Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This paper presents an attribute based fine-grained data access control scheme for matching friends. The scheme protects the privacy of users in social networks compared to matching friends directly without any restrictions. In this paper, the participants of the scheme, the design of the algorithm, the security proof and the calculation cost of the scheme are described in detail. There are some problems, which must be solved before it is considered for publication. If the following problems are well-addressed, I believe that the essential contribution of this paper are important for protect the privacy of friends in social networks.

First, the abstract of the paper is not logical enough to describe the problem solved in the paper. In terms of the introduction and related work, the work of this paper is not well refined.

Secondly, there are some symbolic issues. Some symbols are ambiguous or misrepresented in the article. For example, there is a problem in the symbol representation of "user attribute list" in the second paragraph of Section 3.1. It is recommended to carefully check that the representation of each symbol is correct and the context is consistent.

Then, there are some wrong statements in the paper. For example, the "subset" symbol in the first formula on page 6 of the paper is the wrong direction.

Finally, there are some wrong sentences, punctuation marks and capitalization in the paper, that is, some symbols lack Spaces after them, and some sentences are not complete. For example, there is a missing space after the "colon" in the third paragraph of section 4.4, and the first sentence of the last paragraph on page 5 is incomplete.

 

Comments on the Quality of English Language

In conclusion, we believe that your paper has the potential to make a good contribution. However, several major issues must be addressed before publication. Therefore, we recommend that you revise your manuscript accordingly and resubmit it for further consideration.  

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

To ensure secure and fine-grained data sharing during friend interactions on open social networks, a method utilizing attribute encryption technology for private set matching between interacting parties has been proposed. The method involves generating access control policies based on the active friend-making parties' preferences and attribute keys from the passive friend-making parties' personal description information. The parties match based on attribute keys, with the matching process accelerated by hashing target attributes and performing modulo prime residue operations to form corresponding vectors and attribute lists. Most of the computational process is outsourced to the social platform, with users only needing to decrypt the returned matching data to complete friend matching.

1. In Theorem 2, it should be explicitly stated that user data remains invisible to the open social network platform. The security of outsourced data against adversaries of varying capabilities should be discussed separately. Concisely, what kind of security does author describe? What is the attacker’s ability? The author should give a specific definition of the security.

2. In the definition of security Model, authors should consider the ability of attacker. It should be corresponding to the definition of algorithm(section 4.3 “Algorithm Aefinition”). However, I does not see the difference between the authors’ security definition and the security definition of ABE. What is the function of the attack target identities ID_j^*. In addition, it need not to show the security assumption(q-parallel BDHE assumption) in the section of security model.

Comments for author File: Comments.pdf

Comments on the Quality of English Language

1. It is recommended to adjust the clarity of Figure 1, align the figure with the text, and improve the formatting of the correctness analysis section in the text.

2. Regarding the encryption algorithm in the System Definition section, Enc2(PK, K, (M, ρ)) → C appears to be a typographical error. The correct output should be CT, as detailed in the subsequent algorithm description.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

In order to achieve fast decryption of users, while ensuring the privacy security of matching users and fine-grained access control, this paper proposed a CP-ABE mobile social network outsourcing decryption scheme. 

-- The motivation of the proposed framework need to be a little more convinced. 

-- What are the challenges of the proposed scheme? Please highlight the challenges of the proposed scheme. 

-- Could you please make a comparison of properties among the proposed scheme and other related schemes? 

-- In the system model, could you please elaborate the trust level of each role in the proposed framework? 

-- The underlying of the proposed scheme and other related works are not based on the same ABE scheme, so the comparison in Table 3 and Table 4 cannot really reflect the efficiency of the proposed scheme. Could you please explain how much efficient would this scheme be if this method is applied to other schemes? The comparison needs to be performed for the same underlying ABE scheme.  

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 4 Report

Comments and Suggestions for Authors

Observations

1. While the article proposes a unique scheme, it is essential to clearly delineate this work's advancements over existing literature. The paper discusses related work but could better highlight the novel aspects of its approach, especially in contrast to recent advancements in ABE and privacy-preserving mechanisms in mobile social networks.

2. The article would benefit from a more detailed technical exposition of the proposed scheme's components, particularly the encryption and decryption algorithms. Given the complexity of attribute-based encryption, a deeper dive into these aspects would aid in understanding the proposed solution's innovation and efficiency.

3. The security analysis provides a theoretical underpinning for the scheme's security; however, it lacks empirical validation. Including case studies or real-world testing scenarios could significantly strengthen the claims of effectiveness and practical applicability.

4. There are minor typographical and grammatical errors throughout the document that, while not undermining the scientific quality, detract from the overall readability. A thorough proofreading is recommended.

Comments for author File: Comments.pdf

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

1. The authors did not make revisions according to the last review comments, such as “Algorithm Aefinition” in section 4.3(page 6), “the decisional q-parallel BDHE assumption” should not appear in the security model (section 4.4).

2. In the security model, what is relationship between security parameter $l$ and $\lambda$？Why are there two security parameters？The security model does not express the security goals which the author aims to achieve. In my opinion, it is a security model for ABE scheme if it deleted the second “Initialization” step. The security model does not match to the algorithm definition. Therefore, the security analysis does not reflect the model constructed by the authors because it is completely a proof process of ABE scheme.

3. The author described that there is no adversary can win the IND-SPA-CPA game with a negligible advantage in the polynomial-time algorithm. It should describe that “For any probability polynomial-time adversary, the successful advantage is negligible for the proposed scheme under the decisional q-parallel BDHE assumption”

To sum up, the authors does not understand some concepts of cryptography, and does not make carefully modification. Therefore, it should reject this manuscript.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

Authors have addressed my concerns. 

Author Response

Thank you again for your positive and constructive comments and suggestions on our manuscript.

Round 3

Reviewer 2 Report

Comments and Suggestions for Authors

In the security model, it does not express the security goals which the author aims to achieve. In my opinion, it is a security model of ABE scheme. The security model does not match to the algorithm definition. Therefore, the security analysis does not reflect the model constructed by the authors because it is completely a proof process of ABE scheme.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 4

Reviewer 2 Report

Comments and Suggestions for Authors

As a semi-credible authority, the original ciphertext is  carried out the partially decrypt operation by the friend server. Therefore, it should consider the security of partially decrypt instead of the ABE security.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf