This section includes a deeper explanation of certain aspects of the library.
Security Parameter for Prime Sizes:
The Queries on Encrypted Data algorithms compute over a composite order elliptic curve group. This composite order elliptic
curve group is generated in the setup algorithm, by randomly selecting two primes p and q, and then
generating an elliptic
curve group of order n=p*q.
We provide three choices for these prime sizes:
STANDARD, corresponding to 512-bit p and q.STRONG, corresponding to 1024-bit p and q.EXCELLENT, corresponding to 2048-bit p and q.
Message Key:
During the encrypt and query algorithms, a QED_MessageKey_t is generated.
The QED_MessageKey_t contains an
element_t key_elem (element_t is a PBC type for elements on the
elliptic curve group). We hash this key_elem and store the hash in an uint8_t *key_blob, with
length size_t key_blob_len. (The structure declaration can be found in key.h in the types directory of the QED
library.) This structure can be used by encrypt and query as described below, but is outside of the scope of this library:
-
Encrypt: The party that runs encryption can use either the
key_elemitself or thekey_blobas a secret to generate a key. This key can then be used to encrypt auxiliary data. -
Query: The party that runs the query algorithm may or may not generate a QED_MessageKey_t, depending on whether or not the
query was successful (by successful we mean that the query was satisfied or the answer to the query is yes). If the query was
not successful (the query was not satisfied or the answer to the query is no), then the QED_MessageKey_t will be null.
In the case that the query is successful, the party can use thekey_elemor thekey_blobas a shared secret with the encryptor and generate a key (the algorithm for key generation should be known to both the encryptor and the party running query). This key can then be used to decrypt auxiliary data from the encryptor.
Bloom filters and Epsilon Values:
For subset queries, we needed to find a way to map of raw data (i.e. the strings "foo" or "bar") to a bit vector. We use Bloom filter hashing to do this. (For more information on Bloom filters, refer to this wikipedia page.)
When using the Bloom filter, there is a probabilty of a false positive, causing the query algorithm to wrongly return true when a string not in the subset is used in encrypt. The
prob parameter in HVE_FORMAT_T for subset (see setup) is the probability of this false positive.
We provide three choices for this probabilty parameter:
EPS_PT1corresponds to 0.1 probability of a false positive.EPS_PT01corresponds to 0.01 probability of a false positive.EPS_PT001corresponds to 0.001 probability of a false positive.