This section includes a deeper explanation of certain aspects of the library.
Security Parameter for Prime Sizes:
The Queries on Encrypted Data algorithms compute over a composite order elliptic curve group. This composite order elliptic curve group is generated in the setup algorithm, by randomly selecting two primes p and q, and then generating an elliptic curve group of order n=p*q.
We provide three choices for these prime sizes:
STANDARD, corresponding to 512-bit p and q.
STRONG, corresponding to 1024-bit p and q.
EXCELLENT, corresponding to 2048-bit p and q.
During the encrypt and query algorithms, a Message Key file is generated.
The msgkey_file can be deserialized* to a QED_MessageKey_t type. The QED_MessageKey_t contains an
element_t key_elem**. We hash this
key_elemand store the hash in an
uint8_t *key_blob, with length
size_t key_blob_len. (The structure declaration can be found in key.h in the types directory of the QED library.) This structure can be used by encrypt and query as described below, but is outside of the scope of this library:
Encrypt: The party that runs encryption can use either the
key_elemitself or the
key_blobas a secret to generate a key. This key can then be used to encrypt auxiliary data.
Query: The party that runs the query algorithm may or may not generate a msgkey_file, depending on whether or not the
query was successful (by successful we mean that the query was satisfied or the answer to the query is yes). If the query was
not successful (the query was not satisfied or the answer to the query is no), then the msgkey_file will not be generated.
In the case that the query is successful, the party can deserialize the msgkey_file to a QED_MessageKey_t type. Then it can use the structures
key_blobas a shared secret with the encryptor and generate a key (the algorithm for key generation should be known to both the encryptor and the party running query). This key can then be used to decrypt auxiliary data from the encryptor.
*See Import/Export in the QED Library Manual for information on how to deserialize the msgkey_file.
element_tis a PBC type for elements on the elliptic curve group.
Bloom filters and Epsilon Values:
For subset queries, we needed to find a way to map of raw data (i.e. the strings "foo" or "bar") to a bit vector. We use Bloom filter hashing to do this. (For more information on Bloom filters, refer to this wikipedia page.)
When using the Bloom filter, there is a probabilty of a false positive, causing the query algorithm to wrongly return true when a string not in the subset is used in encrypt. The
probparameter in the hveformat_file for subset (see setup) is the probability of this false positive.
We provide three choices for this probabilty parameter:
.1corresponds to 0.1 probability of a false positive.
.01corresponds to 0.01 probability of a false positive.
.001corresponds to 0.001 probability of a false positive.