# Computationally Secure Pattern Matching in the Presence of Malicious Adversaries

- 520 Downloads
- 12 Citations

## Abstract

We propose a protocol for the problem of secure two-party pattern matching, where Alice holds a text *t*∈{0,1}^{∗} of length *n*, while Bob has a pattern *p*∈{0,1}^{∗} of length *m*. The goal is for Bob to (only) learn where his pattern occurs in Alice’s text, while Alice learns nothing. Private pattern matching is an important problem that has many applications in the area of DNA search, computational biology and more. Our construction guarantees full simulation in the presence of malicious, polynomial-time adversaries (assuming the hardness of DDH assumption) and exhibits computation and communication costs of *O*(*n*+*m*) group elements in a constant round complexity. This improves over previous work by Gennaro et al. (Public Key Cryptography, pp. 145–160, 2010) whose solution requires overhead of *O*(*nm*) group elements and exponentiations in *O*(*m*) rounds. In addition to the above, we propose a collection of protocols for important variations of the secure pattern matching problem that are significantly more efficient than the current state of art solutions: First, we deal with secure pattern matching with wildcards. In this variant the pattern may contain wildcards that match both 0 and 1. Our protocol requires *O*(*n*+*m*) communication and *O*(1) rounds using *O*(*nm*) computation. Then we treat secure approximate pattern matching. In this variant the matches may be approximated, i.e., have Hamming distance less than some threshold, *τ*. Our protocol requires *O*(*nτ*) communication in *O*(1) rounds using *O*(*nm*) computation. Third, we have secure pattern matching with hidden pattern length. Here, the length, *m*, of Bob’s pattern remains a secret. Our protocol requires *O*(*n*+*M*) communication in *O*(1) rounds using *O*(*n*+*M*) computation, where *M* is an upper bound on *m*. Finally, we have secure pattern matching with hidden text length. Finally, in this variant the length, *n*, of Alice’s text remains a secret. Our protocol requires *O*(*N*+*m*) communication in *O*(1) rounds using *O*(*N*+*m*) computation, where *N* is an upper bound on *n*.

## Key words

Pattern matching Secure two-party computation Simulation-based security Malicious adversary## References

- [1]M. Abe, R. Cramer, S. Fehr, Non-interactive distributed-verifier proofs and proving relations among commitments, in
*ASIACRYPT*(2002), pp. 206–223 Google Scholar - [2]C. Allauzen, M. Crochemore, M. Raffinot, Factor oracle: A new structure for pattern matching. In
*SOFSEM’99: Proceedings of the 26th Conference on Current Trends in Theory and Practice of Informatics on Theory and Practice of Informatics*(Springer, London, 1999), pp. 295–310 Google Scholar - [3]A. Amir, M. Lewenstein, E. Porat, Faster algorithms for string matching with mismatches. In
*SODA*, San Francisco, California (2000), pp. 794–803 Google Scholar - [4]G. Aggarwal, N. Mishra, B. Pinkas, Secure computation of the k’th-ranked element, in
*EUROCRYPT*(2004), pp. 40–55 Google Scholar - [5]P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, G. Tsudik, Countering GATTACA: efficient and secure testing of fully-sequenced human genomes, in
*ACM Conference on Computer and Communications Security*(2011), pp. 691–702 Google Scholar - [6]J. Baron, K. El Defrawy, K. Minkovich, R. Ostrovsky, E. Tressler, 5pm: Secure pattern matching, in
*SCN*(2012), pp. 222–240 Google Scholar - [7]D. Beaver, Foundations of secure interactive computing. In
*CRYPTO*, Springer, London (1992), pp. 377–391 Google Scholar - [8]S. Bayer, J. Groth, Efficient zero-knowledge argument for correctness of a shuffle, in
*EUROCRYPT*(2012), pp. 263–280 Google Scholar - [9]B.H. Bloom, Space/time trade-offs in hash coding with allowable errors.
*Commun. ACM***13**(7), 422–426 (1970) CrossRefzbMATHGoogle Scholar - [10]R.S. Boyer, J. Strother Moore, A fast string searching algorithm.
*Commun. ACM***20**(10), 762–772 (1977) CrossRefzbMATHGoogle Scholar - [11]F. Brandt, Efficient cryptographic protocol design based on distributed el gamal encryption, in
*ICISC*(2005), pp. 32–47 Google Scholar - [12]R. Canetti, Security and composition of multi-party cryptographic protocols.
*J. Cryptol.***13**, 143–202 (2000) CrossRefzbMATHMathSciNetGoogle Scholar - [13]R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in
*FOCS*(2001), pp. 136–145 Google Scholar - [14]R. Cramer, R. Gennaro, B. Schoenmakers, A secure and optimally efficient multi-authority election scheme, in
*EUROCRYPT*(1997), pp. 103–118 Google Scholar - [15]D. Chaum, T.P. Pedersen, Wallet databases with observers. In
*CRYPTO’92: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology*(Springer, London, 1993). pp. 89–105 Google Scholar - [16]M. Chase, I. Visconti, Secure database commitments and universal arguments of quasi knowledge, in
*CRYPTO*(2012), pp. 236–254 Google Scholar - [17]T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms.
*IEEE Trans. Inf. Theory***31**(4), 469–472 (1985) CrossRefzbMATHMathSciNetGoogle Scholar - [18]M.J. Fischer, M.S. Paterson, String-matching and other products, in
*Complexity of Computation*, SIAM-AMS, vol. 7 (1974), pp. 113–125 Google Scholar - [19]K.B. Frikken, Practical private DNA string searching and matching through efficient oblivious automata evaluation, in
*DBSec*(2009), pp. 81–94 Google Scholar - [20]R. Gennaro, C. Hazay, J.S. Sorensen, Automata evaluation and text search protocols with simulation based security, in
*Public Key Cryptography*(2010), pp. 145–160 Google Scholar - [21]S. Goldwasser, L.A. Levin, Fair computation of general functions in presence of immoral majority, in
*CRYPTO*(Springer, London, 1991), pp. 77–93 Google Scholar - [22]O. Goldreich, S. Micali, A. Wigderson, How to play any mental game, in
*STOC’87: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing*(ACM, New York, 1987), pp. 218–229 Google Scholar - [23]O. Goldreich,
*Foundations of Cryptography: Volume 2, Basic Applications*(Cambridge University Press, New York, 2004) CrossRefGoogle Scholar - [24]C. Hazay, Y. Lindell, Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries, in
*TCC*(2008), pp. 155–175 Google Scholar - [25]C. Hazay, Y. Lindell,
*Efficient Secure Two-Party Protocols—Techniques and Constructions*(Springer, Berlin, 2010) CrossRefzbMATHGoogle Scholar - [26]C. Hazay, T. Toft, Computationally secure pattern matching in the presence of malicious adversaries, in
*ASIACRYPT*(2010), pp. 195–212 Google Scholar - [27]Y. Ishai, J. Kilian, K. Nissim, E. Petrank, Extending oblivious transfers efficiently, in
*CRYPTO*(2003), pp. 145–161 Google Scholar - [28]C.S. Iliopoulos, M. Sohel Rahman, Pattern matching algorithms with don’t cares, in
*SOFSEM*(2007), pp. 116–126 Google Scholar - [29]A. Jarrous, B. Pinkas, Secure hamming distance based computation and its applications, in
*ANCS*, vol. 5536 (2009), pp. 107–124 Google Scholar - [30]J. Katz, L. Malka, Secure text processing with applications to private DNA matching, in
*ACM Conference on Computer and Communications Security*(2010), pp. 485–492 Google Scholar - [31]D.E. Knuth, J.H. Morris Jr., V.R. Pratt, Fast pattern matching in strings.
*SIAM J. Comput.***6**(2), 323–350 (1977) CrossRefzbMATHMathSciNetGoogle Scholar - [32]Y. Lindell, B. Pinkas, Secure two-party computation via cut-and-choose oblivious transfer, in
*TCC*(2011), pp. 329–346 Google Scholar - [33]P. Mohassel, S. Niksefat, S.S. Sadeghian, B. Sadeghiyan, An efficient protocol for oblivious DFA evaluation and applications, in
*CT-RSA*(2012), pp. 398–415 Google Scholar - [34]S. Micali, P. Rogaway, Secure computation (abstract), in
*CRYPTO*(1991), pp. 392–404. This is preliminary version of unpublished 1992 manuscript Google Scholar - [35]G. Navarro, V. Mäkinen, Compressed full-text indexes.
*ACM Comput. Surv.***39**(1), 2 (2007) CrossRefGoogle Scholar - [36]K.S. Namjoshi, G.J. Narlikar, Robust and fast pattern matching for intrusion detection, in
*INFOCOM*(2010), pp. 740–748 Google Scholar - [37]T. Nishide, K. Ohta, Multiparty computation for interval, equality, and comparison without bit-decomposition protocol, in
*Public Key Cryptography*(2007), pp. 343–360 Google Scholar - [38]M. Osadchy, B. Pinkas, A. Jarrous, B. Moskovich, Scifi—a system for secure face identification, in
*IEEE Symposium on Security and Privacy*(2010), pp. 239–254 Google Scholar - [39]P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in
*EUROCRYPT*(1999), pp. 223–238 Google Scholar - [40]T.P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, in
*CRYPTO*(1991), pp. 129–140 Google Scholar - [41]C.P. Schnorr, Efficient identification and signatures for smart cards, in
*CRYPTO’89: Proceedings on Advances in Cryptology*(Springer, New York, 1989), pp. 239–252 Google Scholar - [42]T. Toft, Sub-linear, secure comparison with two non-colluding parties, in
*Public Key Cryptography*(2011), pp. 174–191 Google Scholar - [43]J.R. Troncoso-Pastoriza, S. Katzenbeisser, M. Celik, Privacy preserving error resilient DNA searching through oblivious automata, in
*CCS’07: Proceedings of the 14th ACM Conference on Computer and Communications Security*(ACM, New York, 2007), pp. 519–528 CrossRefGoogle Scholar - [44]B. Terelius, D. Wikström, Proofs of restricted shuffles, in
*AFRICACRYPT*(2010), pp. 100–113 Google Scholar - [45]D. Vergnaud, Efficient and secure generalized pattern matching via fast Fourier transform, in
*AFRICACRYPT*(2011), pp. 41–58 Google Scholar - [46]A.C.-C. Yao, How to generate and exchange secrets, in
*SFCS’86: Proceedings of the 27th Annual Symposium on Foundations of Computer Science*, (IEEE Computer Society, Washington, 1986), pp. 162–167 Google Scholar