This section includes a deeper explanation of certain aspects of the library.
Security Parameter for Prime Sizes:
The Queries on Encrypted Data algorithms compute over a composite order elliptic curve group. This composite order elliptic
curve group is generated in the setup algorithm, by randomly selecting two primes p and q, and then
generating an elliptic
curve group of order n=p*q.
We provide three choices for these prime sizes:
STANDARD
, corresponding to 512bit p and q.STRONG
, corresponding to 1024bit p and q.EXCELLENT
, corresponding to 2048bit p and q.
Message Key:
During the encrypt and query algorithms, a Message Key file is generated.
The msgkey_file can be deserialized* to a QED_MessageKey_t type. The QED_MessageKey_t contains an
element_t
key_elem
**. We hash this key_elem
and store the hash in an uint8_t *key_blob
, with
length size_t key_blob_len
. (The structure declaration can be found in key.h in the types directory of the QED
library.) This structure can be used by encrypt and query as described below, but is outside of the scope of this library:

Encrypt: The party that runs encryption can use either the
key_elem
itself or thekey_blob
as a secret to generate a key. This key can then be used to encrypt auxiliary data. 
Query: The party that runs the query algorithm may or may not generate a msgkey_file, depending on whether or not the
query was successful (by successful we mean that the query was satisfied or the answer to the query is yes). If the query was
not successful (the query was not satisfied or the answer to the query is no), then the msgkey_file will not be generated.
In the case that the query is successful, the party can deserialize the msgkey_file to a QED_MessageKey_t type. Then it can use the structureskey_elem
or thekey_blob
as a shared secret with the encryptor and generate a key (the algorithm for key generation should be known to both the encryptor and the party running query). This key can then be used to decrypt auxiliary data from the encryptor.
*See Import/Export in the QED Library Manual for information on how to deserialize the msgkey_file.
**
element_t
is a PBC type for elements on the elliptic curve group.
Bloom filters and Epsilon Values:
For subset queries, we needed to find a way to map of raw data (i.e. the strings "foo" or "bar") to a bit vector. We use Bloom filter hashing to do this. (For more information on Bloom filters, refer to this wikipedia page.)
When using the Bloom filter, there is a probabilty of a false positive, causing the query algorithm to wrongly return true when a string not in the subset is used in encrypt. The
prob
parameter in the hveformat_file for
subset (see setup) is the probability of this false positive.
We provide three choices for this probabilty parameter:
.1
corresponds to 0.1 probability of a false positive..01
corresponds to 0.01 probability of a false positive..001
corresponds to 0.001 probability of a false positive.