The document proposes two methods for reducing data decryption costs while preserving social information for web applications. The naive method encrypts access control lists but results in long key chains and high decryption costs. The proposed method uses broadcast encryption to encrypt authority information in one encryption and account assignment to reduce decryption candidates, lowering costs and improving precision. Simulation results show the proposed method maintains near-perfect precision independent of user numbers while requiring only one decryption.
Unraveling Multimodality with Large Language Models.pdf
Reducing Data Decryption Cost by Broadcast Encryption and Account Assignment for Web Applications
1. Reducing Data Decryption Cost
by Broadcast Encryption and Account Assignment
for Web Applications
Junpei Kawamoto, Qiang Ma, Masatoshi Yoshikawa
(Kyoto University, JAPAN)
2. Background
Web Applications etc.
facilitate data sharing and collaboration.
have become notable platforms for the innovative service and
CGMs.
User data are stored and managed by service providers.
Can we trust providers?
2 the Ninth International Conference on Web-Age Information Management 2008/7/22
3. Can we trust providers?
Of course No!
Data encryption keeps contents confidential.
Original data: e Encrypted data: Encke(e)
e common key encryption: ke Encke(e)
Encrypt user data in client site. Server
However data encryption is not enough.
Social information is leaked.
3 the Ninth International Conference on Web-Age Information Management 2008/7/22
4. Social information
For example: Access control list by plain text
Enck1(data1) Alice Bob
Enck1(data2) Alice
Enck1(data3) Bob Carol
Enck1(data4) Bob Carol
There are at least two groups:
{Alice, Bob} and {Bob, Carol}
Bob is a key person probably.
4 the Ninth International Conference on Web-Age Information Management 2008/7/22
5. Encryption of social information
We must hide social information.
How do we keep social information confidential?
We will introduce two methods.
1. Naïve method
has high decryption cost and low authority precision.
2. Our method
by Broadcast encryption and Account Assignment.
has low decryption cost and high authority precision.
5 the Ninth International Conference on Web-Age Information Management 2008/7/22
6. Naïve method
Alice stores a data1 and grants Bob access
She encrypts
the data1 by a common key k1
the k1 by her public key and Bob’s public key
Enck1(data1) EncAlice(k1) EncBob(k1)
Bob gets the above data.
He decrypts the key data for Bob.
He gets the common key k1
He can decrypt and get the data1 Server
6 the Ninth International Conference on Web-Age Information Management 2008/7/22
7. Naïve method
Authority information
Authority information is a list, which is the individually
encrypted ke with the public key of users who are permitted.
Encpub1(ke) Encpub2(ke) Encpub n(ke)
Only authorized user can decrypt ke
and thus get the original data e.
Encke(e) and the key chain are stored in the server.
7 the Ninth International Conference on Web-Age Information Management 2008/7/22
8. Problems
Key chains (as an authority information) are too long.
Encpub1(ke) Encpub2(ke) Encpub n(ke)
Neither user knows which data he/she can decrypt.
Therefore they must try to decrypt until successful.
If they do not have authority, they need to attempt to decrypt all data.
There are many decryption candidate data.
query ○
×
×
The result are many data to which
result
the user dose not access.
8 the Ninth International Conference on Web-Age Information Management 2008/7/22
9. Decryption cost and Authority precision
The decryption cost of u: cost(u)
cost(u) = # of data user u has to try decryption
Precision of access authority of u: r(u)
r(u) = Auth(u) / Check(u)
Auth(u) : # of data u has authority to
Check(u): # of data u must check permission for
9 the Ninth International Conference on Web-Age Information Management 2008/7/22
10. Cost and Precision of Naïve method
How much is their cost?
Service Provider
The cost of three users is 7.
Enck1(data1) EncAlice(k1) EncBob(k1)
Enck2(data2) EncAlice(k2) How much is their precision?
Enck3(data3) EncBob(k3) EncCarol(k3) r(Alice) = 2 / 4 = 0.5
Enck4(data4) EncBob(k4) EncCarol(k4) r(Bob) = 3 / 4 = 0.75
r(Carol) = 2 / 4 = 0.5
Alice Bob Carol
10 the Ninth International Conference on Web-Age Information Management 2008/7/22
11. Overview of our method
Service Provider 1) Authority information
by broad cast encryption
Account 1 Account 2
Enck1(data1) Enck3(data3)
Users have to decrypt only one
to use the data.
Enck2(data2) Enck4(data4)
2) Account assignment
•Authority information
is not leaked directly.
•Reducing the data possibly
Alice Bob Carol requires decryption.
Account List: A1 Account List: A1, A2 Account List: A2
11 the Ninth International Conference on Web-Age Information Management 2008/7/22
12. Pairing based broadcast encryption†
Alic’s public key: pubAlice
create Broadcast key: K
Bob’s public key: pubBob
The data encrypted by this key are decrypted
by each private key of Alice, Bob and Carol.
Carol’s public key: pubCarol
† D. Boneh et al, “Collusion resistant broadcast encryption with short cipher texts and private keys,”
Lecture Notes in Computer Science, 3621:258–275, November 2005.
12 the Ninth International Conference on Web-Age Information Management 2008/7/22
13. Pairing based broadcast encryption
Applying broadcast encryption
Encke(e) Encpub1(ke) Encpub n(ke)
Encke(e) EncK(ke)
Encrypted user data Encrypted authority information
This approach
keeps who has authority confidential.
keeps how many user have authority confidential.
needs only one decryption when user access a data.
13 the Ninth International Conference on Web-Age Information Management 2008/7/22
14. Account assignment
Authority information is not leaked directly.
Reducing decrypt candidate data.
Service Provider
Alice has to get and decrypt
Account 1 Account 2 data only in the account1.
Enck1(data1) Enck3(data3) Bob does not has authority
Enck2(data2) Enck4(data4) for data2.
Alice Bob Carol
Account List: A1 Account List: A1, A2 Account List: A2
14 the Ninth International Conference on Web-Age Information Management 2008/7/22
15. Account assignment
Increase of decryption candidate data.
When a account is added to account list.
the data included in the account is added to
decryption candidate data.
The increase of account a for group S is defined:
IncreaseS(a) = d×Δ
d : # of users whose account list includes a.
Δ: # of users is S whose account list dose not
include a.
When a new data is added,
the increase of each account is calculated.
the data is stored in the account with the lowest increase.
15 the Ninth International Conference on Web-Age Information Management 2008/7/22
16. Example of our method
Service Provider How much is their cost?
Cost(Alice) = 2
Account 1 Account 2 Cost(Bob) = 4
Enck1(data1) Enck3(data3) Cost(Carol) = 2
Enck2(data2) Enck4(data4) How much is their precision?
r(Alice) = 2 / 2 = 1
r(Bob) = 3 / 4 = 0.75
r(Carol) = 2 / 2 = 1
Alice Bob Carol
16 the Ninth International Conference on Web-Age Information Management 2008/7/22
17. Experiment
Simulation experiment
Using a model based on BA-model† to reflect the people's
relationship
Please refer to the paper for details.
† Albert-László et al, “Emergence of scaling in random networks,” Science, vol. 286, no. 5439, pp. 509-
512, October 1999.
17 the Ninth International Conference on Web-Age Information Management 2008/7/22
18. Experiment result
Number Number Naïve method Our method
of users of groups Key chain avg. Precision Key chain avg. Precision
100 112 19.0 0.190 1 0.982
1,000 1034 27.3 0.0273 1 0.988
10,000 10563 42.5 0.00425 1 0.988
Our method’s
key chain length keeps only one.
average of precision is higher than naïve method’s one.
average of precision is independent on the # of users.
18 the Ninth International Conference on Web-Age Information Management 2008/7/22
19. Experiment result
100 users 10,000 users
The precision for most users is high.
Most users can avoid useless decryptions.
19 the Ninth International Conference on Web-Age Information Management 2008/7/22
20. Summary and Applications
ACLs are encrypted for social information preservation.
To reduce decryption cost, we introduced
1. Authority information by broad cast encryption
2. Reducing decryption candidate data by account assignment
Our method
dose not demand any function on the part of servers.
can be applied to usual DBMS.
requires re-encryption when authority is reset.
is effective to the applications to which authority is not updated
often. (e.g. social calendar etc.)
20 the Ninth International Conference on Web-Age Information Management 2008/7/22