Abstract
Dynamic Symmetric Searchable Encryption (SSE) enables a user to outsource the storage of an encrypted database to an untrusted server, while retaining the ability to privately search and update the outsourced database. The performance bottleneck of SSE schemes typically comes from their I/O efficiency. Over the last decade, a line of work has substantially improved that bottleneck. However, all existing I/O-efficient SSE schemes have a common limitation: they are not forward-secure. Since the seminal work of Bost at CCS 2016, forward security has become a de facto standard in SSE. In the same article, Bost conjectures that forward security and I/O efficiency are incompatible. This explains the current status quo, where users are forced to make a difficult choice between security and efficiency.
The central contribution of this paper it to show that, contrary to what the status quo suggests, forward security and I/O efficiency can be realized simultaneously. This result is enabled by two new key techniques. First, we make use of a controlled amount of client buffering, combined with a deterministic update schedule. Second, we introduce the notion of SSE supporting dummy updates. In combination, those two techniques offer a new path to realizing forward security, which is compatible with I/O efficiency. Our new SSE scheme, \(\textsf{Hermes}\), achieves sublogarithmic I/O efficiency \(\widetilde{\mathcal {O}}\left( {\log \log \frac{N}{p}}\right) \), storage efficiency \(\mathcal {O}\left( 1\right) \), with standard leakage, as well as backward and forward security. Practical experiments confirm that \(\textsf{Hermes}\) achieves excellent performance.
M. Reichle—This work was carried out while the second author was employed by Inria, Paris.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Although \(\mathcal {O}\left( W\right) \) client storage is inherent to sublogarithmic forward-secure SSE as just noted, in practice, this cost may be too high for some applications. Practical tradeoffs to reduce client storage are discussed in the full version.
- 2.
Our scheme \(\textsf{Hermes}\) can be interpreted as an encrypted multi-map and allows to store other items than just document identifiers. In that case, the client storage becomes \(\mathcal {O}\left( n\cdot W\right) \) bits, where n is the bit-length of the items to be stored.
- 3.
When measuring throughput, Fig. 3 uses the repaired version of IO-DSSE, since the original version is insecure (see full version).
References
Asharov, G., Naor, M., Segev, G., Shahaf, I.: Searchable symmetric encryption: optimal locality in linear space via two-dimensional balanced allocations. In: Wichs, D., Mansour, Y. (eds.) 48th ACM STOC, pp. 1101–1114. ACM Press, June 2016. https://doi.org/10.1145/2897518.2897562
Asharov, G., Segev, G., Shahaf, I.: Tight tradeoffs in searchable symmetric encryption. J. Cryptol. 34(2), 9 (2021). https://doi.org/10.1007/s00145-020-09370-z
Axboe, J.: Flexible I/O Tester (2020). https://github.com/axboe/fio
Azar, Y., Broder, A.Z., Karlin, A.R., Upfal, E.: Balanced allocations. In: Proceedings of the Twenty-sixth Annual ACM Symposium on Theory of Computing, pp. 593–602 (1994)
Bossuat, A., Bost, R., Fouque, P.-A., Minaud, B., Reichle, M.: SSE and SSD: page-efficient searchable symmetric encryption. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 157–184. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_6
Bost, R.: \(\Sigma o \phi o \varsigma \): Forward secure searchable encryption. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 1143–1154. ACM Press, October 2016. https://doi.org/10.1145/2976749.2978303
Bost, R., Fouque, P.A.: Security-efficiency tradeoffs in searchable encryption. PoPETs 2019(4), 132–151 (2019). https://doi.org/10.2478/popets-2019-0062
Bost, R., Minaud, B., Ohrimenko, O.: Forward and backward private searchable encryption from constrained cryptographic primitives. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1465–1482. ACM Press, October/November 2017. https://doi.org/10.1145/3133956.3133980
Cash, D., et al.: Dynamic searchable encryption in very-large databases: data structures and implementation. In: NDSS 2014. The Internet Society, February 2014
Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for Boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_20
Cash, D., Tessaro, S.: The locality of searchable symmetric encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 351–368. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_20
Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM CCS 2006, pp. 79–88. ACM Press, October/November 2006. https://doi.org/10.1145/1180405.1180417
Demertzis, I., Chamani, J.G., Papadopoulos, D., Papamanthou, C.: Dynamic searchable encryption with small client storage. In: ISOC Network and Distributed System Security - NDSS 2022 (2022)
Demertzis, I., Papadopoulos, D., Papamanthou, C.: Searchable encryption with optimal locality: achieving sublogarithmic read efficiency. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 371–406. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_13
Demertzis, I., Papamanthou, C.: Fast searchable encryption with tunable locality. In: Proceedings of the 2017 ACM International Conference on Management of Data, pp. 1053–1067 (2017)
Etemad, M., Küpçü, A., Papamanthou, C., Evans, D.: Efficient dynamic searchable encryption with forward privacy. In: Proceedings on Privacy Enhancing Technologie - PoPETS 2018 (2018)
Grubbs, P., Lacharité, M.S., Minaud, B., Paterson, K.G.: Learning to reconstruct: statistical learning theory and encrypted database attacks. In: 2019 IEEE Symposium on Security and Privacy, pp. 1067–1083. IEEE Computer Society Press, May 2019. https://doi.org/10.1109/SP.2019.00030
Kamara, S., Moataz, T., Park, A., Qin, L.: A decentralized and encrypted national gun registry. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1520–1537. IEEE (2021)
Larsen, K.G., Nielsen, J.B.: Yes, there is an oblivious RAM lower bound! In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10992, pp. 523–542. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_18
Miers, I., Mohassel, P.: IO-DSSE: scaling dynamic searchable encryption to millions of indexes by improving locality. In: NDSS 2017. The Internet Society, February/March 2017
Minaud, B., Reichle, M.: Dynamic local searchable symmetric encryption. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13510, pp. 91–120. Springer, Lecture Notes in Computer Science (2022). https://doi.org/10.1007/978-3-031-15985-5_4
MongoDB: Queryable encryption (2022). https://www.mongodb.com/products/queryable-encryption
Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 644–655. ACM Press, October 2015. https://doi.org/10.1145/2810103.2813651
Patranabis, S., Mukhopadhyay, D.: Forward and backward private conjunctive searchable symmetric encryption. In: ISOC Network and Distributed System Security - NDSS 2021 (2021)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, pp. 44–55. IEEE Computer Society Press, May 2000. https://doi.org/10.1109/SECPRI.2000.848445
Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: NDSS 2014. The Internet Society, February 2014
Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: Holz, T., Savage, S. (eds.) USENIX Security 2016, pp. 707–720. USENIX Association, August 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Minaud, B., Reichle, M. (2023). Hermes: I/O-Efficient Forward-Secure Searchable Symmetric Encryption. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology – ASIACRYPT 2023. ASIACRYPT 2023. Lecture Notes in Computer Science, vol 14443. Springer, Singapore. https://doi.org/10.1007/978-981-99-8736-8_9
Download citation
DOI: https://doi.org/10.1007/978-981-99-8736-8_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8735-1
Online ISBN: 978-981-99-8736-8
eBook Packages: Computer ScienceComputer Science (R0)