a secure ciphertext retrieval scheme against insider kgas

Research ArticleA Secure Ciphertext Retrieval Scheme against Insider KGAs forMobile Devices in Cloud Storage

Run Xie1 Chanlian He2 Dongqing Xie3 Chongzhi Gao 3 and Xiaojun Zhang4

1School of Mathematics Yibin University Yibin China2School of Computer and Information Engineering Yibin University Yibin China3School of Computer Science Guangzhou University Guangzhou China4School of Computer Science Southwest Petroleum University Chengdu China

Correspondence should be addressed to Chongzhi Gao czgaogzhueducn

Received 13 February 2018 Revised 24 April 2018 Accepted 10 May 2018 Published 6 June 2018

Academic Editor Ilsun You

Copyright copy 2018 Run Xie et al This is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

With the advent of cloud computing data privacy has become one of critical security issues and attracted much attention as moreandmoremobile devices are relying on the services in cloud To protect data privacy users usually encrypt their sensitive data beforeuploading to cloud servers which renders the data utilization to be difficultThe ciphertext retrieval is able to realize utilization overencrypted data and searchable public key encryption is an effective way in the construction of encrypted data retrieval Howeverthe previous related works have not paid much attention to the design of ciphertext retrieval schemes that are secure against insidekeyword-guessing attacks (KGAs) In this paper we first construct a new architecture to resist inside KGAsMoreover we present anefficient ciphertext retrieval instance with a designated tester (dCRKS) based on the architecture This instance is secure under theinside KGAs Finally security analysis and efficiency comparison show that the proposal is effective for the retrieval of encrypteddata in cloud computing

1 Introduction

With the development and deployment of cloud computingmore and more mobile devices are connected to the cloudand receiving services provided by the cloud servers Cloudstorage service is one of the most critical applications ofcloud computing which offers great convenience to usersincluding the storage of data and sharing of data [1] Howeverthe cloud service providers are usually cannot be completelytrusted because they are managed and controlled by a thirdparty such as Google or AmazonThus the users have to takethe risk that the cloud serversmay find and leak their sensitiveinformation

To tackle the challenge of security in cloud storage a lotof research has been performed to address the security andprivacy issues in cloud computing such as the cloud dataaccess control [2ndash4] cloud data outsourcing computation [5ndash8] and privacy in data processing [9ndash13]

To protect data privacy data are usually encrypted beforethey are uploaded to the cloud server Nevertheless this way

generates the new obstacles that the cloud server is not able tocarry out data retrieval over ciphertext data [14] When userswould like to access the part of encrypted data they have toget entire data back or share the keys with the cloud serverAs a result users have to pay more for the bandwidth or giveup their data privacy

To overcome this obstacle the concept of searchableencryption [15] was first proposed by Song et al at 2000Meanwhile based on symmetric encryption they proposedthe keyword search scheme based on symmetric encryp-tion namely Searchable Symmetric Encryption (abbrevia-tion SSE)The searchable encryption permits users to retrievea particular keyword over encrypted data by sending atrapdoor to the cloud server However the SSE involvesdetailed secret key management

To overcome weakness and improve security a newsearchable encryption primitive was presented by Boneh andBoyen which is called Public key Encryption with KeywordSearch (PEKS in short) [16] In their solution with publicinformation the sender can encrypt the keyword associated

HindawiSecurity and Communication NetworksVolume 2018 Article ID 7254305 7 pageshttpsdoiorg10115520187254305

2 Security and Communication Networks

with encrypted data and store its ciphertext to cloud serverTo achieve keyword retrieval over the encrypted data thereceiver creates a trapdoor corresponding to the keywordthen he delivers the trapdoor to server By the testingprocedure the server can find the ciphertext of keywordassociated with the trapdoor Then it sends correspondingdata to receiver Yet there is the requirement of securechannel in their PEKS [16] Usually it is difficult to fulfillthis requirement This weakness limits the applications oftheir scheme Following Bonehrsquos PEKS Baek et al presenteda new PEKS solution which is called Secure Channel FreePublic Key Encryption with Keyword Search [17] (denotedas SCF-PEKS) However Baekrsquos scheme was proved to beinsecure by Yau et al [18] with the following reasons Whenthe outside adversary acquires a trapdoor in channel hecan launch keyword-guessing attacks This attack is calledoutside KGAs So far many of existing solutions concentrateon building up the security to resist outside KGAs [19ndash23] Only a few schemes [24ndash28] are secure against this at-tacks

Additionally the most difficult issue is to resist keyword-guessing attacks launched by the cloud server namely insideKGAs The inside KGAs are that the test server launchedkeyword-guessing attacks Actually such kind of attack alsohas been considered in deduplication system [30] and othersecurity protocols [3 31ndash33] Specifically themalicious servercan create their ciphertext since the production of a PEKSciphertext of keyword involves only public parameters Giventhe trapdoor the malicious cloud server can perform the testprocedure with the guessing keywordTherefore the server isable to know if the guessing keywordmatches given trapdoorRepeating guessing-then-testing process the server can findthe correct keyword Because of the weakness of the smallsize of keyword space this attack is available Based on dual-server Chen et al [34] presented a new PEKS scheme whichis considered to be secure against insider KGAs However intheir solution the front server can test whether the ciphertextof keyword relates to given trapdoor Hence under theoriginal framework of [16] designing a secure scheme againstinside KGAs is out of the question

Recently a new scheme [29] has been proposed by Jianget al based on slightly different architecture With the aidof TTP (trusted third party) their solution can resist insideKGAs In [29] TTP delivers its secret key to the sender froma safe channel With his own secret key the sender producesthe legal ciphertext of keywords Without the senderrsquos secretkey the server is not able to generate a correct ciphertext ofkeyword as inputs of the test procedure Hence the server isnot able to launch inside KGAs

11 Our Contributions In this paper we present a newciphertext retrieval system with a designated tester (dCRKS)based on the new security model Compared with someanalogous works such as the cloud data retrieval schemes[35ndash37] the advantages of this system can be summarized asfollows

Firstly we build security model of ciphertext retrievalsystem Here the server will not be considered as specialattacker So this model is more simple

Second we design an instance of dCRKS This dCRKSinstance can resist inside KGAs In the instance the servercan not produce a correct ciphertext of keywords without thesecret key of sender Meanwhile the server can not generatea valid trapdoor without the secret key of receiver Thereforethe malicious server is not able to launch inside KGAs Mostof the existing literatures (as [25 28]) can not resist insideKGAs Although the [29] is secure against inside KGAs theTTP (trusted third party) is required in their scheme

Thirdly in this dCRKS instance only a specified serveris able to test whether given trapdoor relates to a dCRKSciphertext So the proposal is stronger than [29]

Last the analysis proves that the generation method oftrapdoor and the testing algorithm are more effective thanthose of [29]

2 Preliminaries

Here we will build the framework of dCRKS and its securitymodel Next we introduce the hard assumptions which areused to prove the security of the instance of dCRKS system Insecuritymodel letF be an adversaryThe challenger denotedby G The dCRKS ciphertexts refer to the list of encryptedkeywords

21 Framework of dCRKS and Security Model

211 Framework of dCRKS The dCRKS system is a cipher-text retrieval approach In this system only the specifiedserver can carry out the testing procedure with the correctdCRKS ciphertext The framework of dCRKS consists of thefour algorithms They are defined as follows

Setup Here 119899 is the essential parameter Let PP be the setpublic parameter Inputting 119899 this algorithm outputsPP

KeyGen (PP) When the PP are imported this algorithmoutputs (119875119889 119870119889) (119875119903 119870119903) and (119875119904 119870119904) The 119875119889 (or 119870119889) is thesenderrsquos public (or private) key Similarly the receiverrsquos public(private) is the 119875119903 (119870119903) The serverrsquos public (private) is the 119875119904(119870119904)

EndCRKS (PP 119870119889 119875119889 119875119903) Let 119908 be a keyword Taking 119875119889119870119889 119875119903 119908 and the public parameter PP as input thisEndCRKS produces 119862119908 corresponding to 119908 where 119862119908 isdCRKS ciphertext

dTrapdoor (119875119889 119870119903 119875119904PP) When the keywords 1199081015840 119870119903 119875119904and PP are imported this algorithm produces a trapdoor1198791199081015840 corresponding to 1199081015840

dTest (119870119904 119862119908 1198791199081015840 PP) In this algorithm the server takesa trapdoor 1198791199081015840 PP a dCRKS ciphertext 119862119908 and its privatekey119870119904 as input If119908

1015840 = 119908 it replies ldquoyesrdquo otherwise it repliesldquonordquo

212 Security Model Here we construct the security archi-tecture of the dCRKS The security of dCRKS ciphertext andtrapdoor are defined by this architecture The security ofdCRKS is based on the two games

Security and Communication Networks 3

In game 1 the adversary can be a malicious server ora malicious receiver or other attackers So the adversarycan know the serverrsquos secret key or the receiverrsquos secret keyThe only limitation is that the adversary can not query thetrapdoors corresponding to the challenge keywords 1199080 1199081The dCRKS ciphertext is secureThat means the adversaryFis unable to differentiate between the dCRKS ciphertext of1199081and the dCRKS ciphertext of keyword 1199080 when the couplingtrapdoor has not be obtained

In game 2 the adversary can be a malicious server or amalicious sender or other attackers Clearly he can obtain theserverrsquos secret key or the receiverrsquos secret key The securityof trapdoor requires that the F is unable to differentiatebetween a trapdoor of 1199081 and a trapdoor of 1199080 when thecoupling trapdoor has not be obtained where 1199080 and 1199081 arethe challenge keywords

The game 1 is described as follows

Game 1 In this game the F can enquire for private key andtrapdoor Yet F is not permitted to enquire the couplingtrapdoors of the challenge keywords 1199080 1199081 where both1199080 and 1199081 are his choice It requires that F differentiatesbetween the dCRKS ciphertext of keyword1199081 and the dCRKSciphertext of 1199080 If the F can not win this game withnonnegligible probability the dCRKS scheme is secure toresist the chosen keyword attacks

Init In this phaseF issues 119875119889 as the challenge public key 119875119889

Setup Running the setup procedure G generates the publicparameters PP and gives the public parameters PP toadversaryF

Phase 1 F performs repeatedly inquiries The restriction isthat the number of enquiries is no more than polynomiallybounded

Pk-Query (Private Key Query) For 119889119894 = 119889lowastF sends 119875119889119894 toGthenG repliesF with 119870119889119894

T-Query (Trapdoor Query)F issues 119875119903119894 and 119908119894 to G G runsthe trapdoor procedure and replies the trapdoor 119879119908119894 for 119875119903119894 119908119894 toF

Challenge F chooses the pair keywords (1199080 1199081) and 119875119889lowast asthe challenge keywords for 119875119889lowast The restriction is that the pri-vate key corresponding to119875119889lowast or the trapdoors correspondingto 1199080 and 1199081 have not been enquired by F G generatesthe challenge ciphertext 119862lowast119908119887 and replies 119862lowast119908119887 to F where119887 isin 0 1 is a random bit

Phase 2 In this phaseF can still enquire the secret keys (119889 =119889lowast) and the trapdoors (119889 = 119889lowast) or the trapdoor for 119889 = 119889lowast

with 119908119894 = 1199080 1199081G replies as Phase 1

Outputs In the end F guesses 119887 isin 0 1 When 1198871015840 = 119887 itmeans thatF wins this game

Game 2 HereF can enquire for dCRKS ciphertext and secretkey Yet F is not allowed to enquire the dCRKS ciphertexts

corresponding to the challenge keywords 1199080 and 1199081 whereboth1199080 and1199081 are his choice It requires thatF differentiatesbetween the trapdoor of keyword 1199081 and the trapdoor of 1199080If theF can not win this game with nonnegligible advantageprobability the dCRKS system can resist the chosen keywordattacks

InitF issues the challenge public key 119875119903

Setup Running setup procedure the G produces publicparametersPP and delivers the parametersPP toF

Phase 1 F performs repeatedly inquiries The restriction isthat the number of inquiries is no more than polynomiallybounded

Pk-Query F sends 119875119903119894 to G 119903119894 = 119903lowast and G responds 119870119903119894 toF with 119903119894

dc-Query (dCRKS Ciphertext Query) F sends 119875119889119894 and 119908119894 toG Running the EndCRKSprocedureG replies the ciphertext119862119908119894 for 119875119889119894 119908119894 toF

ChallengeF chooses a pair keywords 1199080 1199081 and 119875119903lowast as thechallenge keywords for 119875119903lowast The restriction is that the secretkey for 119875119903lowast or the dCRKS ciphertext of 1199080 1199081 for 119875119903lowast has notbeen inquired by F G generates 119879lowast119908119887 as challenge trapdoorand replies 119879lowast119908119887 toF where 119887 isin 0 1 is a random bit

Phase 2 In this phase F can still enquire the dCRKSciphertexts and the secret key for 119903 = 119903lowast or the dCRKSciphertexts for 119903 = 119903lowast and 119908119894 = 1199080 1199081 G replies as the firstphase


22 Complexity Assumptions221 Bilinear Map Let 119866 and 119866119879 be multiplicative cyclicgroups with the order 119901 (prime) Let 119890 119866 times 119866 rarr 119866119879 be abilinear map 119890 has the following properties

(1) 1198921 1198922 isin 119866 exist such that 119890(1198921 1198922) is not equal to 1119866119879 (2) For all 120578 120587 isin 119866 and 119886 119905 isin 119885 the 119890(120578119886 120587119905) = 119890(120578 120587)119886119905

is true(3) For all 120578 120587 isin 119866 the 119890(120578 120587) can be calculated in

polynomial time

222 Complexity Assumptions According to [38] the Com-putational Diffie-Hellman (CDH) problem is considered tobe hard on 119866 and 119866119879 Meanwhile we know that the DecisionDiffie-Hellman (DDH) problem [39] is hard on 119866119879

In additional to prove the security of dCRKS system weneed to introduce a new hard problem on 119866 and 119866119879 namelythe Strong Decisional Diffie-Hellman assumption (in shortSDDH) The SDDH problem is defined as follows

The SDDH problem in (119866119866119879) is as followsGiven L1015840 = (119892 ℎ 119892119886 ℎ119888 119890(119892 ℎ)1119886 119890(119892 119892)119905 119890(119892 ℎ)119902) as

input output ldquoyesrdquo if 119902 = 119888119905119886 and ldquonordquo otherwise where 119886119888 119905 119902 isin 119885lowast119901


As is known 119892119905 is not able to infer from 119890(119892 119892)119905 becausethe 119890 is considered to be one-way functions Moreover119890(119892 ℎ)119888119905119886 can not be calculated from 119892119886 ℎ and ℎ119888 Infact even the DDH problem is easy the SDDH problem isseemingly still intractable

Additionally the DLP (discrete logarithm problem) isassumed to hold over 119866 and 119866119879

3 dCRKS against Insider Attacks

31 The Instance of dCRKS Now we will describe theinstance of dCRKS Here the 119866 and 119866119879 are given groups asthe previous definition Let 119867 0 1lowast rarr 119885lowast119901 be the hashfunction which is considered as random oracle in securitymodel

Setup Let 119890 be a bilinear map on 119866 Let 119901 be the order of 119866and119866119879 where both119866 and119866119879 are multiplicative cyclic groupThis procedure produces PP = (119892 119866119879 119866 119901119867 119890 ℎ) wherePP is the set of public parameters The generator of 119866 is 119892

KeyGen (PP) Takes as input 119909 119910 119911 119892 and ℎ where 119909 119910119911 isin 119885lowast119901 This procedure generates key as the following way

119870119889 = 119911 and 119875119889 = ℎ119911 where 119870119889 and 119875119889 are the senderrsquosprivate key and public key respectively

119870119903 = 119909 and 119875119903 = (1198751199031 1198751199032) = (119890(119892 ℎ)1119909 119892119909) where 119870119903 =119909 and 119875119903 are the receiverrsquos private key and public key

119870119904 = 119910 and 119875119904 = 119892119910 where 119870119904 = 119910 and 119875119904 = 119892119910 are theserverrsquos private key and public key

EndCRKS (119875119889 119870119889 119875119903 119908) The sender takes a keyword 119908 119875119903119875119889 119870119889 PP and a random 119906 isin 119885lowast119901 as input This procedureproduces 119862 = (1198621 1198622 1198623) as the dCRKS ciphertext of 119908output 1198621 1198622 and 1198623 are calculated as follows

1198623 = 119890(119892 119892)119906

1198622 = (1198751199032)119906 sdot 119892minus119906119867(119908) = 119892(119909minus119867(119908))119906

1198621 = (1198751199031)119911119906 = 119890(119892 ℎ)119911119906119909

dTrapdoor (119875119889 119870119903 119875119904 1199081015840) The receiver takes a keyword 1199081015840

119903 isin 119885lowast119901 119875119889119870119903 and 119875119904 as inputsThis procedure produces 119879 =

(1198791 1198792) as the trapdoor of1199081015840 output 1198791 and 1198792 are calculated

as follows

1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))

dTest Receiving a trapdoor119879 the server runs dTest algorithmover the dCRKS ciphertexts with his private key 119910 Let 119862 bea dCRKS ciphertext The retrieving operation is executed bychecking

119890 (1198622 1198792) 11986211991011987913 = 1198621 (1)

If the above equation is true the algorithm returns 1otherwise it returns 0

32 Correctness of dCRKS Now we show that the aboveinstance is correct Let 119862 be a dCRKS ciphertext whichmatches the trapdoor 119879 By the following equations we canverify the correctness of dTest

1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))

119879 = (1198791 1198792)1198622 = 1198751199061199032 sdot 119892

minus119906119867(119908)

119890(1198622 1198792) = 119890(119892(119909minus119867(119908))119906 (ℎ119911119909119892minus119910119903)1(119909minus119867(1199081015840)))

When 1199081015840 = 119908 we can obtain the equations

119890(1198622 1198792) = 119890(119892119906 ℎ119911119909119892minus119910119903) = 119890(119892119906 ℎ119911119909)119890(119892119906 119892minus119910119903)

As a result the correctness of dTest is verified as follows

1198621 = 119890(119892 ℎ)119911119906119909 = 119890(1198622 1198792)11986211991011987913

33 Security of dCRKS

331 Security of dCRKS Ciphertext In this section wedemonstrate that the ciphertexts of keywords are secureunder the chosen keyword attack in the instance

Theorem 1 Suppose the SDDH problem is hard the dCRKSinstance can achieve dCRKS ciphertext indistinguishability

Proof Let F be polynomial-time adversary If F can breakthe dCRKS instance with nonnegligible advantage proba-bility we construct an algorithm G as the challenger whocan solve the SDDH problem with nonnegligible advantageprobability

Init The F issues the challenge public key 119875119889lowast = ℎ119911lowast

and akeyword set 119908119894

Setup Let L = (119892 ℎ 119892119886 ℎ119888 119890(119892 ℎ)1119886 119890(119892 119892)119905 119890(119892 ℎ)119902) be aSDDH instance G is given L and (119866 119866119879 119890(sdot)) The setupprocedure produces parameters PP then G sends PP toF

Phase 1 F can carry out multiple queries The restriction isthat the number of enquiries is no more than polynomiallybounded

Pk-Query To inquire 119889119894rsquos private keyF transmits 119875119889119894 toG If119889119894 = 119889lowastG returns 119911119894 = 119870119889119894 toF

T-Query To inquire the trapdoor of119908119894F issues119908119894 and 119875119903119894 =

(119890(119892 ℎ)1119909 119892119909) to G G responds the trapdoor 119879119908119894 for 119875119903119894 119908119894by calling the trapdoor oracle

Challenge Let 119889lowast be the senderrsquos identity F selects 1199080 1199081and 119875119889lowast as challenge The restriction is that the secret key for119875119889lowast or the trapdoor for11990801199081 for 119875119889lowast have not been inquiredbyFG replies the challenge ciphertext119862lowast119908119887 toF where119862lowast119908119887is a tuple (1198621 1198622 1198623) and 1198623 = 119890(119892 119892)119905 1198622 = 119892119886119905

1015840

119892minus1199051015840119867(119908119887)

and 1198621 = 119890(119892 ℎ)119902


Phase 2 F can still enquire the trapdoor and the secret keyfor 119889 = 119889lowast or the trapdoor for 119889 = 119889lowast and 119908119894 = 1199080 1199081 Greplies as the front phase

Outputs In the endF outputs 1198871015840 isin 0 1

Analysis Because the actual dCRKS ciphertext 119862119908119887 is 1198621 =

119890(119892 ℎ)119911119906119909 1198622 = 119892119909minus119867(119908119887)119906 and 1198623 = 119890(119892 119892)119906 thedistribution of challenge ciphertext 119862lowast119908119887 is identical to that inthe actual system In fact for the uniformly random 1199051015840 119905 isin

119885lowast119901 F needs to differentiate between the tuple (1198921199051015840(minus119867(119908119887)+119886)

119890(119892 119892)119905) and the tuple (119892119905(minus119867(119908119887)+119886) 119890(119892 119892)119905) If 119902 = 119888119905119886 thesimulation is perfect 120576 denotes nonnegligible probability Asa result ifF has advantage probability 12 + 120576 to determinethe bits 119887 correctly then the G can solve the SDDH problemwith identical advantage probability 120576

This completes the proof of dCRKS ciphertexts indistin-guishability

332 Security of Trapdoor Now we show that the trapdooris secure under the chosen keyword attack

Theorem 2 The dCRKS instance can achieve the trapdoorindistinguishability to resist the chosen keyword attack underrandom oracle model in game 2

Proof In this section we show that the polynomial-timealgorithmF is able to differentiate between the ciphertext ofkeyword 1199080 and the ciphertext of keyword 1199081 if and only ifhe can distinguish two uniform distributions on 119866

Init F issues 119875119903lowast = (119892119909lowast

119890(119892 ℎ)1119909lowast

) as the challenge publickey

Setup Running the setup procedure G gives the publicparameters toF

Phase 1 F implements multiple queries without exceedingpolynomial bounded

Pk-Query To inquire 119903119894rsquos private key F sends 119875119903119894 =

(119890(119892 ℎ)1119909119894) toG 119903119894 = 119903lowast ThenG returns 119870119903119894 = 119909119894

dc-Query F issues 119875119889119894 and 119908119894 to G Running EndCRKSoracleG returns 119862119908119894 for 119875119889119894 119908119894 toF

Challenge F chooses keywords 1199080 1199081 and 119875119903lowast as hischallenge The restriction is that the ciphertext for 1199080 1199081 for119875119903lowast or the private key for 119875119903lowast has not be enquired by F Gpicks two random 1199031015840 1199111015840 and computes the challenge trapdoor119879lowast119908119887 where 119879lowast1199081015840

119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840

) Then G replies the challengetrapdoor 119879lowast1199081015840

119887

toF

Phase 2F can still enquire the ciphertext and the secret keyfor 119903 = 119903lowast or the ciphertext for 119903 = 119903lowast and 119908119894 = 1199080 1199081 Greplies as first phase

OutputsF outputs 1198871015840 isin 0 1

Analysis By enquiring F can obtain 119892119909lowast

119890(119892 ℎ)1119909lowast

and 119879lowast1199081015840

119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840

) In scheme 119879lowast119908119887 = (119903

(ℎ119911119909lowast

119892minus119910119903)1(119909lowastminus119867(119908119887))) where 119903 is uniform random value

Thus the distribution of (ℎ119911119909lowast

119892minus119910119903)1(119909lowastminus119867(119908119887)) is a uniform

distribution on 119866 Meanwhile the 119879lowast1199081015840119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840

) isuniformdistribution on119866with taking uniform random 1199031015840 1199111015840As a result the simulation is perfect namely the distributionof 119879lowast1199081015840

119887

is identical to that in the actual systemMoreover as game 2 F can not know 119911 and 119909lowast Even if

F can calculate the following value

119890(119892(119909lowastminus119867(119908119887)) 119879lowast119908119887) =

119890(119892 ℎ)(119911119909lowastminus119910119903)((119909lowastminus119867(119908

1198871015840 ))(119909

lowastminus119867(119908119887)))

F cannot distinguish


1198871015840 ))(119909

lowastminus119867(119908119887))) (where 1198871015840 = 119887)

from 119890(119892 ℎ)119911119909lowast

sdot 119890(119892 ℎ)minus119910119903 (where 1198871015840 = 119887)Therefore F can guess 1198871015840 = 119887 with nonnegligi-

ble advantage probability then G can distinguish between(ℎ119911119909

lowast

119892minus119910119903)1(119909lowastminus119867(119908119887)) and uniformly distribution on 119866 with

identical advantage probability

333 Analysis of against Inside KGAs In this section weshow that the dCRKS instance is secure against inside KGAsas follows

First given the trapdoor 119879119889119908 the server can generate thelegal ciphertext 119862 corresponding to 119879119889119908 if and only if it canobtain the specified senders private key Maybe the servercan select 1199111015840 and calculate ℎ119911

1015840

to produce ciphertext 119862 =(11986210158401 119862

10158402 11986210158403) corresponding to 1199081015840 where

119890(119892 ℎ1199111015840

)119906119909 = (1198751199031)1199111015840119906 = 11986210158401

119892(119909minus119867(1199081015840))119906 = (1198751199032)

119906 sdot 119892minus119906119867(1199081015840) = 11986210158402

119890(119892 119892)119906 = 11986210158403

Let 119879119889119908 = (1198791 1198792) then


Based on the dTest the 119890(1198622 1198792)11986211991011987913 = 1198621 is true if and

only if 119908 = 1199081015840 and 1199111015840 = 119911 where 119911 and 119908 correspond to 119879119889119908However given the trapdoor 119879119889119908 the probability of selecting1199111015840 isin 119885lowast119901 such that 119911

1015840 = 119911 is negligible even1199081015840 = 119908Thereforethe malicious cloud server is not able to launch keyword-guessing attacks by computing the dCRKS ciphertext of allpossible keywords

Second given the ciphertext 119862119908 = (1198621 1198622 1198623) the cloudserver can not produce a legal trapdoor 119879119908 correspondingto 119862119908 Although the server may select a 1199091015840 119875119889 and 1199081015840 togenerate the trapdoor the probability of selecting 1199091015840 isin 119885lowast119901such that 1199091015840 = 119909 is negligible where 119909 is the receiverrsquos privatekey associated with the 119862119908 Based on the same analysis weknow that the malicious cloud server is not able to launch


Table 1 A comparison of various schemes

Schemes Inside KGAs Outside KGAs ZC ZT TrC TeC CiC[28] NO YES 119897119866 + 119897119867 2119897119866 2119864119905 119875119905 + 2119864119905 119875119905 + 2119864119905[17] NO NO 119897119866 + 119897119867 119897119866 119864119905 119875119905 + 119864119905 119875119905 + 119864119905[29] YES YES 2119897119866 2119897119866 + 2119897119901 2119864119905 119875119905 + 2119864119905 2119864119905[25] NO YES 3119897119866 + 2119897119866119879 119897119904 119897119866 + 119897119901 119864119905 4119875119905 + 3119864119905 + 119905V[27] NO YES 2119897119866 + 119897119866119879 2119897119866119879 119864119905 3119875119905 + 119864119905 119875119905 + 4119864119905Ours YES YES 119897119866 + 2119897119866119879 119897119866 + 119897119901 119864119905 119875119905 + 119864119905 3119864119905

keyword-guessing attacks by creating the trapdoor of allpossible keywords

Lastly taking 119892119909 119867(119908) and 119890(119892 ℎ)1119909 the servermay build the following equation 119890(119892(119909minus119867(119908119887)) 119879119908119887) =

119890(119892 ℎ)(119911119909)((119909minus119867(1199081198871015840 ))(119909minus119867(119908119887))) sdot 119890(119892 ℎ)minus119910119903((119909minus119867(1199081198871015840 ))(119909minus119867(119908119887)))

However this equation can not help to find correcttrapdoor or launch KGAs since 119879119908119887 contains a randomnumber Summarize these reasons the proposal is secureunder the inside KGAs

4 Performance Analysis

Now we demonstrate efficiency of the proposal by analyzingits security and calculation costWith the analysis inTable 1 itshows that only [29] and our scheme are secure to resist insideKGAs Furthermore the TTP is removed in our scheme

To compare performance let119864119905 and119875119905 be the exponentialoperation and the pairing operation over a bilinear grouprespectively The size of 119885119901rsquos element is denoted by 119897119901Similarly the character 119897119866 and 119897119866119879 denote the size of 119866rsquoselement and the size of 119866119879rsquos element respectively The sizeof hash value denotes 119897119867 For brevity the calculation costof creating trapdoor and keyword ciphertext denote TrCand CiC respectively The character ZC denotes the size ofkeyword ciphertext The ZT denotes the size of trapdoor

From Table 1 it shows that one 119864119905 is required to createtrapdoor in our scheme Compared with [29] our solutionis more efficient to create trapdoor Meanwhile the perfor-mance overhead of testing is one 119864119905 and one 119875119905 In [29] itrequires two 119864119905 and one 119875119905

Lastly the test procedure can only be run by a specifiedserver This improves the security of the system

5 Conclusion

With the wide application of cloud computing data privacyhas become one of critical security issues for mobile usersThe ciphertext retrieval is one of the most useful approachesto achieve data privacy for cloud storage In this paper wefirst proposed a new architecture and security model toresist inside KGAs which is a strong attack on the keywordsearch scheme We also proposed an instance of the dCRKSsystem Under the security model proposed in our paper thisnew scheme has been proven secure to resist inside KGAsSecurity analysis and efficiency comparison show that ourscheme is effective for the retrieval of encrypted data in cloudcomputing

Data Availability

No data were used to support this study

Conflicts of Interest

The authors declare that there are no conflicts of interestregarding the publication of this paper

Acknowledgments

Thiswork is supported by ScientificResearch Fundof SichuanProvincial Education Department (no 18ZA0546) andGuangzhou Scholars Project for Universities of Guangzhou

References

[1] J Shen Z Gui S Ji J Shen H Tan and Y Tang ldquoCloud-aided lightweight certificateless authentication protocol withanonymity for wireless body area networksrdquo Journal of Networkand Computer Applications vol 106 pp 117ndash123 2018

[2] J Xu LWei Y Zhang AWang F Zhou andCGao ldquoDynamicFully Homomorphic encryption-based Merkle Tree forlightweight streaming authenticated data structuresrdquo Journal ofNetwork and Computer Applications vol 107 pp 113ndash124 2018

[3] H Wang Z Zheng L Wu and P Li ldquoNew directly revocableattribute-based encryption scheme and its application in cloudstorage environmentrdquo Cluster Computing vol 20 no 3 pp2385ndash2392 2017

[4] J Cai YWang Y Liu J-Z LuoWWei and X Xu ldquoEnhancingnetwork capacity by weakening community structure in scale-free networkrdquo Future Generation Computer Systems 2017

[5] X Chen J Li J Weng J Ma andW Lou ldquoVerifiable computa-tion over large database with incremental updatesrdquo Institute ofElectrical and Electronics Engineers Transactions on Computersvol 65 no 10 pp 3184ndash3195 2016

[6] X Chen J Li X Huang J Ma and W Lou ldquoNew PubliclyVerifiable Databases with Efficient Updatesrdquo IEEE Transactionson Dependable and Secure Computing vol 12 no 5 pp 546ndash556 2015

[7] Z Huang S Liu X Mao K Chen and J Li ldquoInsight of theprotection for data security under selective opening attacksrdquoInformation Sciences vol 412-413 pp 223ndash241 2017

[8] B Li Y Huang Z Liu J Li Z Tian and S Yiu ldquoHybridORAMPractical oblivious cloud storage with constant bandwidthrdquoInformation Sciences 2018

[9] Z Liu Y Huang J Li X Cheng and C Shen ldquoDivORAMTowards a practical oblivious RAM with variable block sizerdquoInformation Sciences vol 447 pp 1ndash11 2018


[10] W Meng E W Tischhauser Q Wang Y Wang and J HanldquoWhen Intrusion Detection Meets Blockchain Technology AReviewrdquo IEEE Access vol 6 pp 10179ndash10188 2018

[11] C Yuan X Li Q Wu M J J Li and M Sun X ldquoFingerprintLiveness Detection from Different Fingerprint Materials UsingConvolutional Neural Network and Principal ComponentAnalysisrdquoCMCComputersMaterials andContinua vol 53 no3 pp 357ndash371 2015

[12] Y Li G Wang L Nie Q Wang and W Tan ldquoDistancemetric optimization driven convolutional neural network forage invariant face recognitionrdquo Pattern Recognition vol 75 pp51ndash62 2018

[13] W Chen H Lei and K Qi ldquoLattice-based linearly homomor-phic signatures in the standard modelrdquo Theoretical ComputerScience vol 634 pp 47ndash54 2016

[14] CGaoQCheng PHeW Susilo and J Li ldquoPrivacy-preservingNaive Bayes classifiers secure against the substitution-then-comparison attackrdquo Information Sciences vol 444 pp 72ndash882018

[15] D X Song D Wagner and A Perrig ldquoPractical techniquesfor searches on encrypted datardquo in Proceedings of the IEEESymposium on Security and Privacy (SampP rsquo00) pp 44ndash55 IEEEBerkeley Calif USA May 2000

[16] D Boneh and X Boyen ldquoEfficient selective-ID secure identity-based encryption without random oraclesrdquo in Advances incryptologyndashEUROCRYPT 2004 vol 3027 of Lecture Notes inComput Sci pp 223ndash238 Springer Berlin Germany 2004

[17] J Baek R Safavinaini and W Susilo ldquoPublic key encryptionwith keyword search revisitedrdquo inComputational Science and ItsApplications-ICCSA pp 1249ndash1259 Springer Berlin Germany2008

[18] W C Yau S H Heng and M B Goi ldquoOff-line keyword guess-ing attacks on recent public key encryptionwith keyword searchschemesrdquo in International Conference onAutonomic andTrustedComputing pp 100ndash105 Springer 2008

[19] P Xu H Jin QWu andWWang ldquoPublic-key encryption withfuzzy keyword search a provably secure scheme under keywordguessing attackrdquo Institute of Electrical and Electronics EngineersTransactions on Computers vol 62 no 11 pp 2266ndash2277 2013

[20] H Li X Lin H Yang X Liang R Lu and X Shen ldquoEPPDRan efficient privacy-preserving demand response scheme withadaptive key evolution in smart gridrdquo IEEE Transactions onParallel and Distributed Systems vol 25 no 8 pp 2053ndash20642014

[21] H Li D Liu Y Dai T H Luan and X S Shen ldquoEnablingefficient multi-keyword ranked search over encrypted mobilecloud data through blind storagerdquo IEEE Transactions on Emerg-ing Topics in Computing vol 3 no 1 pp 127ndash139 2015

[22] H Li D Liu Y Dai T H Luan and S Yu ldquoPersonalized searchover encrypted data with efficient and secure updates in mobilecloudsrdquo IEEE Transactions on Emerging Topics in Computing2016

[23] L Fan X Lei N Yang T Q Duong and G K KaragiannidisldquoSecrecy Cooperative Networks with Outdated Relay Selectionover Correlated Fading Channelsrdquo IEEE Transactions on Vehic-ular Technology vol 66 no 8 pp 7599ndash7603 2017

[24] J Shen T Zhou X Chen J Li and W Susilo ldquoAnonymousand Traceable Group Data Sharing in Cloud Computingrdquo IEEETransactions on Information Forensics and Security vol 13 no4 pp 912ndash925 2018

[25] L Fang W Susilo C Ge and J Wang ldquoPublic key encryptionwith keyword search secure against keyword guessing attacks

without random oraclerdquo Information Sciences vol 238 pp 221ndash241 2013

[26] R Xie C Xu C He and X Zhang ldquoLattice-based searchablepublic-key encryption scheme for secure cloud storagerdquo Inter-national Journal ofWeb andGrid Services vol 14 no 1 pp 3ndash202018

[27] Y ZhaoHMa X ChenQ Tang andH Zhu ldquoA new trapdoor-indistinguishable public key encryption with keyword searchrdquoJournal ofWirelessMobile Networks Ubiquitous Computing andDependable Applications vol 3 no 1-2 pp 72ndash81 2012

[28] H S Rhee J H Park W Susilo and D H Lee ldquoTrapdoorsecurity in a searchable public-key encryption scheme with adesignated testerrdquo The Journal of Systems and Software vol 83no 5 pp 763ndash771 2010

[29] P Jiang Y Mu F Guo X Wang and Q Wen ldquoOnlineofflineciphertext retrieval on resource constrained devicesrdquoThe Com-puter Journal vol 59 no 7 pp 955ndash969 2016

[30] J Li Y K Li X Chen P P C Lee andW Lou ldquoAHybrid CloudApproach for Secure Authorized Deduplicationrdquo IEEE Trans-actions on Parallel and Distributed Systems vol 26 no 5 pp1206ndash1216 2015

[31] Q Liu Y Guo J Wu and G Wang ldquoEffective query groupingstrategy in cloudsrdquo Journal of Computer Science and Technologyvol 32 no 6 pp 1231ndash1249 2017

[32] Y Liu J Ling Z Liu J Shen and C Gao ldquoFinger vein securebiometric template generation based on deep learningrdquo SoftComputing vol 21 no 1 pp 1ndash9 2017

[33] H Wang W Wang Z Cui X Zhou J Zhao and Y Li ldquoAnew dynamic firefly algorithm for demand estimation of waterresourcesrdquo Information Sciences vol 438 pp 95ndash106 2018

[34] R Chen Y Mu G Yang F Guo and X Wang ldquoDual-server public-key encryption with keyword Search for securecloud storagerdquo IEEE Transactions on Information Forensics andSecurity vol 11 no 4 pp 789ndash798 2016

[35] Q-A Wang C Wang K Ren W-J Lou and J Li ldquoEnablingpublic auditability and data dynamics for storage security incloud computingrdquo IEEE Transactions on Parallel and Dis-tributed Systems vol 22 no 5 pp 847ndash859 2011

[36] J Li X Tan XChenD SWong andF Xhafa ldquoOPoR Enablingproof of retrievability in cloud computing with resource-constrained devicesrdquo IEEE Transactions on Cloud Computingvol 3 no 2 pp 195ndash205 2015

[37] Q Lin H Yan Z Huang W Chen J Shen and Y TangldquoAn ID-based linearly homomorphic signature scheme and itsapplication in blockchainrdquo IEEE Access 2018

[38] D Boneh andM Franklin ldquoIdentity-based encryption from theWeil pairingrdquo SIAM Journal on Computing vol 32 no 3 pp586ndash615 2003

[39] D Boneh B Lynn and H Shacham ldquoShort signatures fromthe Weil pairingrdquo Journal of Cryptology The Journal of theInternational Association for Cryptologic Research vol 17 no 4pp 297ndash319 2004

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


with encrypted data and store its ciphertext to cloud serverTo achieve keyword retrieval over the encrypted data thereceiver creates a trapdoor corresponding to the keywordthen he delivers the trapdoor to server By the testingprocedure the server can find the ciphertext of keywordassociated with the trapdoor Then it sends correspondingdata to receiver Yet there is the requirement of securechannel in their PEKS [16] Usually it is difficult to fulfillthis requirement This weakness limits the applications oftheir scheme Following Bonehrsquos PEKS Baek et al presenteda new PEKS solution which is called Secure Channel FreePublic Key Encryption with Keyword Search [17] (denotedas SCF-PEKS) However Baekrsquos scheme was proved to beinsecure by Yau et al [18] with the following reasons Whenthe outside adversary acquires a trapdoor in channel hecan launch keyword-guessing attacks This attack is calledoutside KGAs So far many of existing solutions concentrateon building up the security to resist outside KGAs [19ndash23] Only a few schemes [24ndash28] are secure against this at-tacks

Additionally the most difficult issue is to resist keyword-guessing attacks launched by the cloud server namely insideKGAs The inside KGAs are that the test server launchedkeyword-guessing attacks Actually such kind of attack alsohas been considered in deduplication system [30] and othersecurity protocols [3 31ndash33] Specifically themalicious servercan create their ciphertext since the production of a PEKSciphertext of keyword involves only public parameters Giventhe trapdoor the malicious cloud server can perform the testprocedure with the guessing keywordTherefore the server isable to know if the guessing keywordmatches given trapdoorRepeating guessing-then-testing process the server can findthe correct keyword Because of the weakness of the smallsize of keyword space this attack is available Based on dual-server Chen et al [34] presented a new PEKS scheme whichis considered to be secure against insider KGAs However intheir solution the front server can test whether the ciphertextof keyword relates to given trapdoor Hence under theoriginal framework of [16] designing a secure scheme againstinside KGAs is out of the question

Recently a new scheme [29] has been proposed by Jianget al based on slightly different architecture With the aidof TTP (trusted third party) their solution can resist insideKGAs In [29] TTP delivers its secret key to the sender froma safe channel With his own secret key the sender producesthe legal ciphertext of keywords Without the senderrsquos secretkey the server is not able to generate a correct ciphertext ofkeyword as inputs of the test procedure Hence the server isnot able to launch inside KGAs

11 Our Contributions In this paper we present a newciphertext retrieval system with a designated tester (dCRKS)based on the new security model Compared with someanalogous works such as the cloud data retrieval schemes[35ndash37] the advantages of this system can be summarized asfollows

Firstly we build security model of ciphertext retrievalsystem Here the server will not be considered as specialattacker So this model is more simple

Second we design an instance of dCRKS This dCRKSinstance can resist inside KGAs In the instance the servercan not produce a correct ciphertext of keywords without thesecret key of sender Meanwhile the server can not generatea valid trapdoor without the secret key of receiver Thereforethe malicious server is not able to launch inside KGAs Mostof the existing literatures (as [25 28]) can not resist insideKGAs Although the [29] is secure against inside KGAs theTTP (trusted third party) is required in their scheme

Thirdly in this dCRKS instance only a specified serveris able to test whether given trapdoor relates to a dCRKSciphertext So the proposal is stronger than [29]

Last the analysis proves that the generation method oftrapdoor and the testing algorithm are more effective thanthose of [29]

2 Preliminaries

Here we will build the framework of dCRKS and its securitymodel Next we introduce the hard assumptions which areused to prove the security of the instance of dCRKS system Insecuritymodel letF be an adversaryThe challenger denotedby G The dCRKS ciphertexts refer to the list of encryptedkeywords

21 Framework of dCRKS and Security Model

211 Framework of dCRKS The dCRKS system is a cipher-text retrieval approach In this system only the specifiedserver can carry out the testing procedure with the correctdCRKS ciphertext The framework of dCRKS consists of thefour algorithms They are defined as follows

Setup Here 119899 is the essential parameter Let PP be the setpublic parameter Inputting 119899 this algorithm outputsPP

KeyGen (PP) When the PP are imported this algorithmoutputs (119875119889 119870119889) (119875119903 119870119903) and (119875119904 119870119904) The 119875119889 (or 119870119889) is thesenderrsquos public (or private) key Similarly the receiverrsquos public(private) is the 119875119903 (119870119903) The serverrsquos public (private) is the 119875119904(119870119904)

EndCRKS (PP 119870119889 119875119889 119875119903) Let 119908 be a keyword Taking 119875119889119870119889 119875119903 119908 and the public parameter PP as input thisEndCRKS produces 119862119908 corresponding to 119908 where 119862119908 isdCRKS ciphertext

dTrapdoor (119875119889 119870119903 119875119904PP) When the keywords 1199081015840 119870119903 119875119904and PP are imported this algorithm produces a trapdoor1198791199081015840 corresponding to 1199081015840

dTest (119870119904 119862119908 1198791199081015840 PP) In this algorithm the server takesa trapdoor 1198791199081015840 PP a dCRKS ciphertext 119862119908 and its privatekey119870119904 as input If119908

1015840 = 119908 it replies ldquoyesrdquo otherwise it repliesldquonordquo

212 Security Model Here we construct the security archi-tecture of the dCRKS The security of dCRKS ciphertext andtrapdoor are defined by this architecture The security ofdCRKS is based on the two games




























polynomial time
















1198623 = 119890(119892 119892)119906

1198622 = (1198751199032)119906 sdot 119892minus119906119867(119908) = 119892(119909minus119867(119908))119906

1198621 = (1198751199031)119911119906 = 119890(119892 ℎ)119911119906119909




as follows

1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))


119890 (1198622 1198792) 11986211991011987913 = 1198621 (1)



1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))

119879 = (1198791 1198792)1198622 = 1198751199061199032 sdot 119892

minus119906119867(119908)



119890(1198622 1198792) = 119890(119892119906 ℎ119911119909119892minus119910119903) = 119890(119892119906 ℎ119911119909)119890(119892119906 119892minus119910119903)


1198621 = 119890(119892 ℎ)119911119906119909 = 119890(1198622 1198792)11986211991011987913













1015840

119892minus1199051015840119867(119908119887)

and 1198621 = 119890(119892 ℎ)119902













119890(119892 ℎ)1119909lowast








119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887

toF




119890(119892 ℎ)1119909lowast

and 119879lowast1199081015840

119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840

) In scheme 119879lowast119908119887 = (119903

(ℎ119911119909lowast





= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887





1198871015840 ))(119909

lowastminus119867(119908119887)))



1198871015840 ))(119909


from 119890(119892 ℎ)119911119909lowast



lowast





1015840



119890(119892 ℎ1199111015840

)119906119909 = (1198751199031)1199111015840119906 = 11986210158401

119892(119909minus119867(1199081015840))119906 = (1198751199032)

119906 sdot 119892minus119906119867(1199081015840) = 11986210158402

119890(119892 119892)119906 = 11986210158403

Let 119879119889119908 = (1198791 1198792) then


















5 Conclusion


Data Availability




Acknowledgments


References












































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





























polynomial time
















1198623 = 119890(119892 119892)119906

1198622 = (1198751199032)119906 sdot 119892minus119906119867(119908) = 119892(119909minus119867(119908))119906

1198621 = (1198751199031)119911119906 = 119890(119892 ℎ)119911119906119909




as follows

1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))


119890 (1198622 1198792) 11986211991011987913 = 1198621 (1)



1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))

119879 = (1198791 1198792)1198622 = 1198751199061199032 sdot 119892

minus119906119867(119908)



119890(1198622 1198792) = 119890(119892119906 ℎ119911119909119892minus119910119903) = 119890(119892119906 ℎ119911119909)119890(119892119906 119892minus119910119903)


1198621 = 119890(119892 ℎ)119911119906119909 = 119890(1198622 1198792)11986211991011987913













1015840

119892minus1199051015840119867(119908119887)

and 1198621 = 119890(119892 ℎ)119902













119890(119892 ℎ)1119909lowast








119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887

toF




119890(119892 ℎ)1119909lowast

and 119879lowast1199081015840

119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840

) In scheme 119879lowast119908119887 = (119903

(ℎ119911119909lowast





= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887





1198871015840 ))(119909

lowastminus119867(119908119887)))



1198871015840 ))(119909


from 119890(119892 ℎ)119911119909lowast



lowast





1015840



119890(119892 ℎ1199111015840

)119906119909 = (1198751199031)1199111015840119906 = 11986210158401

119892(119909minus119867(1199081015840))119906 = (1198751199032)

119906 sdot 119892minus119906119867(1199081015840) = 11986210158402

119890(119892 119892)119906 = 11986210158403

Let 119879119889119908 = (1198791 1198792) then


















5 Conclusion


Data Availability




Acknowledgments


References












































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia













1198623 = 119890(119892 119892)119906

1198622 = (1198751199032)119906 sdot 119892minus119906119867(119908) = 119892(119909minus119867(119908))119906

1198621 = (1198751199031)119911119906 = 119890(119892 ℎ)119911119906119909




as follows

1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))


119890 (1198622 1198792) 11986211991011987913 = 1198621 (1)



1198791 = 119903

1198792 = (1198751119909119889

sdot 119875minus119903119904 )1(119909minus119867(1199081015840))

119879 = (1198791 1198792)1198622 = 1198751199061199032 sdot 119892

minus119906119867(119908)



119890(1198622 1198792) = 119890(119892119906 ℎ119911119909119892minus119910119903) = 119890(119892119906 ℎ119911119909)119890(119892119906 119892minus119910119903)


1198621 = 119890(119892 ℎ)119911119906119909 = 119890(1198622 1198792)11986211991011987913













1015840

119892minus1199051015840119867(119908119887)

and 1198621 = 119890(119892 ℎ)119902













119890(119892 ℎ)1119909lowast








119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887

toF




119890(119892 ℎ)1119909lowast

and 119879lowast1199081015840

119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840

) In scheme 119879lowast119908119887 = (119903

(ℎ119911119909lowast





= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887





1198871015840 ))(119909

lowastminus119867(119908119887)))



1198871015840 ))(119909


from 119890(119892 ℎ)119911119909lowast



lowast





1015840



119890(119892 ℎ1199111015840

)119906119909 = (1198751199031)1199111015840119906 = 11986210158401

119892(119909minus119867(1199081015840))119906 = (1198751199032)

119906 sdot 119892minus119906119867(1199081015840) = 11986210158402

119890(119892 119892)119906 = 11986210158403

Let 119879119889119908 = (1198791 1198792) then


















5 Conclusion


Data Availability




Acknowledgments


References












































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia














119890(119892 ℎ)1119909lowast








119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887

toF




119890(119892 ℎ)1119909lowast

and 119879lowast1199081015840

119887

= (1199031015840 ℎ1199111015840

119892minus1199101199031015840

) In scheme 119879lowast119908119887 = (119903

(ℎ119911119909lowast





= (1199031015840 ℎ1199111015840

119892minus1199101199031015840


119887





1198871015840 ))(119909

lowastminus119867(119908119887)))



1198871015840 ))(119909


from 119890(119892 ℎ)119911119909lowast



lowast





1015840



119890(119892 ℎ1199111015840

)119906119909 = (1198751199031)1199111015840119906 = 11986210158401

119892(119909minus119867(1199081015840))119906 = (1198751199032)

119906 sdot 119892minus119906119867(1199081015840) = 11986210158402

119890(119892 119892)119906 = 11986210158403

Let 119879119889119908 = (1198791 1198792) then


















5 Conclusion


Data Availability




Acknowledgments


References












































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia














5 Conclusion


Data Availability




Acknowledgments


References












































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


a secure ciphertext retrieval scheme against insider kgas

Documents