Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives

Raphael Bost; Brice Minaud; Olga Ohrimenko

doi:10.1145/3133956.3133980

Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives

Raphael Bost, Brice Minaud, Olga Ohrimenko

Department of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

393 Downloads (Pure)

Abstract

Using dynamic Searchable Symmetric Encryption, a user with limited storage resources can securely outsource a database to an untrusted server, so that the database can still be searched and updated efficiently. For such dynamic schemes, it would be desirable that updates do not reveal any information a priori on the modifications, and that deleted results remain unaccessible to the server a posteriori. If the first property, called forward privacy, has been the main motivation of recent works, the second one, the backward privacy, has been overlooked.

In this paper, we study for the first time the notion of backward privacy for searchable encryption. After giving formal definitions of different flavors of backward privacy, we present several schemes achieving both forward and backward privacy, with different efficiency tradeoffs.

To design these schemes, we used constrained pseudo-random functions and puncturable encryption. These evolved cryptographic primitives allows for a finer-grained control of the power of the adversary, preventing him from evaluating functions on some inputs, or from decrypting some ciphertexts. For example, we present a framework to construct forward private schemes from range-constrained pseudo-random functions.

Finally, we implemented these schemes and we study their practical efficiency.

Original language	English
Title of host publication	Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Subtitle of host publication	CCS '17
Publisher	Association for Computing Machinery (ACM)
Pages	1465-1482
Number of pages	18
ISBN (Electronic)	978-1-4503-4946-8
DOIs	https://doi.org/10.1145/3133956.3133980
Publication status	Published - 30 Oct 2017

Keywords

Cryptog
Searchable Encryption

Access to Document

10.1145/3133956.3133980

Accepted ManuscriptAccepted author manuscript, 722 KB

https://eprint.iacr.org/2017/805.pdf

Multilinear Maps in Cryptography
Paterson, K. (PI)
Eng & Phys Sci Res Council EPSRC
31/01/14 → 30/01/17
Project: Research

Cite this

@inproceedings{23f0f798888c46dfbca62bbb42b9f355,

title = "Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives",

abstract = "Using dynamic Searchable Symmetric Encryption, a user with limited storage resources can securely outsource a database to an untrusted server, so that the database can still be searched and updated efficiently. For such dynamic schemes, it would be desirable that updates do not reveal any information a priori on the modifications, and that deleted results remain unaccessible to the server a posteriori. If the first property, called forward privacy, has been the main motivation of recent works, the second one, the backward privacy, has been overlooked.In this paper, we study for the first time the notion of backward privacy for searchable encryption. After giving formal definitions of different flavors of backward privacy, we present several schemes achieving both forward and backward privacy, with different efficiency tradeoffs.To design these schemes, we used constrained pseudo-random functions and puncturable encryption. These evolved cryptographic primitives allows for a finer-grained control of the power of the adversary, preventing him from evaluating functions on some inputs, or from decrypting some ciphertexts. For example, we present a framework to construct forward private schemes from range-constrained pseudo-random functions.Finally, we implemented these schemes and we study their practical efficiency.",

keywords = "Cryptog, Searchable Encryption",

author = "Raphael Bost and Brice Minaud and Olga Ohrimenko",

year = "2017",

month = oct,

day = "30",

doi = "10.1145/3133956.3133980",

language = "English",

pages = "1465--1482",

booktitle = "Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

}

Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives. / Bost, Raphael; Minaud, Brice; Ohrimenko, Olga.
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security: CCS '17. Association for Computing Machinery (ACM), 2017. p. 1465-1482.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives

AU - Bost, Raphael

AU - Minaud, Brice

AU - Ohrimenko, Olga

PY - 2017/10/30

Y1 - 2017/10/30

N2 - Using dynamic Searchable Symmetric Encryption, a user with limited storage resources can securely outsource a database to an untrusted server, so that the database can still be searched and updated efficiently. For such dynamic schemes, it would be desirable that updates do not reveal any information a priori on the modifications, and that deleted results remain unaccessible to the server a posteriori. If the first property, called forward privacy, has been the main motivation of recent works, the second one, the backward privacy, has been overlooked.In this paper, we study for the first time the notion of backward privacy for searchable encryption. After giving formal definitions of different flavors of backward privacy, we present several schemes achieving both forward and backward privacy, with different efficiency tradeoffs.To design these schemes, we used constrained pseudo-random functions and puncturable encryption. These evolved cryptographic primitives allows for a finer-grained control of the power of the adversary, preventing him from evaluating functions on some inputs, or from decrypting some ciphertexts. For example, we present a framework to construct forward private schemes from range-constrained pseudo-random functions.Finally, we implemented these schemes and we study their practical efficiency.

AB - Using dynamic Searchable Symmetric Encryption, a user with limited storage resources can securely outsource a database to an untrusted server, so that the database can still be searched and updated efficiently. For such dynamic schemes, it would be desirable that updates do not reveal any information a priori on the modifications, and that deleted results remain unaccessible to the server a posteriori. If the first property, called forward privacy, has been the main motivation of recent works, the second one, the backward privacy, has been overlooked.In this paper, we study for the first time the notion of backward privacy for searchable encryption. After giving formal definitions of different flavors of backward privacy, we present several schemes achieving both forward and backward privacy, with different efficiency tradeoffs.To design these schemes, we used constrained pseudo-random functions and puncturable encryption. These evolved cryptographic primitives allows for a finer-grained control of the power of the adversary, preventing him from evaluating functions on some inputs, or from decrypting some ciphertexts. For example, we present a framework to construct forward private schemes from range-constrained pseudo-random functions.Finally, we implemented these schemes and we study their practical efficiency.

KW - Cryptog

KW - Searchable Encryption

U2 - 10.1145/3133956.3133980

DO - 10.1145/3133956.3133980

M3 - Conference contribution

SP - 1465

EP - 1482

BT - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery (ACM)

ER -

Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives

Abstract

Keywords

Access to Document

Projects

Multilinear Maps in Cryptography

Cite this