Wednesday, March 23, 2011

Starting a sub sandwitch business applying MapReduce :)

Here's the simplified process:


Input map to the mapper:
item1 -> bread, item2 -> cucumber, item3 -> green pepper, item4 -> tomato, item5 -> lettuce, item6 -> onion

Output map of the mapper:
item1 -> sliced bread, , item2 -> sliced cucumber, item3 -> chopped green pepper, item4 -> sliced tomato, item5 -> chopped lettuce, item6 -> sliced onion

Output map of the reducer:
vegi subs

That's the start-up. It is self-explanatory to see how easy it is to parallelize these tasks and make subs quickly on the fly. As the business grows, adding different varieties of breads, toppings, meats, etc. is quite easy too.

Tuesday, March 8, 2011

Wish list of search over encrypted data

The encrypted data is hosted in an untrusted server (honest-but-curious case only) and a user wants to make a "special" query and obtain only the matching data objects. I use the word "special" since you need to have some kind of an encoded query in order for the server to execute it over encrypted data without decrypting the data.

My wish list: The server should not be able to
- learn what the "special" query is
- create the "special" query by itself
- distinguish between encrypted data objects
- learn the result of the "special" query

Wednesday, March 2, 2011

Proxy re-encryption

Alice wants to allow Bob to decrypt messages encrypted under her public key, but Alice does not want to give her private key to Bob. How can Alice do this? One way is to use the help of a proxy. Alice would not want to give her private key to the proxy either, since it requires an unrealistic amount of trust. What Alice wants is a way for a proxy to convert the messages encrypted under her public key to messages encrypted under Bob's public without the proxy decrypting Alice's messages. This is where Alice can use proxy re-encryption. Alice gives some information to the proxy so that it can covert the messages. Alice is the delegator and Bob is the delegatee.

An example would be Alice wants to temporarily forward her emails encrypted under her public key to Bob. So, she forwards her encrypted emails to a proxy and gets it to covert her encrypted emails to the ones encrypted under Bob's public key so that Bob can decrypt and read the emails.

Some of the security properties demonstrated by existing proxy re-encryption schemes:
1. The proxy cannot see the plaintext unless it colludes with Bob.
2. The proxy cannot derive the secret key of Alice (even when the proxy colludes with Bob).
3. The scheme could be bi-directional (When Alice delegates to Bob, automatically Bob delegates to Alice. So, Alice and Bob need to have mutual trust for such schemes to work) or uni-directional (Alice can delegate to Bob without Bob having to delegate to her. Thus, the trust relationship between Alice and Bob does not need to be mutual).
4. The scheme could be transitive (Alice can delegate to Bob, and Bob can delegate to Tim in turn for example.) or non-transitive (Bob cannot delegate to Tim).