Design and development tools and inter-domain application

THE DESIGN AND DEVELOPMENT of searchable encryption schemes essentially requires a knowledge of mathematics, but once developed and proved secure, we need to implement it to check the practically. In this chapter, we will discuss the choice of language to implement these schemes, available libraries, and the different data sets available for testing. Further, we will discuss some applications of searchable encryption in several areas other than cryptography.

Language And Library Options

A searchable encryption scheme is a collection of different algorithms working together to achieve a common goal of searching encrypted data. Therefore, any language in which the user is comfortable can be used for implementation purposes. In the public-key setting, pairing operations are performed for which pairing libraries have to be used. Therefore, it is suggested to use the same language as the pairing library for better compatibility.

Toolkits For Symmetric Searchable Encryption Schemes

For the searchable encryption schemes in the symmetric-key setting the following toolkits are available to evaluate the searchable encryption.

OpenSSE’s Cryptographic Toolkit: This toolkit has a cryptographic layer which provides interfaces and implementations of features like pseudorandom functions, hash functions, and encryption schemes, on which a typical searchable encryption scheme relies. This toolkit contains single keyword search schemes implemented in C and C++. It offers the required level of abstraction to easily implement searchable encryption schemes. The famous cryptography libraries like OpenSSL do not provide interfaces for the building blocks of searchable encryption schemes. However, it is still a research project and is suggested not to be used for sensitive information.

The Clusion Library: Clusion is another software library that is worth mentioning if we are talking about symmetric searchable encryption (SSE). Not only does it provide a modular implementation of recent SSE schemes, but also all the implementations have sub-linear asymptotic search complexity while considering the worst case. Further, it gives constructions that support disjunction, conjunction operations in case of multi-keyword search and also supports the trivial single keyword search.

Pairing Libraries For Searchable Encryption In A Public-key Setting

The searchable encryption schemes in the public-key setting are developed mainly using identity-based encryption, attribute-based encryption, and predicate encryption, etc. and these advanced encryption schemes typically use the pairing concept in their construction. There are several pairing libraries available, and some of the popular libraries among them are described as follows:

PBC (Pairing-Based Cryptography) Library: This is a free C library for performing the pairing operation. It is developed on the GMP library, which performs mathematical operations. The PBC library is an integral part of the pairing-based cryptosystem [1]. Because it uses the GMP library underneath, the pairing times are very short, although it is written in C. Thus, speed and portability are among its prime features. Further, essential functions such as elliptic-curve arithmetic and pairing computations could be easily performed. Boneh-Lynn-Shacham short signatures [2], Hess identity-based signatures [3] and Paterson identity- based signatures [4] are examples of some of the cryptosystems tested using this library.

JPBC (Java Pairing-Based Cryptography) Library: As the name suggests, the Java Pairing-Based Cryptographic library is based on the Java language [5]. It is an extension of the PBC library given by Lynn [1]. JPBC-based implementation supports multithreading and employs memory-mapped files to optimize primary memory usage. JPBC uses a wrapper to delegate the pairing computations to the PBC library. In addition to the bilinear maps, JPBC also provides support for multi-linear maps. Several functional encryption schemes and signature schemes have been successfully tested using the JPBC library.

Charm: Charm is a python-based library. Prototypes of advanced cryptosystems could be quickly and seamlessly created using the Charm framework [6]. Code reuse, readability, and simplicity are some of the striking features of Charm. It provides support for various mathematical settings, including integer rings/fields, bilinear and non-bilinear elliptic-curve groups. It has a base crypto library, which includes symmetric encryption schemes, hash functions and pseudorandom number generators.

Further, Charm provides standard application programming interfaces to construct digital signatures and encryption schemes. Moreover, it gives a “protocol engine” to simplify the process of implementing multi-party protocols. An integrated compiler for interactive and non-interactive zero-knowledge proofs is also provided by the Charm framework. Thus, it is the most comprehensive framework as per the functionalities it offers.

Multiprecision integer and rational arithmetic cryptographic library: The multiprecision integer and rational arithmetic cryptographic library (MIRACL) is a C language-based software library [7]. It is one of the preferred open-source software development toolkits for elliptic-curve cryptography. The feature which makes MIRACL different from any other cryptographic library is its commitment to provide the security solution to resource constrained environments like mobile applications, embedded systems, etc. Many renowned organizations around the globe, including Panasonic, Hitachi, Toyota, Intel, and many more, have used the services of MIRACL. Another important feature of MIRACL is its support for state-of-the-art security technologies, including searchable encryption.

RELIC: RELIC is another example of a cryptographic toolkit. Efficiency, flexibility, and portability are its main features [8]. Various algorithms are implemented using RELIC. Among them, some are elliptic curves over prime and binary fields, bilinear maps and related extension fields. Several cryptographic protocols like RSA, Rabin, and Boneh-Boyen short signatures [9] systems are also implemented using RELIC.

< Prev   CONTENTS   Source   Next >