Oblivious transfer with hidden access control lists

摘要

A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.

主权项

1. A computer system comprising:
a first processor device of a database server configured to publish an encrypted form of a database, the database comprising at least one record with an associated index and a list of access-control attributes for each record; at least one user of the database; an Issuer configured to provide a credential for each access-control attribute of the database, which is assigned to the at least one user;wherein said computer system comprises:
a memory storage device, a processor device; said processor device associated with said memory storage device and configured to perform a method to encrypt a database, said method comprising: generating an encryption key for a record such that the encryption key is derived from at least the index of the record and the access-control attributes and a secret key of the database server; encrypting using the generated encryption key a database record; and encrypting the access-control attributes, said access-control encrypting including configuring a generator to generate a non-interactive zero-knowledge proof that the access-control attributes were correctly encrypted, and the first processor of the database server being responsive to the database encryptor, wherein users are enabled to access the database record while the database does not learn who queries the record, nor which record was being queried, wherein to access the database record, said first processor device is further configured to: receive, at the database server, an input comprising a selected record, an issuer's public key, and database private and public keys, a user's credential, a re-encryption of the encrypted access-control attributes with a fresh user key, a non-interactive proof that the re-encryption was taken and encrypted correctly, a blinded signature for the selected record, and an encryption of a comparison between the user's credential and ACL attributes; execute with the user zero-knowledge proof that the user performed the computations honestly; create a blinded decryption key from blinded signature and ACL attribute for the selected record to execute the zero-knowledge proof with the database provider, if the database provider verifies the zero-knowledge proof and the non-interactive proof were successful; and decrypt the selected record if user's credential was enough to access the record.