ABSTRACT
In the last few years, there has been significant interest in developing methods to search over encrypted data. In the case of range queries, a simple solution is to encrypt the contents of the database using an order-preserving encryption (OPE) scheme (i.e., an encryption scheme that supports comparisons over encrypted values). However, Naveed et al. (CCS 2015) recently showed that OPE-encrypted databases are extremely vulnerable to "inference attacks."
In this work, we consider a related primitive called order-revealing encryption (ORE), which is a generalization of OPE that allows for stronger security. We begin by constructing a new ORE scheme for small message spaces which achieves the "best-possible" notion of security for ORE. Next, we introduce a "domain extension" technique and apply it to our small-message-space ORE. While our domain-extension technique does incur a loss in security, the resulting ORE scheme we obtain is more secure than all existing (stateless and non-interactive) OPE and ORE schemes which are practical. All of our constructions rely only on symmetric primitives. As part of our analysis, we also give a tight lower bound for OPE and show that no efficient OPE scheme can satisfy best-possible security if the message space contains just three messages. Thus, achieving strong notions of security for even small message spaces requires moving beyond OPE.
Finally, we examine the properties of our new ORE scheme and show how to use it to construct an efficient range query protocol that is robust against the inference attacks of Naveed et al. We also give a full implementation of our new ORE scheme, and show that not only is our scheme more secure than existing OPE schemes, it is also faster: encrypting a 32-bit integer requires just 55 microseconds, which is more than 65 times faster than existing OPE schemes.
- R. Abelson and J. Creswell. Data breach at anthem may forecast a trend. The New York Times, 2015.Google Scholar
- R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order-preserving encryption for numeric data. In ACM SIGMOD, 2004. Google ScholarDigital Library
- P. Ananth and A. Jain. Indistinguishability obfuscation from compact functional encryption. In CRYPTO, 2015.Google ScholarCross Ref
- B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. J. ACM, 2012. Google ScholarDigital Library
- M. Bellare, V. T. Hoang, S. Keelveedhi, and P. Rogaway. Efficient garbling from a fixed-key blockcipher. In IEEE SP, 2013. Google ScholarDigital Library
- M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In CCS, 1993. Google ScholarDigital Library
- C. Binnig, S. Hildenbrand, and F. Farber. Dictionary-based order-preserving string compression for main memory column stores. In ACM SIGMOD, 2009. Google ScholarDigital Library
- T. Boelter, R. Poddar, and R. A. Popa. A secure one-roundtrip index for range queries. Cryptology ePrint Archive, Report 2016/568, 2016.Google Scholar
- A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In EUROCRYPT, 2009.Google ScholarDigital Library
- A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO, 2011. Google ScholarDigital Library
- D. Boneh, C. Gentry, S. Halevi, F. Wang, and D. J. Wu. Private database queries using somewhat homomorphic encryption. In ACNS, 2013. Google ScholarDigital Library
- D. Boneh, K. Lewi, M. Raykova, A. Sahai, M. Zhandry, and J. Zimmerman. Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation. In EUROCRYPT, 2015.Google ScholarCross Ref
- D. Boneh, A. Sahai, and B. Waters. Functional encryption: Definitions and challenges. In TCC, 2011. Google ScholarDigital Library
- D. Boneh and A. Silverberg. Applications of multilinear forms to cryptography. Contemporary Mathematics, 2003.Google Scholar
- D. Boneh and B. Waters. Conjunctive, subset, and range queries on encrypted data. In TCC, 2007. Google ScholarDigital Library
- Z. Brakerski, I. Komargodski, and G. Segev. From single-input to multi-input functional encryption in the private-key setting. IACR Cryptology ePrint Archive, 2015.Google Scholar
- D. Cash, J. Jaeger, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS, 2014.Google ScholarCross Ref
- D. Cash, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO, 2013.Google ScholarCross Ref
- Y. Chang and M. Mitzenmacher. Privacy preserving keyword searches on remote encrypted data. In ACNS, 2005. Google ScholarDigital Library
- M. Chase and S. Kamara. Structured encryption and controlled disclosure. In ASIACRYPT, pages 577--594, 2010.Google ScholarCross Ref
- S. Chatterjee and M. P. L. Das. Property preserving symmetric encryption revisited. In ASIACRYPT, 2015.Google ScholarDigital Library
- N. Chenette, K. Lewi, S. A. Weis, and D. J. Wu. Practical order-revealing encryption with limited leakage. In FSE, 2016.Google ScholarDigital Library
- J. Coron, T. Lepoint, and M. Tibouchi. Practical multilinear maps over the integers. In CRYPTO, 2013.Google ScholarCross Ref
- R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In ACM CCS, 2006. Google ScholarDigital Library
- S. Faber, S. Jarecki, H. Krawczyk, Q. Nguyen, M. Rosu, and M. Steiner. Rich queries on encrypted data: Beyond exact matches. In ESORICS, 2015.Google ScholarCross Ref
- J. Finkle and D. Volz. Database of 191 million u.s. voters exposed on internet: researcher. Reuters, 2015.Google Scholar
- S. Garg, C. Gentry, and S. Halevi. Candidate multilinear maps from ideal lattices. In EUROCRYPT, 2013.Google ScholarCross Ref
- S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, and B. Waters. Candidate indistinguishability obfuscation and functional encryption for all circuits. In FOCS, 2013. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC, 2009. Google ScholarDigital Library
- E. Goh. Secure indexes. IACR Cryptology ePrint Archive, 2003.Google Scholar
- O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. J. ACM, 1986. Google ScholarDigital Library
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. J. ACM, 1996. Google ScholarDigital Library
- S. Goldwasser, S. D. Gordon, V. Goyal, A. Jain, J. Katz, F. Liu, A. Sahai, E. Shi, and H. Zhou. Multi-input functional encryption. In EUROCRYPT, 2014.Google ScholarCross Ref
- S. Goldwasser and S. Micali. Probabilistic encryption. J. Comput. Syst. Sci., 1984.Google Scholar
- T. Granlund and the GMP development team. GNU MP: The GNU Multiple Precision Arithmetic Library. http://gmplib.org/, 2012.Google Scholar
- S. Gueron and N. Mouha. Simpira v2: A family of efficient permutations using the AES round function. IACR Cryptology ePrint Archive, 2016.Google Scholar
- S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Outsourced symmetric private information retrieval. In ACM CCS, 2013. Google ScholarDigital Library
- H. Kadhem, T. Amagasa, and H. Kitagawa. A secure and efficient order preserving encryption scheme for relational databases. In KMIS, 2010.Google Scholar
- G. Kelly. ebay suffers massive security breach, all users must change their passwords. Forbes, 2014.Google Scholar
- F. Kerschbaum. Frequency-hiding order-preserving encryption. In ACM CCS, 2015. Google ScholarDigital Library
- F. Kerschbaum and A. Schröpfer. Optimal average-complexity ideal-security order-preserving encryption. In ACM CCS, 2014. Google ScholarDigital Library
- S. Kim, K. Lewi, A. Mandal, H. W. Montgomery, A. Roy, and D. J. Wu. Function-hiding inner product encryption is practical. IACR Cryptology ePrint Archive, 2016.Google Scholar
- K. Lewi and D. J. Wu. Order-revealing encryption: New constructions, applications, and lower bounds. IACR Cryptology ePrint Archive, 2016:612, 2016. Google ScholarDigital Library
- M. Luby and C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput., 1988. Google ScholarDigital Library
- C. Mavroforakis, N. Chenette, A. O'Neill, G. Kollios, and R. Canetti. Modular order-preserving encryption, revisited. In ACM SIGMOD, 2015. Google ScholarDigital Library
- M. Naveed, S. Kamara, and C. V. Wright. Inference attacks on property-preserving encrypted databases. In ACM CCS, 2015. Google ScholarDigital Library
- M. Naveed, M. Prabhakaran, and C. A. Gunter. Dynamic searchable encryption via blind storage. In IEEE SP, 2014. Google ScholarDigital Library
- O. Pandey and Y. Rouselakis. Property preserving symmetric encryption. In EUROCRYPT, 2012. Google ScholarDigital Library
- V. Pappas, F. Krell, B. Vo, V. Kolesnikov, T. Malkin, S. G. Choi, W. George, A. D. Keromytis, and S. Bellovin. Blind seer: A scalable private DBMS. In IEEE SP, 2014. Google ScholarDigital Library
- R. A. Popa, F. H. Li, and N. Zeldovich. An ideal-security protocol for order-preserving encoding. In IEEE SP, 2013. Google ScholarDigital Library
- R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In ACM SOSP, 2011. Google ScholarDigital Library
- D. S. Roche, D. Apon, S. G. Choi, and A. Yerukhimovich. POPE: partial order-preserving encoding. IACR Cryptology ePrint Archive, 2015.Google Scholar
- D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In IEEE SP, 2000. Google ScholarDigital Library
- I. Teranishi, M. Yung, and T. Malkin. Order-preserving encryption secure beyond one-wayness. In ASIACRYPT, 2014.Google ScholarCross Ref
- The OpenSSL Project. OpenSSL: The open source toolkit for SSL/TLS. www.openssl.org, 2003.Google Scholar
- A. C. Yao. Protocols for secure computations (extended abstract). In FOCS, 1982. Google ScholarDigital Library
- M. Yasuda, T. Shimoyama, J. Kogure, K. Yokoyama, and T. Koshiba. Secure pattern matching using somewhat homomorphic encryption. In CCSW, 2013. Google ScholarDigital Library
Index Terms
- Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds
Recommendations
What Else is Revealed by Order-Revealing Encryption?
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityThe security of order-revealing encryption (ORE) has been unclear since its invention. Dataset characteristics for which ORE is especially insecure have been identified, such as small message spaces and low-entropy distributions. On the other hand, ...
Order-Revealing Encryption: File-Injection Attack and Forward Security
Computer SecurityAbstractOrder-preserving encryption (OPE) and order-revealing encryption (ORE) are among the core ingredients for encrypted databases (EDBs). In this work, we study the leakage of OPE and ORE and their forward security.
We propose generic yet powerful file-...
Order-Revealing Encryption: File-Injection Attack and Forward Security
AbstractOrder-preserving encryption (OPE) and order-revealing encryption (ORE) are among the core ingredients for encrypted databases (EDBs). In this work, we study the leakage of OPE and ORE and their forward security. We propose generic yet powerful ...
Comments