International Journal of Trend in Scientific Research and Development (IJTSRD)

Volume 7 Issue 2, March-April 2023 Available Online: www.ijtsrd.com e-ISSN: 2456 – 6470

Attribute Based Ecdsa Searchable Encryption in Cloud Computing

(ECDSA - Elliptic Curve Digital Signature Algorithm)
Eben Paul Richard1, Aravind Swaminathan2
1
ME Student, Department of Computer Science and Engineering,
2
Professor, Department of Computer Science and Engineering,
1, 2
Francis Xavier Engineering College, Tirunelveli, Tamil Nadu, India

ABSTRACT How to cite this paper: Eben Paul

To obtain information from two sources, we need minutiae positions Richard | Aravind Swaminathan
from one source, the orientation from one source, and the reference "Attribute Based Ecdsa Searchable
points from both sources. A combined minutiae template is created Encryption in Cloud Computing
with the use of obtained information. In the field of remote data (ECDSA - Elliptic Curve Digital
Signature Algorithm)" Published in
management services, cloud storage has emerged as a major sector. It
International Journal
raises security issues because encryption is currently the greatest of Trend in
method for avoiding data leakage. A promising method among these Scientific Research
is public key encryption with keyword search (PKSE), which allows and Development
users to quickly search through encrypted data files. The client first (ijtsrd), ISSN: 2456-
generates a search token when to query data files, The cloud server 6470, Volume-7 |
uses the search token to proceed the query over encrypted data files. Issue-2, April 2023, IJTSRD55045
However, a serious attack is raised when PKSE meets cloud. The pp.551-556, URL:
problem is Cloud Server discover the privacy information. In our www.ijtsrd.com/papers/ijtsrd55045.pdf
proposed system propose a forward secure Attribute based Elliptic
Curve Digital Signature searchable encryption scheme. Finally, our Copyright © 2023 by author (s) and
International Journal of Trend in
experiments show our scheme is efficient.
Scientific Research and Development
KEYWORDS: Encryption key, token, public key encryption with Journal. This is an
keyword search (PKSE), Elliptic Curve Digital Signature searchable Open Access article
distributed under the
encryption (ECDSA)
terms of the Creative Commons
Attribution License (CC BY 4.0)
(http://creativecommons.org/licenses/by/4.0)

I. INTRODUCTION:
Cryptographic techniques have been seen as a long-
In our proposed solution propose a new public key
established approach to alleviate the concerns which
searchable encryption scheme which can achieve
advocate that data files should be encrypted before
forward security A promising method among these is
outsourcing. Searchable encryption is a cryptographic
public key encryption with keyword search (PKSE),
primitive that allows to execute search operations
which allows users to quickly search through
over encrypted data files. The former is known as
encrypted data files. The client first generates a
symmetric searchable encryption, although it enjoys
search token when to query data files, The cloud
high efficiency in search process. It provides a
server uses the search token to proceed the query over
terrible performance in data sharing for its
encrypted data files. However, a serious attack is
complicated secret key distribution. since clients need
raised when PKSE meets cloud. The problem is
to share the secret key which will be used for
Cloud Server discover the privacy information. In our
decryption when sharing an encrypted data file to
proposed system propose a forward secure Attribute
others.
based Elliptic Curve Digital Signature searchable
In public key searchable encryption, a client’s public encryption scheme. Finally, our experiments show
key can be used by others to encrypt a data file shared our scheme is efficient.
to the client, and client can use its secret key to
II. EXISTING METHODOLOGY:
generate search tokens for its queries. The server can In our existing system implement two fold approach
use a search token to test whether an encrypted data (AES-BRS) for data security in Edge computing.
file matches the query corresponding to the search
token while learning nothing about the query.

@ IJTSRD | Unique Paper ID – IJTSRD55045 | Volume – 7 | Issue – 2 | March-April 2023 Page 551
 International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470
Besides, the processing of data is followed with AES- execute the proposed protocols, but curious about the
BRS (Advanced Encryption Standard-Binary Reed- content of data files and queries, namely the cloud
Solomon) code, which is a kind of coding methods server attempts to infer the private information of
based on Reed-Solomon Code. Based on this method, queries and data files. With the assumptions, the
data to be stored is divided into k parts, each of which security means the cloud server could learn nothing
is l in size, and we generate an encoding part by beyond the test results in search phase n the security
encoding a matrix, where n = k + m, in which n is the model, clients are assumed to be honest, which will
total number of data blocks and m 185 is the number honestly perform the protocols. The system clock is a
of redundant block. Each encoding part is stored in a fully trusted entity which will always honestly tell
storage node. When the number of encoding parts is clients the current time. The cloud server is assumed
less than m, the system can repair all the data from to be honest but curious, which will honestly store
any of the k encoding parts. Obviously, no one can encrypted data files and execute the proposed
recover data as long as they use fewer than k blocks protocols, but curious about the content of data files
of encoding. Besides physical isolation, we have and queries, namely the cloud server attempts to infer
added several layers of protection to our data to the private information of queries and data files. With
ensure data privacy. the assumptions, the security means the cloud server
could learn nothing beyond the test results in search
III. PROPOSED METHODOLOGY
phase. The proposed Attribute based elliptic curve
In our proposed system propose a forward secure
digital signature searchable encryption in cloud
Attribute based Elliptic Curve Digital Signature
storage is depicted in Figure 1. The model is divided
searchable encryption scheme, in which a cloud
into four module such as Client, Cloud Server,
server cannot learn any information about a newly
Attribute based Elliptic Curve Digital Signature
added encrypted data file containing the keyword that
searchable encryption, and clock.
previously queried. The system model consists of
three entities: Clients, Cloud Server and System A. Clients:
Clock. With cloud storage, a client may prefer to The entity has large data files to be stored in the cloud
store its data files into a cloud server for releasing server, and also has the requirement of retrieving data
from a large number of data management tasks or files from the cloud server. To search data files from
sharing its data files to others by using a cloud server. cloud server, a client generates a search token for the
In order to preserve the privacy, a data file should be querying keyword and sends the search token to cloud
encrypted before uploading. To search data files from server. Upon receiving a search token, the cloud
cloud server, a client generates a search token for the server can search the encrypted data files to return
querying keyword and sends the search token to cloud results.
server. Upon receiving a search token, the cloud
B. Cloud Server:
server can search the encrypted data files to return The entity owns rich storage and computation
results. It reduce the time complexity. It can greatly resources, provides cloud storage services to its
reduce the privacy information leaked to a cloud clients.
server.
C. Attribute based Elliptic Curve Digital
IV. ARCHITECTURAL DESIGN Signature searchable encryption:
The Elliptic Curve Digital Signature Algorithm
(ECDSA) is a Digital Signature Algorithm (DSA)
which uses keys derived from elliptic curve
cryptography (ECC). It is a particularly efficient
equation based on public key cryptography (PKC).
ECDSA is used across many security systems, is
popular for use in secure messaging apps, and it is the
basis of Bitcoin security (with Bitcoin "addresses"
Fig1: System Architecture Diagram serving as public keys). ECDSA is also used for
V. SYSTEM ANALYSIS AND DESIGN Transport Layer Security (TLS), the successor to
In the security model, clients are assumed to be Secure Sockets Layer (SSL), by encrypting
honest, which will honestly perform the protocols. connections between web browsers and a web
The system clock is a fully trusted entity which will application. The encrypted connection of an HTTPS
always honestly tell clients the current time. The website, illustrated by an image of a physical padlock
cloud server is assumed to be honest but curious, shown in the browser, is made through signed
which will honestly store encrypted data files and certificates using ECDSA. A main feature of ECDSA

@ IJTSRD | Unique Paper ID – IJTSRD55045 | Volume – 7 | Issue – 2 | March-April 2023 Page 552
 International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470
versus another popular algorithm, RSA, is that A few concepts related to ECDSA:
ECDSA provides a higher degree of security with Private Key: A secret number, known only to the
shorter key lengths. This increases its ROI further as person that generated it. A private key is
ECDSA uses less computer power than RSAm a less essentially a randomly generated number. In
secure competing equation. Bitcoin, someone with the private key that
corresponds to funds on the blockchain can spend
D. Elliptic Curves
Many readers may associate the term “elliptic” with the funds. In Bitcoin, a private key is a single
unsigned 256 bit integer (32 bytes).
conic sections from distant school days. An ellipsis is
a special case of the general second-degree equation Public Key: A number that corresponds to a
ax2 + bxy + cy2 + dx + ey + f = 0.22 Depending on private key, but does not need to be kept secret. A
the values of the parameters a to f, the resulting graph public key can be calculated from a private key,
could be a circle, hyperbola, or parabola. Elliptic but not vice versa. A public key can be used to
curve cryptography uses third-degree equations. The determine if a signature is genuine (in other
DSS defines two kinds of elliptic curves for use with words, produced with the proper key) without
ECC: pseudo-random curves, whose coefficients are requiring the private key to be divulged. In
generated from the output of a seeded cryptographic Bitcoin, public keys are either compressed or
hash function; and special curves, whose coefficients uncompressed. Compressed public keys are 33
and underlying field have been selected to optimize bytes, consisting of a prefix either 0x02 or 0x03,
the efficiency of the elliptic curve operations. Pseudo- and a 256-bit integer called x. The older
random curves can be defined over prime fields uncompressed keys are 65 bytes, consisting of
GF(p) as well as binary fields GF(2m).A prime field constant prefix (0x04), followed by two 256-bit
is the field GF(p), which contains a prime number p integers called x and y (2 * 32 bytes). The prefix
of elements. The elements of this field are the integers of a compressed key allows for the y value to be
modulo p; the field arithmetic is implemented in derived from the x value.
terms of the arithmetic of integers modulo p. Signature: A number that proves that a signing
VI. Mathematical Background operation took place. A signature is
Elliptic curve cryptography involves scalars and mathematically generated from a hash of
points. Typically, scalars are represented with lower- something to be signed, plus a private key. The
case letters, while points are represented as upper- signature itself is two numbers known as r and s.
case letters. Three numerical operations are defined With the public key, a mathematical algorithm
for scalars: addition (+), multiplication (*) and can be used on the signature to determine that it
inversion(-1). There are two numerical operations for was originally produced from the hash and the
points: addition (+) and multiplication (×). Although private key, without needing to know the private
the symbol “+” is used for scalars and points, a point key. Resulting signatures are either 73, 72, or 71
addition follows different rules than the scalar bytes long (with approximate probabilities of
addition. These operations apply to curves over prime 25%, 50%, and 25%, respectively-- although sizes
fields, as well as curves over binary fields. Algebraic even smaller than that are possible with
formulae to perform these computations. exponentially decreasing probability). ECDSA
Computations needed for ECDSA authentication are adopts various concepts in its operation. This
the generation of a key pair (private key, public key), involves private keys, public keys and signature.
the computation of a signature, and the verification of The three features aid in the general operation of
a signature. The corresponding equations are found in the ECDSA. The private key is randomly
public literature. Unfortunately, different authors use generated and it is only known to the generating
their own conventions, which makes it difficult to person. Additionally, the key 24 represents a
follow their explanations. secret number of which the bearer can access
funds on a private ledger that correspond to the
A. Key Pair Generation
Before an ECDSA authenticator can function, it needs funds. Contrary to that, the private key can be
deployed in the creation of digital signatures on
to know its private key. The public key is derived
varied data that take in use the digital data
from the private key and the domain parameters. The
algorithm. However, in Bitcoin, the private key is
key pair must reside in the 23 authenticator’s
32 bytes which a composition of 256 unsigned bit
memory. As the name implies, the private key is not
accessible from the outside world. The public key, in integer. On the other hand, a public key is a
number that is usually in correspondence to the
contrast, must be openly read accessible.
private key. However, it does not necessarily need

@ IJTSRD | Unique Paper ID – IJTSRD55045 | Volume – 7 | Issue – 2 | March-April 2023 Page 553
 International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470
to be kept a secret. Additionally, a calculation can Calculate the number r=xPmodnr=xPmodn (where
be carried out from the private key to determine a xPxP is the xx coordinate of PP).
public, but the inverse is not possible. A public If r=0r=0, then choose another kk and try again.
key is mainly used in the determination of the
genuineness of a signature (Snifikino, 2014). Calculate
However, this process does not necessitate for the s=k−1 (z+rdA) modns =k−1 (z+rdA) modn (where
divulging of the private key. Bitcoin provides two dAdA is Alice’s private key and k−1k−1 is the
types of public keys which can either be multiplicative inverse of kk modulo nn).
compressed or uncompressed keys. The signature
refers to a number that acts as proof of a signing If s=0s=0, then choose another kk and try again. The
operation. The generation of the signature is done pair (r,s)(r,s) is the signature. In plain words, this
mathematically from a private key and a hash of algorithm first generates a secret (kk). This secret is
what is to be signed. A mathematical algorithm hidden in rr thanks to point multiplication (that, as we
along with the public can be implemented on the know, is “easy” one way, and “hard” the other way
signature in the determination of its originality, round). rr is then bound to the message hash by the
that is, its generation from a private key and a equation s=k−1(z+rdA)modns=k−1(z+rdA)modn.
harsh. A digital signature provides an opportunity Note that in order to calculate ss, we have computed
for vouching for any messages. the inverse of kk modulo nn. This is guaranteed to
The main benefit of Elliptic Curve Digital Signature work only if nn is a prime number. If a subgroup has
Algorithm is that the party authenticating the a non-prime order, ECDSA can’t be used.It’s not by
peripheral is relieved from the constraint to securely chance that almost all standardized curves have a
store a secret. The authenticating party can prime order, and those that have a non-prime order
authenticate thanks to a public key that can be freely are unsuitable for ECDSA. The dynamically add data
distributed. Authentication ICs, such as those among files to the cloud server, after receiving a new added
Maxim’s Deep Cover embedded security solutions; encrypted data file, the cloud server can immediately
help simplify implementation of robust challenge- know whether the data file matches a previous query
response authentication methods that form the by using the search tokens it has received, which can
foundation of more effective application security. The lead to privacy leakage of the new added encrypted
ECDSA authenticators also enable easier data file. Moreover, since keyword space is actually
authentication of goods from third parties or much smaller than password space, if the cloud server
subcontractors. has received enough search tokens, it may easily
classify a new added 27 encrypted data file by using
VII. ALGORITHM the search tokens it has received to test the encrypted
Elliptic curve algorithms work in a cyclic subgroup of data file, and then can infer the search token that
an elliptic curve over a finite field. Therefore, the matches the most data files is corresponding to the
algorithms will need the following parameters: frequently used keyword. Therefore, in Attribute
The prime pp that specifies the size of the finite field. based Elliptic Curve Digital Signature searchable
encryption schemes, we need forward security, which
The coefficients aa and bb of the elliptic curve
means a search token cannot be used to search the
equation.
encrypted data files that produced after the time
The base point GG that generates our subgroup. period of generating the search token (e.g., a search
The order nn of the subgroup. token generated at a time period t cannot be used to
search a encrypted data file generated at a time period
The cofactor hh of the subgroup. t1. In general, considering the practicality, most of
In conclusion, the domain parameters for our cloud storage systems can support the function of
algorithms are the sextuple dynamically adding data files. However, in searchable
encryption mechanism, the simple operation of
(p,a,b,G,n,h)(p,a,b,G,n,h). adding data files can seriously lead to the leakage of
The algorithm performed by Alice to sign the some privacy information. This is, as clients can
message works as follows: dynamically add data files to the cloud server, after
receiving a new added encrypted data file, the cloud
Take a random integer kk chosen from server can immediately know whether the data file
{1,...,n−1}{1,...,n−1} (where nn is still the subgroup matches a previous query by using the search tokens
order). Calculate the point P=kGP=kG (where GG is it has received, which can lead to privacy leakage of
the base point of the subgroup). the new added encrypted data file. Moreover, since

@ IJTSRD | Unique Paper ID – IJTSRD55045 | Volume – 7 | Issue – 2 | March-April 2023 Page 554
 International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470
keyword space is actually much smaller than the quality of the internet can be increased. With the
password space, if the cloud server has received help of the IoT and Cloud Computing, we can store
enough search tokens, it may easily classify a new data in the cloud, for further analyze & provide
added encrypted data file by using the search tokens it enhanced performance. The users expect high-quality
has received to test the encrypted data file, and then fast-loading services and application. The network
can infer the search token that matches the most data provided will be faster and the ability to receive and
files is corresponding to the frequently used keyword. deliver that data will be quick.
Therefore, in public key searchable encryption REFERENCE
schemes, we need forward security, which means a [1] Q. Wang, M. Du, X. Chen, Y. Chen, P. Zhou,
search token cannot be used to search the encrypted Chen, and X. Huang, “Privacy-preserving
data files that produced after the time period of collaborative model learning: The case of word
generating the search token. In the security model, vector training,” IEEE Trans. Knowl. Data
clients are assumed to be honest, which will honestly Eng., vol. 30, no. 12, pp. 2381–2393, Dec. 2018
perform the protocols. The system clock is a fully [2] H. Zhong, W. Zhu, Y. Xu, and J. Cui, “Multi-
trusted entity which will always honestly tell clients authority attribute based encryption access
the current time. The cloud server is assumed to be control scheme with policy hidden for cloud
honest but curious, which will honestly store storage,” Soft Comput., vol. 22, no. 1, pp.243–
encrypted data files and execute the proposed 251, 2018.
protocols, but curious about the content of data files
and queries, namely the cloud server attempts to infer [3] S. Sun, X. Yuan, J. K. Liu, R. Steinfeld, A.
the private information of queries and data files. With Sakzad, V. Vo, and S. Nepal, “Practical
the assumptions, the security means the cloud server backward-secure searchable encryption from
could learn nothing beyond the test results in search symmetric puncturable encryption,” in Proc.
phase. From the search algorithm, it is easy to know ACM Conf. Comput. Commun. Security, 2018,
that a search token cannot be used to test an encrypted pp. 763–780
data file generated after the search token (including [4] P. Xu, S. He, W. Wang, W. Susilo, and H. Jin,
cannot be used to test an encrypted data generated at “Lightweight searchable public-key encryption
the same time with the search token). for cloud-assisted wireless sensor networks,”
VIII. RESULT AND DISCUSSION IEEE Trans. Ind. Informat., vol.14, no. 8, pp.
This section presents the results of proposed system 3712–3723, Aug. 2018.
which is implemented in Java and MYSQL backend. [5] H. Yin, J. Zhang, Y. Xiong, L. Ou, F. Li, S.
The project is implemented in Netbeans8.2 and Intel Liao, and K. Li, “CPABSE: A ciphertext-
Pentium IV 2.80 GHz Operating system is utilised policy attribute-based searchable encryption
Moreover, the own dataset is taken for analyzing the scheme,” IEEE Access, vol. 7, pp. 5682–5694,
performance of the techniques. Java is a programming 2019.
language and a platform. Java is a high level, robust,
object-oriented and secure programming language. [6] Y. Miao, J. Ma, X. Liu, X. Li, Z. Liu, and H.
Li, “Practical attributebased multi-keyword
IX. CONCLUSION search scheme in mobile crowdsourcing,” IEEE
The forward security for public key searchable Internet Things J., vol. 5, no. 4, pp.3008–3018,
encryption, which means a new added encrypted data Aug. 2018.
file cannot be searched by the search tokens generated
before the encrypted data file. This security is [7] Ning, J., Huang, X., Susilo, W., Liang, K., Liu,
urgently required for the public key searchable X., & Zhang, Y. (2020). Dual Access Control
encryption schemes deployed in cloud storage, and for Cloud-Based Data Storage and Sharing.
can greatly reduce the privacy information leaked to a IEEE Transactions on Dependable and Secure
cloud server. Finally, our proposed scheme in terms Computing, 1–1.
of encryption, token generation and search. doi:10.1109/tdsc.2020.3011525
X. FUTURE WORK [8] P. Chinnasamy and P. Deepalakshmi, "Design
We can see the future of Cloud computing as a of Secure Storage for Health-care Cloud using
combination of cloud-based software products and Hybrid Cryptography," 2018 Second
on-premises compute which will help to create hybrid International Conference on Inventive
IT solutions. The modified cloud is scalable and Communication and Computational
flexible, which will provide security and control over Technologies (ICICCT), 2018, pp. 1717-1720,
data center. With the help of the Internet of Things, doi:10.1109/ICICCT.2018.8473107.49

@ IJTSRD | Unique Paper ID – IJTSRD55045 | Volume – 7 | Issue – 2 | March-April 2023 Page 555
 International Journal of Trend in Scientific Research and Development @ www.ijtsrd.com eISSN: 2456-6470
[9] Prabhu kavin, B., & Ganapathy, S. (2019). A Stephan and L. Mostarda, "Capturing-the-
secured storage and privacy-preserving model Invisible (CTI): Behavior-Based Attacks
using CRT for providing security on cloud and Recognition in IoT-Oriented Industrial Control
IoT-based applications. Computer Networks, Systems," in IEEE Access, vol. 8, pp. 104956-
151, 181–190. 104966, 2020,
doi:10.1016/j.comnet.2019.01.032 doi:10.1109/ACCESS.2020.2998983.
[10] Bhardwaj, F. Al-Turjman, M. Kumar, T.

@ IJTSRD | Unique Paper ID – IJTSRD55045 | Volume – 7 | Issue – 2 | March-April 2023 Page 556