Chapter

Advances in Cryptology - CRYPTO 2007

Volume 4622 of the series Lecture Notes in Computer Science pp 535-552

Deterministic and Efficiently Searchable Encryption

  • Mihir BellareAffiliated withDept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093
  • , Alexandra BoldyrevaAffiliated withCollege of Computing, Georgia Institute of Technology, 266 Ferst Drive, Atlanta, GA 30332
  • , Adam O’NeillAffiliated withCollege of Computing, Georgia Institute of Technology, 266 Ferst Drive, Atlanta, GA 30332

Abstract

We present as-strong-as-possible definitions of privacy, and constructions achieving them, for public-key encryption schemes where the encryption algorithm is deterministic. We obtain as a consequence database encryption methods that permit fast (i.e. sub-linear, and in fact logarithmic, time) search while provably providing privacy that is as strong as possible subject to this fast search constraint. One of our constructs, called RSA-DOAEP, has the added feature of being length preserving, so that it is the first example of a public-key cipher. We generalize this to obtain a notion of efficiently-searchable encryption schemes which permit more flexible privacy to search-time trade-offs via a technique called bucketization. Our results answer much-asked questions in the database community and provide foundations for work done there.