多媒體網路安全實驗室

Private Information Retrieval Scheme Combined with E-

Payment in Querying Valuable Information

Private Information Retrieval Scheme Combined with E-

Payment in Querying Valuable Information

Date ： 2010.01.02

Reporter: Chien-Wen Huang

出處 :Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on

多媒體網路安全實驗室

Outline

Introduction1

Electronic Cash Approach2

The Proposed Scheme33

The Security Analysis of the Proposed Scheme 44

Conclusions35

2

多媒體網路安全實驗室

IntroductionFormally, private information retrieval (PIR) was

a general problem of private retrieval of the i-item out of an n item database stored at the server.

SC(a temper-proof device):It prevents information from revealing to anyone or administrator of the server and makes every legal user of the server have their own privacy.

3

多媒體網路安全實驗室

Electronic Cash ApproachUntraceable e-CASH payment system

presented by Chaum is designed according to RSA public-key system.

A.Initializing the bank announces (e, n) and one-way hash

function H(), but regards p, q, d as a secret. Suppose the electronic cash issued by bank is w

dollars. both the customers and the merchants taking part

in e-CASH payment system must have accounts in the bank.

4

多媒體網路安全實驗室

B. Withdrawing The customer wants to withdraw money w dollars

from the bank account. is delivered to the bank for signing. the bank will withdraw w dollars from customer’s

account,and sign α to get blinded cash t to customer.

After receiving the blinded cash, the customer computes

(c, m) is the available e-CASH.

5

)(mHr e

dd mHrt )(

nmHtrc d mod)(1

多媒體網路安全實驗室

C. Ordering Before the customer orders some products or has

electronic service from online merchant. the merchant will first verify customer’s ID and then

give a bill to the customer asking for his signature to confirm the transaction.(makes sure the transaction is valid)

6

多媒體網路安全實驗室

D. Paying When database server charges money to

customers, they can pay withdrawn e-CASH (c, m) to the merchant.

After receiving e-CASH from customers, the merchant will verify the validity of e-CASH and execute double-spending checking.

7

多媒體網路安全實驗室

THE PROPOSED SCHEME

8

多媒體網路安全實驗室

Database 1:stores the roster,ID and personal information of all membership.

Database 2 is a special database (patent or pharmaceutical database) and stores their integrated information(Bi) and price.

Database 3: stores encrypted customers’ identification (ID'), e-cash paid by customers, buying information (Bi) and the encrypted buying information (C').

9

多媒體網路安全實驗室

the following notation is used in the description

-PKSC: the public key of SC

-SKSC: the secret key of SC

-PKC: the public key of the customer

-SKC: the secret key of the customer

-ID: the customer’s identification

-ID': the encrypted customer’s identification(by Hash function)

10

多媒體網路安全實驗室

-M: the secure message of customer’s identification and buying information

-M': the secure message of customer’s identification and buying price created by SC.

-C: the secure message of payment created by customers

-C': customers pay for the encrypted patent Bi

11

多媒體網路安全實驗室

-Bi: the information of customer’s buying

-B: the entire information database

-D: the digest of Bi

-Price: the price of customer’s buying Bi

-e-Cash: electronic cash based on blind signature

12

多媒體網路安全實驗室

A. Initialization Phase1. Customers previously skim over the digest and

price of buying information database B.

2. The customer produces a pair of keys (PKC,SKC) and SC produces a pair of keys (PKSC,SKSC).

B. Authentication and Purchase Phase1. The customer uses public key

2. The customer delivers encrypted M to SC.

3. SC receives M,and

13

)ESCPK CK (ID, D, PM

)),,((ED

)(D||||

SCSC

SC

PKSK

SK

Ci

Ci

PKBID

MPKBID

多媒體網路安全實驗室

4. SC verifies the customer’s ID from Database 1, collates the ID of all the membership and temporarily stores the qualified customers’ID.

5. SC computes Hash function operation

6. SC gets the buying information and price from Database 2. The qualified Bi and price will temporarily store in SC.

7. SC: to customer.

8. Customer:

14

)(Hash' IDID

)PrE 'PK

'

SCice, (IDM

))Pr,((ED

)(DPr||'

PKSK

'SK

'

CC

C

iceID

MiceID

多媒體網路安全實驗室

C. Payment Phase1. Customer: uses the public key PKSC of SC to

encrypt

2. The customer delivers C to SC

3. The SC receives and decrypts C

4. SC will check its validity and whether it is doublespending to the bank.If the eCASH is no problem,the payment phase is finished.

15

),CASHE 'PKSC CPK,e (IDC

)),CASH,((ED)(D||CASH|| 'PKSKSK

'

SCSCSC CC PKeIDCPKeID

多媒體網路安全實驗室

D. End Phase1. SC:

2. SC transfers C' to the customer and saves(ID', C', eCASH) of the customer in Database 3.

3. the customer obtains C’ and decrypts it .

4. Then the deal of buying information is over.

16

)E 'PK

'

SC i,B (IDC

)),((ED)'(D|| 'PKSKSK

'

CCC ii BIDCBID

多媒體網路安全實驗室 THE SECURITY ANALYSIS OF THE PROPOSED

SCHEMEA. The Analysis in the Authentication Phase

The information which transfers between SC and the customer is encrypted by the public-key cryptography.

Because the identity authentication process of the customer is processed in SC,it can protect the user privacy in the authentication phase.

SC gets all the ID from Database 1 and compare to the customer’s ID,Because all the ID of the legal customers are caught into SC(no one including the server knows which customer wants to buy information.)

17

多媒體網路安全實驗室

B. The Analysis in the Purchase PhaseSC gets all the information in B and the price to

compare with Bi and Price. Then, keep the match information in SCBecause all information is caught into SC, no one

including the server knows what the customer buys.

18

多媒體網路安全實驗室

C. The Analysis in the Payment Phase1. SC will check its validity and whether it is double-

spending to the bank.The bank can only confirm that the eCASH is approved by the bank or not.

2. For reaching the goal of non-repudiation in the deal

SC saves (ID', C', eCASH) into Database 3. the secret information C' is encrypted by PKC

So,everyone including the server does not know Bi.

19

多媒體網路安全實驗室

CONCLUSIONSThe proposed scheme solves the flaw in the

previous PIR schemes which did not consider the e-payment need.

To keep the privacy protection property of PIR schemes, we choose an e-cash scheme using a blind signature.

Let the customer choose a random number r as a blinding factor for protecting his privacy.

20

多媒體網路安全實驗室