📝 SummarXiv

Abstract

E-health record (EHR) contains a vast amount of continuously growing medical data and enables medical institutions to access patient health data conveniently.This provides opportunities for medical data mining which has important applications in identifying high-risk patients and improving disease diagnosis, etc.Since EHR contains sensitive patient information, how to protect patient privacy and enable mining on EHR data is important and challenging.Traditional public key encryption (PKE) can protect patient privacy, but cannot support flexible selective computation on encrypted EHR data.Functional encryption (FE) allows authorised users to compute function values of encrypted data without releasing other information, hence supporting selective computation on encrypted data. Nevertheless, existing FE schemes do not support fine-grained revocation and update, so they are unsuitable for EHR system. In this paper,we first propose an inner-product functional encryption with fine-grained revocation (IPFE-FR) scheme, and then apply it to a flexible EHR sharing system. Our scheme possesses the following features:(1) a group manager can revoke a specific function computation of medical institutions on encrypted EHR data,instead of all function computation rights. (2) a revoked medical institution is not allowed to compute the function value of encrypted EHR data not only generated after the revocation, but also generated before the revocation. (3) secret keys issued to the same medical institution are bound together to prevent collusion attacks. The formal definition and security model of the IPFE-FR scheme are proposed.Furthermore, we present a concrete construction and reduce its security to the Learning with Errors (LWE) assumption which is quantum-resistant. Finally, the theoretical analysis and experimental implementation of our scheme are conducted to show its efficiency.