Xianrui Meng
ABSTRACT
We propose graph encryption schemes that efficiently support approximate shortest distance queries on large-scale encrypted graphs. Shortest distance queries are one of the most fundamental graph operations and have a wide range of applications. Using such graph encryption schemes, a client can outsource large-scale privacy-sensitive graphs to an untrusted server without losing the ability to query it. Other applications include encrypted graph databases and controlled disclosure systems. We propose GRECS (stands for GRaph EnCryption for approximate Shortest distance queries) which includes three oracle encryption schemes that are provably secure against any semi-honest server. Our first construction makes use of only symmetric-key operations, resulting in a computationally-efficient construction. Our second scheme makes use of somewhat-homomorphic encryption and is less computationally-efficient but achieves optimal communication complexity (i.e. uses a minimal amount of bandwidth). Finally, our third scheme is both computationally-efficient and achieves optimal communication complexity at the cost of a small amount of additional leakage. We implemented and evaluated the efficiency of our constructions experimentally. The experiments demonstrate that our schemes are efficient and can be applied to graphs that scale up to 1.6 million nodes and 11 million edges.
- A. Aly, E. Cuvelier, S. Mawet, O. Pereira, and M. V. Vyve. Securely solving simple combinatorial graph problems. In Financial Cryptography, pages 239--257, 2013.Google Scholar
Cross Ref
- M. Blanton, A. Steele, and M. Aliasgari. Data-oblivious graph algorithms for secure computation and outsourcing. In ASIACCS, pages 207--218, 2013. Google ScholarDigital Library
- D. Boneh, E.-J. Goh, and K. Nissim. Evaluating 2-dnf formulas on ciphertexts. In TCC 2005, pages 325--342, 2005. Google ScholarDigital Library
- D. Cash, J. Jaeger, S. Jarecki, C. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS '14, 2014.Google ScholarCross Ref
- D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO '13, pages 353--373, 2013.Google ScholarCross Ref
- Y. Chang and M. Mitzenmacher. Privacy preserving keyword searches on remote encrypted data. In ACNS '05, pages 442--455. Springer, 2005. Google ScholarDigital Library
- M. Chase and S. Kamara. Structured encryption and controlled disclosure. In ASIACRYPT '10, volume 6477, pages 577--594, 2010.Google ScholarCross Ref
- S. Chechik. Approximate distance oracles with constant query time. In STOC, pages 654--663, 2014. Google ScholarDigital Library
- J. Cheng, A. W.-C. Fu, and J. Liu. K-isomorphism: privacy preserving network publication against structural attacks. In SIGMOD, pages 459--470, 2010. Google ScholarDigital Library
- E. Cohen. All-distances sketches, revisited: Hip estimators for massive graphs analysis. In PODS, pages 88--99, 2014. Google ScholarDigital Library
- E. Cohen, D. Delling, F. Fuchs, A. V. Goldberg, M. Goldszmidt, and R. F. Werneck. Scalable similarity estimation in social networks: closeness, node labels, and random edge lengths. In COSN, pages 131--142, 2013. Google ScholarDigital Library
- E. Cohen, E. Halperin, H. Kaplan, and U. Zwick. Reachability and distance queries via 2-hop labels. SIAM J. Comput., 32(5):1338--1355, 2003. Google ScholarDigital Library
- R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: Improved definitions and efficient constructions. In CCS, pages 79--88. ACM, 2006. Google ScholarDigital Library
- A. Das Sarma, S. Gollapudi, M. Najork, and R. Panigrahy. A sketch-based distance oracle for web-scale graphs. In WSDM, pages 401--410, 2010. Google ScholarDigital Library
- C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In TCC, pages 265--284, 2006. Google ScholarDigital Library
- J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. J. Strauss, and R. N. Wright. Secure multiparty computation of approximations. ACM Transactions on Algorithms, 2(3):435--472, 2006. Google ScholarDigital Library
- J. Gao, J. X. Yu, R. Jin, J. Zhou, T. Wang, and D. Yang. Neighborhood-privacy protected shortest distance computing in cloud. In SIGMOD, pages 409--420, 2011. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC '09, pages 169--178. ACM Press, 2009. Google ScholarDigital Library
- C. Gentry, S. Halevi, and V. Vaikuntanathan. A simple bgn-type cryptosystem from lwe. In EUROCRYPT, pages 506--522. Springer, 2010. Google ScholarDigital Library
- E.-J. Goh. Secure indexes. Technical Report 2003/216, IACR ePrint Cryptography Archive, 2003. See http://eprint.iacr.org/2003/216.Google Scholar
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM, 43(3):431--473, 1996. Google ScholarDigital Library
- S. Halevi, R. Krauthgamer, E. Kushilevitz, and K. Nissim. Private approximation of np-hard functions. In STOC, pages 550--559. ACM, 2001. Google ScholarDigital Library
- W. Han, S. Lee, K. Park, J. Lee, M. Kim, J. Kim, and H. Yu. Turbograph: a fast parallel graph engine handling billion-scale graphs in a single PC. In KDD, pages 77--85, 2013. Google ScholarDigital Library
- S. Kamara and C. Papamanthou. Parallel and dynamic searchable symmetric encryption. In FC '13, 2013.Google ScholarCross Ref
- S. Kamara, C. Papamanthou, and T. Roeder. Dynamic searchable symmetric encryption. In CCS. ACM Press, 2012. Google ScholarDigital Library
- S. P. Kasiviswanathan, K. Nissim, S. Raskhodnikova, and A. Smith. Analyzing graphs with node differential privacy. In TCC, pages 457--476, 2013. Google ScholarDigital Library
- J. Katz and Y. Lindell. Introduction to Modern Cryptography. Chapman & Hall/CRC, 2008. Google ScholarDigital Library
- K. Kurosawa and Y. Ohtaki. Uc-secure searchable symmetric encryption. In Financial Cryptography and Data Security (FC '12), Lecture Notes in Computer Science, pages 285--298. Springer, 2012.Google ScholarCross Ref
- A. Kyrola and C. Guestrin. Graphchi-db: Simple design for a scalable graph database system - on just a PC. CoRR, abs/1403.0701, 2014.Google Scholar
- J. Leskovec, J. M. Kleinberg, and C. Faloutsos. Graphs over time: densification laws, shrinking diameters and possible explanations. In KDD, pages 177--187, 2005. Google ScholarDigital Library
- C. Liu, Y. Huang, E. Shi, J. Katz, and M. W. Hicks. Automating efficient ram-model secure computation. In IEEE SP, pages 623--638, 2014. Google ScholarDigital Library
- C. Liu, X. S. Wang, K. Nayak, Y. Huang, and E. Shi. Oblivm: A programming framework for secure computation. In IEEE SP, pages 359--376, 2015.Google ScholarDigital Library
- K. Liu and E. Terzi. Towards identity anonymization on graphs. In SIGMOD, pages 93--106, 2008. Google ScholarDigital Library
- Y. Low, J. Gonzalez, A. Kyrola, D. Bickson, C. Guestrin, and J. M. Hellerstein. Graphlab: A new framework for parallel machine learning. In UAI, pages 340--349, 2010.Google ScholarDigital Library
- G. Malewicz, M. H. Austern, A. J. C. Bik, J. C. Dehnert, I. Horn, N. Leiser, and G. Czajkowski. Pregel: a system for large-scale graph processing. In SIGMOD, pages 135--146, 2010. Google ScholarDigital Library
- K. Mouratidis and M. L. Yiu. Shortest path computation with no information leakage. PVLDB, pages 692--703, 2012. Google ScholarDigital Library
- M. Naveed, M. Prabhakaran, and C. Gunter. Dynamic searchable encryption via blind storage. In Oakland S&P, pages 639--654, 2014. Google ScholarDigital Library
- M. Potamias, F. Bonchi, C. Castillo, and A. Gionis. Fast shortest path distance estimation in large networks. In CIKM, pages 867--876, 2009. Google ScholarDigital Library
- N. Przulj, D. A. Wigle, and I. Jurisica. Functional topology in a network of protein interactions. Bioinformatics, 20(3):340--348, 2004. Google ScholarDigital Library
- Z. Qi, Y. Xiao, B. Shao, and H. Wang. Toward a distance oracle for billion-node graphs. In VLDB, pages 61--72, 2013. Google ScholarDigital Library
- R. Rivest, L. Adleman, and M. Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation, pages 169--180, 1978.Google Scholar
- M. Sarwat, S. Elnikety, Y. He, and G. Kliot. Horton: Online query execution engine for large distributed graphs. In ICDE, pages 1289--1292, 2012. Google ScholarDigital Library
- D. Shanks. Class number, a theory of factorization, and genera. In 1969 Number Theory Institute, pages 415--440. Providence, R.I., 1971.Google ScholarCross Ref
- B. Shao, H. Wang, and Y. Li. Trinity: a distributed graph engine on a memory cloud. In SIGMOD, pages 505--516, 2013. Google ScholarDigital Library
- E. Shen and T. Yu. Mining frequent graph patterns with differential privacy. In KDD 2013, pages 545--553, 2013. Google ScholarDigital Library
- D. Song, D. Wagner, and A. Perrig. Practical techniques for searching on encrypted data. In Oakland S&P, pages 44--55, 2000. Google ScholarDigital Library
- E. Stefanov, C. Papamanthou, and E. Shi. Practical dynamic searchable encryption with small leakage. In NDSS, 2014.Google ScholarCross Ref
- M. Thorup and U. Zwick. Approximate distance oracles. Journal of the ACM, 52(1):1--24, Jan. 2005. Google ScholarDigital Library
- X. S. Wang, K. Nayak, C. Liu, T. H. Chan, E. Shi, E. Stefanov, and Y. Huang. Oblivious data structures. In CCS, pages 215--226, 2014. Google ScholarDigital Library
Index Terms
- GRECS: Graph Encryption for Approximate Shortest Distance Queries
Recommendations
Efficient Graph Encryption Scheme for Shortest Path Queries
ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications SecurityGraph encryption schemes (introduced by [Chase and Kamara, 2010]) have been receiving growing interest across various disciplines due to their attractive tradeoff between functionality, efficiency and privacy. In this paper, we advance the state of the ...
Efficient boolean SSE: A novel encrypted database (EDB) for biometric authentication
AbstractBiometric authentication is up‐and‐coming to replace the traditional identity authentication method (e.g., passwords, PIN, identification cards) for its convenience and intelligence. With more and more users using this method, the database becomes ...
Identity-based encryption with outsourced equality test in cloud computing
It is the first time to integrate identity-based encryption into public key encryption with equality test.It extends identity-based encryption with keyword search to yield a general function: equality test.It is proven to be one-way chosen-ciphertext ...
Comments