Abstract
Many interesting applications of pattern matching (e.g. deep-packet inspection or medical data analysis) target very sensitive data. In particular, spotting illegal behaviour in internet traffic conflicts with legitimate privacy requirements, which usually forces users (e.g. children, employees) to blindly trust an entity that fully decrypts their traffic in the name of security.
The compromise between traffic analysis and privacy can be achieved through searchable encryption. However, as the traffic data is a stream and as the patterns to search are bound to evolve over time (e.g. new virus signatures), these applications require a kind of searchable encryption that provides more flexibility than the classical schemes. We indeed need to be able to search for patterns of variable sizes in an arbitrary long stream that has potentially been encrypted prior to pattern identification. To stress these specificities, we call such a scheme a stream encryption supporting pattern matching.
Recent papers use bilinear groups to provide public key constructions supporting these features [3, 13]. These solutions are lighter than more generic ones (e.g. fully homomorphic encryption) while retaining the adequate expressivity to support pattern matching without harming privacy more than needed. However, all existing solutions in this family have weaknesses with respect to efficiency and security that need to be addressed. Regarding efficiency, their public key has a size linear in the size of the alphabet, which can be quite large, in particular for applications that naturally process data as bytestrings. Regarding security, they all rely on a very strong computational assumption that is both interactive and specially tailored for this kind of scheme.
In this paper, we tackle these problems by providing two new constructions using bilinear groups to support pattern matching on encrypted streams. Our first construction shares the same strong assumption but dramatically reduces the size of the public key by removing the dependency on the size of the alphabet, while nearly halving the size of the ciphertext. On a typical application with large patterns, our public key is two order of magnitude smaller than the one of previous schemes, which demonstrates the practicality of our approach. Our second construction manages to retain most of the good features of the first one while exclusively relying on a simple (static) variant of \(\mathsf {DDH}\), which solves the security problem of previous works.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
More specifically, the service provider is trusted to provide the requested service but it should only learn the information necessary to carry out its task.
- 2.
References
Abdalla, M., et al.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. J. Cryptol. 21(3), 350–391 (2008)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_22
Bkakria, A., Cuppens-Boulahia, N., Cuppens, F.: Privacy-preserving pattern matching on encrypted data. In: Moriai, S., Wang, H., (eds.) ASIACRYPT 2020, Part II, vol. 12492 of LNCS, pp. 191–220. Springer, Heidelberg (2020)
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_30
Boneh, D., Raghunathan, A., Segev, G.: Function-private identity-based encryption: hiding the function in functional encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 461–478. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_26
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16
Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_29
Bossuat, A., Bost, R., Fouque, P. A., Minaud, B., Reichle, M.: Forward secure searchable encryption. In: Edgar, R., et al. (eds.) ACM CCS 2016, pp. 1143–1154. ACM Press (2016)
Bowe, S.: BLS12-381: new zk-SNARK elliptic curve construction (2017). electriccoin.co/blog/new-snark-curve/
Canard, S., Diop, A., Kheir, N., Paindavoine, M., Sabt, M.: BlindIDS: market-compliant and privacy-friendly intrusion detection system over encrypted traffic. In: Karri, R., Sinanoglu, O., Sadeghi, A., Yi, A., (eds.) ASIACCS 17, pp. 561–574. ACM Press (2017)
Canard, S., Pointcheval, D., Sanders, O., Traoré, J.: Divisible E-cash made practical. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 77–100. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46447-2_4
Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Juels, A., et al. (eds.) ACM CCS 2006, pp. 79–88. ACM Press (2006)
Desmoulins, N., Fouque, P., Onete, C., Sanders, O.: Pattern matching on encrypted streams. In: Peyrin, T., Galbraith, S., (eds.) ASIACRYPT 2018, Part I, vol. 11272 of LNCS, pp. 121–148. Springer, Heidelberg (2018)
Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Disc. Appl. Math. 156(16), 3113–3121 (2008)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M., (ed.) 41st ACM STOC, pp. 169–178. ACM Press (2009)
Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. J. Cryptol. 26(2), 191–224 (2013)
Lai, S., et al.: Practical encrypted network traffic pattern matching for secure middleboxes. IEEE Trans. Depend. Secure Comput. p. 1 (2021)
Leontiadis, I., Li, M.: Storage efficient substring searchable symmetric encryption. In: Proceedings of the 6th International Workshop on Security in Cloud Computing, SCC ’18, pp. 3–13. Association for Computing Machinery (2018)
Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (eds.) Topics in Cryptology - CT-RSA 2016. CT-RSA 2016. LNCS, vol. 9610. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_7
Sedghi, S., van Liesdonk, P., Nikova, S., Hartel, P., Jonker, W.: Searching keywords with wildcards on encrypted data. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 138–153. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_10
Sherry, J., Lan, C., Popa, R. A., Ratnasamy, S.: Deep packet inspection over encrypted traffic:blindbox. In: Uhlig, S., Maennel, O., Karp, B., Padhye, J., (eds.) SIGCOMM 2015, 213–226 (2015)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, pp. 44–55. IEEE Computer Society Press (2000)
Sun, S., et al.: Practical backward-secure searchable encryption from symmetric puncturable encryption. In: Lie, D., et al. (eds.) ACM CCS 2018, pp. 763–780. ACM Press (2018)
Acknowledgements
The second author was supported by the French ANR ALAMBIC project ANR-16-CE39-0006. The third author is grateful for the support of the ANR through project ANR-19-CE39-0011–04 PRESTO and project ANR-18-CE-39–0019-02 MobiS5.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Bouscatié, É., Castagnos, G., Sanders, O. (2021). Public Key Encryption with Flexible Pattern Matching. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13093. Springer, Cham. https://doi.org/10.1007/978-3-030-92068-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-92068-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92067-8
Online ISBN: 978-3-030-92068-5
eBook Packages: Computer ScienceComputer Science (R0)
