private anonymous messaging with friends
TRANSCRIPT
Private Anonymous MessagingWith Friends!
Ruchith Fernando
Purdue University
April 26, 2011
Ruchith Fernando CS 626 : Project Presentation
Problem
A user wants to send a message to all his current contacts
Even if they are offline!
Only trusts his/her immediate contacts
A contact can re-distribute messages on requests
Ruchith Fernando CS 626 : Project Presentation
Problem
Ruchith Fernando CS 626 : Project Presentation
Problem
Ruchith Fernando CS 626 : Project Presentation
Proposed Solution
Modify HIBE (Hierarchical Identity Based Encryption withConstant Size Ciphertext, Boneh et.al)
Each contact is issued a private key (only private channel forkey exchange)
Contacts generate anonymous public keys using their privatekeys
Broadcast update request to be processed by other contacts
Re-key mechanism with public data (no private channelrequirement)
Ruchith Fernando CS 626 : Project Presentation
Hierarchical Identity Based Encryption
Identities:
Alice: I1Bob: I1, I21Charlie: I1, I22
e : G×G→ G1, |G| = p
params = (g , g1, g2, g3, h1, h2), g1 = gα, α ∈ Zp
mk = g2α
Ruchith Fernando CS 626 : Project Presentation
Hierarchical Identity Based Encryption
Alice :
Kpriv alice = KeyGen(I1, params,mk)Kpubalice = I1
Bob :
Kpriv bob = KeyGen(I1, I2, params,Kpriv alice)Kpubbob = I1, I21
To encrypt for BobCT = Encrypt(msg , I1, I21 , params)
Ruchith Fernando CS 626 : Project Presentation
Changes to HIBE
Update Encrypt() to work with h1I1h2
I21 = ID
To encrypt for BobCT = Encrypt ′(msg , ID, params)
On re-key update α and only generate minimum public datafor existing contacts.
Ruchith Fernando CS 626 : Project Presentation
Usage : Encryption
Contact: First level identity (Ir1) and private key
A contact issues him/herself a second level identity with arandom Ir2Broadcsts a request for data (<user, IDr >) whereIDr = h1
Ir1h2Ir2
Any other contact of the user can respond to the request, byencrypting with paramsuser :CT = Encrypt ′(msg , IDr , paramsuser )
Ruchith Fernando CS 626 : Project Presentation
Usage : Revocation
If the user removes a contact
Re-key : Parameters
Generate a new master key : α′ ∈ Zp, g2α′
paramsuser update : Only g1 = gα′
Re-key : Contact private key
Kpriv = (g2α′ · (h1I1 · g3)
r, g r , h2
r , h3r ) = (C1,C2,C3)
Only C1 need to be published along with I1Indexed by blinded IDcontact
Ruchith Fernando CS 626 : Project Presentation
Implementation
http://code.google.com/p/anon-encrypt/
Using Java Pairing Based Cryptography Library (JPBC)1
Implemented as a library
Demo application
1http://gas.dia.unisa.it/projects/jpbc/Ruchith Fernando CS 626 : Project Presentation
Demonstration
DEMO!,
Ruchith Fernando CS 626 : Project Presentation