whose document is confirmed by the miner first will get the reward.
- 2.
- 3.
- 4.
References
Breitinger, F., Astebøl, K.P., Baier, H., Busch, C.: mvHash-B-A new approach for similarity preserving hashing. In: 2013 Seventh International Conference on IT Security Incident Management and it Forensics (IMF), pp. 33–44. IEEE (2013)
Breitinger, F., Baier, H.: Similarity preserving hashing: eligible properties and a new algorithm mrsh-v2. In: Rogers, M., Seigfried-Spellar, K.C. (eds.) ICDF2C 2012. LNICST, vol. 114, pp. 167–182. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39891-9_11
Breitinger, F., Baier, H., Beckingham, J.: Security and implementation analysis of the similarity digest sdhash. In: First International Baltic Conference on Network Security & Forensics (nesefo) (2012)
Buterin, V.: Ethereum: a next-generation smart contract and decentralized application platform (2014). https://github.com/ethereum/wiki/wiki/%5BEnglish%5D-White-Paper
Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 668–679. ACM (2015)
Cash, D., et al.: Dynamic searchable encryption in very-large databases: data structures and implementation. In: NDSS, vol. 14, pp. 23–26 (2014)
Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)
Decker, C., Wattenhofer, R.: A fast and scalable payment network with bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21741-3_1
Delmolino, K., Arnett, M., Kosba, A.E., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. IACR Cryptology ePrint Archive, p. 460 (2015)
Goh, E.J., et al.: Secure indexes. IACR Cryptology ePrint Archive, p. 216 (2003)
Grubbs, P., McPherson, R., Naveed, M., Ristenpart, T., Shmatikov, V.: Breaking web applications built on top of encrypted data. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1353–1364. ACM (2016)
Heilman, E., Baldimtsi, F., Goldberg, S.: Blindly signed contracts: anonymous on-blockchain and off-blockchain bitcoin transactions. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 43–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_4
Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 965–976. ACM (2012)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Oliver, J., Cheng, C., Chen, Y.: TLSH-a locality sensitive hash. In: 2013 Fourth Cybercrime and Trustworthy Computing Workshop (CTC), pp. 7–13. IEEE (2013)
Oliver, J., Forman, S., Cheng, C.: Using randomization to attack similarity digests. In: Batten, L., Li, G., Niu, W., Warren, M. (eds.) ATIS 2014. CCIS, vol. 490, pp. 199–210. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45670-5_19
Poon, J., Dryja, T.: The bitcoin lightning network (2015)
Popa, R.A., Zeldovich, N.: Multi-key searchable encryption. IACR Cryptology ePrint Archive, p. 508 (2013)
Popa, R.A., et al.: Building web applications on top of encrypted data using Mylar. In: NSDI, pp. 157–172 (2014)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, S&P 2000, Proceedings, pp. 44–55. IEEE (2000)
Van Rompay, C., Molva, R., Önen, M.: A leakage-abuse attack against multi-user searchable encryption. Proc. Priv. Enhancing Technol. 2017(3), 168–178 (2017)
Van Rompay, C., Molva, R., Önen, M.: Secure and scalable multi-user searchable encryption (2018)
Acknowledgement
This project is partially supported by a RGC Project (CityU C1008-16G) funded by the HK Government.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Proof of Theorem 1
A Proof of Theorem 1
Proof
The simulator \(\mathcal {S}\) is given leakage \(\mathcal {L}\) to simulate the view of the adversary via imitating the real protocol. We generate the proof string \(proof'=((\varDelta _{d,u}^{k_{d,w_i}})', (c_{d,w_i})', BlockNum, Index)\) and \((C_{d})'\) as follows:
1. Simulating \((\varDelta _{d,u}^{k_{d,w_i}})'\): Given \(\mathcal {L}\), \(\mathcal {A}\) choose a composite random key \(k_s\) that \(k_s=k_{s_1}\cdot k_{s_2}\), and compute \((\varDelta _{d,u}^{k_{d,w_i}})'=(\varDelta _{d,u}^{k_{d,w_i}})^{k_s}\).
2. Simulating \((c_{d,w_i})'\): For each keyword query \(w_i\), \((c_{d,w_i})'\) is consist of three parts.
-
Simulating \((H(w_i)^h)'\): compute \((H(w_i)^h)'=(H(w_i)^h)^{k_s}\).
-
Simulating \((H(w_i)^s)'\): compute \((H(w_i)^s)'=(H(w_i)^s)^{k_{s_1}}\).
-
Simulating \(r'\): compute \(r'=r^{k_{s_2}}\).
3. Simulating \((C_{d})', BlockNum', Index'\): Use the same value in the response of real execution.
It follows by construction that response with \(proof'\) will also match the search token \(tk_w\) if proof does because:
Therefore, Left = Right if proof matches \(tk_w\).
We now claim that no polynomial-size distinguisher can distinguish between the distributions \(proof'\) and proof. Note that in the simulation above, \(\varDelta _{d,u}^{k_{d,w_i}}\) and \((\varDelta _{d,u}^{k_{d,w_i}})'\) as well as all the components in \(c_{d,w_i}\) and \((c_{d,w_i})'\) can be regarded as the problem to distinguish between \(g^{ab}\) and \(g^{abc}\). For example, \(c_1\) in \(c_{d,w_i}\) equals to \(H(w_i)^h=g_1^{ah}\) and \(c_1'\) in \((c_{d,w_i})'\) equals to \(H(w_i)^{hk_s}=g_1^{ahk_s}\). Then, we make the following Lemma 1.
Lemma 1
If \(g^{ab}\) and \(g^{abc}\) are indistinguishable from random numbers in the same groups respectively, then \(g^{ab}\) and \(g^{abc}\) are indistinguished from each other.
Since \(g^{ab}\) and \(g^{abc}\) are of the same structure, we only need to prove the distinguishability of anyone of them. For contradiction, we assume that there is a PPT adversary \(\mathcal {D}\) that distinguishes \(g^{ab}\) and \(R \xleftarrow {\$} G\), then we show how to construct a PPT reduction \(\mathcal {B}\) that can use Exp to break the DDH assumption. breaks DDH.
Experiment
-
Given a (multiplicative) cyclic group G of order p, and with generator g.
-
\(\mathcal {B}\) receives \((g^a, g^b, g^{ab})\) and \((g^a, g^b, R)\), \(R \xleftarrow {\$} G\). \(\mathcal {B}\) passes \(g^{ab}\) and R to \(\mathcal {D}\).
-
\(\mathcal {B}\) guesses the same as \(\mathcal {D}\).
Finally, \((C_{d}), BlockNum, Index\) and \((C_{d})', BlockNum', Index'\) are identical, therefore, no polynomial-size distinguisher can distinguish between the outputs of real execution and simulated execution.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
He, M., Zeng, G., Zhang, J., Zhang, L., Chen, Y., Yiu, S. (2019). A New Privacy-Preserving Searching Model on Blockchain. In: Lee, K. (eds) Information Security and Cryptology – ICISC 2018. ICISC 2018. Lecture Notes in Computer Science(), vol 11396. Springer, Cham. https://doi.org/10.1007/978-3-030-12146-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-12146-4_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12145-7
Online ISBN: 978-3-030-12146-4
eBook Packages: Computer ScienceComputer Science (R0)