Page 96 - Read Online

P. 96

Salmani et al. J Surveill Secur Saf 2020;1:79–101 I http://dx.doi.org/10.20517/jsss.2020.16 Page 89

n
1
0.8 1 0.7 1 5
n 11 n 12
1
3
0.7 1 0.7 1 0.8 0.4 0.7 0.4
n 21 n 22 f 5 f 6
4 3 2 1
0.6 0.2 0.7 0.2 0.8 0.4 0.3 0.4
0.5 0.6 0.7 0.8 0.7 1 0.7 1
f 1 f 2 f 3 f 4

0.5 0.4 0.1 0.8 0.2 0.6 0.7 0 0.7 0.9 0.7 1 0 1 0 1

Figure 3. An example of the index tree that is employed in our approach.

• GenerateCiphertext. The LRSE Encryption(D,I,m,K) algorithm takes a document collection D, a plain
index I, a secret matrix m, and a secret key K. The algorithm encrypts all of the documents in D using the
secret key K. To encrypt the index I, we adopt the secure asymmetric inner product by Wong etal. [14] . The
algorithm can make the cloud server compute the inner product of two encrypted vectors T i and Q without
ˆ
ˆ
revealing any information about the actual values of them. Accordingly, the encrypted subindex is built as
{m T i } where m is the random matrix that the data owner generates through running KeyGen algorithm.
T
After encrypting the index I and document corpus D, the data owner performs a random shuffle on the
encrypted document vectors, ensuring that the order of the encrypted entries do not reveal any information
about the underlying data. The data owner then transfers the encrypted index and documents to the cloud.

• GenerateQuery. The Query(∆ q ,K, φ)algorithm is similarto Query algorithm in SchemeI (seeSection4.1),
except in the last step, instead of sending the encrypted query q, it builds the corresponding query vector
ˆ
and generates the encrypted query vector Q by performing {m Q}. It shuffles the encrypted query vector
−1
in the same way that the document vectors are shuffled and sent it to the cloud. The data user may send an
optional parameter k to the cloud to retrieve only the top-k resultant documents.
• Search. Upon receiving the encrypted query Q, the cloud server runs Search(Q,SI, k) algorithm which
ˆ
ˆ
ˆ
takes in an encrypted query vector Q, an encrypted index SI and an optional parameter k. The Search
algorithm finds the top-k resultant documents using the tree-based index SI. To gain the relevance score
we calculates the inner product of the encrypted document vector in the encrypted query vector.
T
T
T
−1
T
ˆ ˆ
−1
T i .Q = (m T i ) × (m Q) = T i m × m Q = T i × Q = T i .Q
Note that the cloud server only learns the relevance score (similarity) of the documents to the query, while
deducing the similarity between encrypted documents is not possible [14] . Finally, the cloud server returns
the top-k resultant files to the data user.
• ResultDecryptor. In contrast with Scheme I, in this scheme we do not need to normalize the encrypted

resultant documents so we achieve lower system cost and faster decryption. The LRSE Decryption(C i ,K)
algorithm inputs an encrypted document and the secrets key k and outputs the document D i. The data user
simply call the Decryption algorithm for each encrypted document in the resultant documents.

91 92 93 94 95 96 97 98 99 100 101