6.8. REVOCATION OF USERS 91
text of the partial session key, E
0
1
and E
0
2
can simply be multiplied to obtain E
0
D p
1
p
2
Y
s
1
Cs
2
.
is adds the random numbers s
1
and s
2
as the exponents of Y and multiplies the Paillier cipher-
texts p
1
and p
2
. From the homomorphic property of Paillier encryption, we know that when
the ciphertexts are multiplied, the plaintext is added up. us, both the random numbers and
the partial session keys are aggregated.
It needs to be noted that Paillier encryption is not being used for security in this scheme.
e security instead is provided by the Decisional Bilinear Diffie–Hellman (DBDH) Assump-
tion. Paillier encryption is used for its ability to perform summation on the plaintexts when
ciphertexts are multiplied. is introduces the overhead of an extra Paillier encryption during
key establishment. is overhead can be reduced by pre-computing n Paillier encrypted ele-
ments in G
T
and deploying them on the sensors. In the data aggregation key generation phase,
the sensors then randomly choose k n elements and multiply them together to generate one
random Paillier encrypted partial key. e number of unique keys which can be generated with
this method are
Number of unique keys .jpj/ D
nŠ
kŠ.n k/Š
:
Figure 6.6 shows the relationship between n and k for 80 and 128 bit symmetric key equivalent
security.
10
100
1,000
10,000
100,000
10 15 20 25 30 35
Total number of stored
elements (n)
Number of elements chosen at random (k)
80-bit
128-bit
Figure 6.6: Relationship between number of elements chosen (k) and number of unique elements
stored (n).
6.8 REVOCATION OF USERS
In FDAC [97], user revocation is handled by updating the master key secret y embedded in
the user secret key SK. To accomplish this, the authority SCA includes an additional updatable
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.