Journal of Cryptology

, Volume 27, Issue 2, pp 358–395 | Cite as

Computationally Secure Pattern Matching in the Presence of Malicious Adversaries

  • Carmit Hazay
  • Tomas Toft


We propose a protocol for the problem of secure two-party pattern matching, where Alice holds a text t∈{0,1} of length n, while Bob has a pattern p∈{0,1} of length m. The goal is for Bob to (only) learn where his pattern occurs in Alice’s text, while Alice learns nothing. Private pattern matching is an important problem that has many applications in the area of DNA search, computational biology and more. Our construction guarantees full simulation in the presence of malicious, polynomial-time adversaries (assuming the hardness of DDH assumption) and exhibits computation and communication costs of O(n+m) group elements in a constant round complexity. This improves over previous work by Gennaro et al. (Public Key Cryptography, pp. 145–160, 2010) whose solution requires overhead of O(nm) group elements and exponentiations in O(m) rounds. In addition to the above, we propose a collection of protocols for important variations of the secure pattern matching problem that are significantly more efficient than the current state of art solutions: First, we deal with secure pattern matching with wildcards. In this variant the pattern may contain wildcards that match both 0 and 1. Our protocol requires O(n+m) communication and O(1) rounds using O(nm) computation. Then we treat secure approximate pattern matching. In this variant the matches may be approximated, i.e., have Hamming distance less than some threshold, τ. Our protocol requires O() communication in O(1) rounds using O(nm) computation. Third, we have secure pattern matching with hidden pattern length. Here, the length, m, of Bob’s pattern remains a secret. Our protocol requires O(n+M) communication in O(1) rounds using O(n+M) computation, where M is an upper bound on m. Finally, we have secure pattern matching with hidden text length. Finally, in this variant the length, n, of Alice’s text remains a secret. Our protocol requires O(N+m) communication in O(1) rounds using O(N+m) computation, where N is an upper bound on n.

Key words

Pattern matching Secure two-party computation Simulation-based security Malicious adversary 


  1. [1]
    M. Abe, R. Cramer, S. Fehr, Non-interactive distributed-verifier proofs and proving relations among commitments, in ASIACRYPT (2002), pp. 206–223 Google Scholar
  2. [2]
    C. Allauzen, M. Crochemore, M. Raffinot, Factor oracle: A new structure for pattern matching. In SOFSEM’99: Proceedings of the 26th Conference on Current Trends in Theory and Practice of Informatics on Theory and Practice of Informatics (Springer, London, 1999), pp. 295–310 Google Scholar
  3. [3]
    A. Amir, M. Lewenstein, E. Porat, Faster algorithms for string matching with mismatches. In SODA, San Francisco, California (2000), pp. 794–803 Google Scholar
  4. [4]
    G. Aggarwal, N. Mishra, B. Pinkas, Secure computation of the k’th-ranked element, in EUROCRYPT (2004), pp. 40–55 Google Scholar
  5. [5]
    P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, G. Tsudik, Countering GATTACA: efficient and secure testing of fully-sequenced human genomes, in ACM Conference on Computer and Communications Security (2011), pp. 691–702 Google Scholar
  6. [6]
    J. Baron, K. El Defrawy, K. Minkovich, R. Ostrovsky, E. Tressler, 5pm: Secure pattern matching, in SCN (2012), pp. 222–240 Google Scholar
  7. [7]
    D. Beaver, Foundations of secure interactive computing. In CRYPTO, Springer, London (1992), pp. 377–391 Google Scholar
  8. [8]
    S. Bayer, J. Groth, Efficient zero-knowledge argument for correctness of a shuffle, in EUROCRYPT (2012), pp. 263–280 Google Scholar
  9. [9]
    B.H. Bloom, Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970) CrossRefzbMATHGoogle Scholar
  10. [10]
    R.S. Boyer, J. Strother Moore, A fast string searching algorithm. Commun. ACM 20(10), 762–772 (1977) CrossRefzbMATHGoogle Scholar
  11. [11]
    F. Brandt, Efficient cryptographic protocol design based on distributed el gamal encryption, in ICISC (2005), pp. 32–47 Google Scholar
  12. [12]
    R. Canetti, Security and composition of multi-party cryptographic protocols. J. Cryptol. 13, 143–202 (2000) CrossRefzbMATHMathSciNetGoogle Scholar
  13. [13]
    R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in FOCS (2001), pp. 136–145 Google Scholar
  14. [14]
    R. Cramer, R. Gennaro, B. Schoenmakers, A secure and optimally efficient multi-authority election scheme, in EUROCRYPT (1997), pp. 103–118 Google Scholar
  15. [15]
    D. Chaum, T.P. Pedersen, Wallet databases with observers. In CRYPTO’92: Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology (Springer, London, 1993). pp. 89–105 Google Scholar
  16. [16]
    M. Chase, I. Visconti, Secure database commitments and universal arguments of quasi knowledge, in CRYPTO (2012), pp. 236–254 Google Scholar
  17. [17]
    T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985) CrossRefzbMATHMathSciNetGoogle Scholar
  18. [18]
    M.J. Fischer, M.S. Paterson, String-matching and other products, in Complexity of Computation, SIAM-AMS, vol. 7 (1974), pp. 113–125 Google Scholar
  19. [19]
    K.B. Frikken, Practical private DNA string searching and matching through efficient oblivious automata evaluation, in DBSec (2009), pp. 81–94 Google Scholar
  20. [20]
    R. Gennaro, C. Hazay, J.S. Sorensen, Automata evaluation and text search protocols with simulation based security, in Public Key Cryptography (2010), pp. 145–160 Google Scholar
  21. [21]
    S. Goldwasser, L.A. Levin, Fair computation of general functions in presence of immoral majority, in CRYPTO (Springer, London, 1991), pp. 77–93 Google Scholar
  22. [22]
    O. Goldreich, S. Micali, A. Wigderson, How to play any mental game, in STOC’87: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing (ACM, New York, 1987), pp. 218–229 Google Scholar
  23. [23]
    O. Goldreich, Foundations of Cryptography: Volume 2, Basic Applications (Cambridge University Press, New York, 2004) CrossRefGoogle Scholar
  24. [24]
    C. Hazay, Y. Lindell, Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries, in TCC (2008), pp. 155–175 Google Scholar
  25. [25]
    C. Hazay, Y. Lindell, Efficient Secure Two-Party Protocols—Techniques and Constructions (Springer, Berlin, 2010) CrossRefzbMATHGoogle Scholar
  26. [26]
    C. Hazay, T. Toft, Computationally secure pattern matching in the presence of malicious adversaries, in ASIACRYPT (2010), pp. 195–212 Google Scholar
  27. [27]
    Y. Ishai, J. Kilian, K. Nissim, E. Petrank, Extending oblivious transfers efficiently, in CRYPTO (2003), pp. 145–161 Google Scholar
  28. [28]
    C.S. Iliopoulos, M. Sohel Rahman, Pattern matching algorithms with don’t cares, in SOFSEM (2007), pp. 116–126 Google Scholar
  29. [29]
    A. Jarrous, B. Pinkas, Secure hamming distance based computation and its applications, in ANCS, vol. 5536 (2009), pp. 107–124 Google Scholar
  30. [30]
    J. Katz, L. Malka, Secure text processing with applications to private DNA matching, in ACM Conference on Computer and Communications Security (2010), pp. 485–492 Google Scholar
  31. [31]
    D.E. Knuth, J.H. Morris Jr., V.R. Pratt, Fast pattern matching in strings. SIAM J. Comput. 6(2), 323–350 (1977) CrossRefzbMATHMathSciNetGoogle Scholar
  32. [32]
    Y. Lindell, B. Pinkas, Secure two-party computation via cut-and-choose oblivious transfer, in TCC (2011), pp. 329–346 Google Scholar
  33. [33]
    P. Mohassel, S. Niksefat, S.S. Sadeghian, B. Sadeghiyan, An efficient protocol for oblivious DFA evaluation and applications, in CT-RSA (2012), pp. 398–415 Google Scholar
  34. [34]
    S. Micali, P. Rogaway, Secure computation (abstract), in CRYPTO (1991), pp. 392–404. This is preliminary version of unpublished 1992 manuscript Google Scholar
  35. [35]
    G. Navarro, V. Mäkinen, Compressed full-text indexes. ACM Comput. Surv. 39(1), 2 (2007) CrossRefGoogle Scholar
  36. [36]
    K.S. Namjoshi, G.J. Narlikar, Robust and fast pattern matching for intrusion detection, in INFOCOM (2010), pp. 740–748 Google Scholar
  37. [37]
    T. Nishide, K. Ohta, Multiparty computation for interval, equality, and comparison without bit-decomposition protocol, in Public Key Cryptography (2007), pp. 343–360 Google Scholar
  38. [38]
    M. Osadchy, B. Pinkas, A. Jarrous, B. Moskovich, Scifi—a system for secure face identification, in IEEE Symposium on Security and Privacy (2010), pp. 239–254 Google Scholar
  39. [39]
    P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in EUROCRYPT (1999), pp. 223–238 Google Scholar
  40. [40]
    T.P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, in CRYPTO (1991), pp. 129–140 Google Scholar
  41. [41]
    C.P. Schnorr, Efficient identification and signatures for smart cards, in CRYPTO’89: Proceedings on Advances in Cryptology (Springer, New York, 1989), pp. 239–252 Google Scholar
  42. [42]
    T. Toft, Sub-linear, secure comparison with two non-colluding parties, in Public Key Cryptography (2011), pp. 174–191 Google Scholar
  43. [43]
    J.R. Troncoso-Pastoriza, S. Katzenbeisser, M. Celik, Privacy preserving error resilient DNA searching through oblivious automata, in CCS’07: Proceedings of the 14th ACM Conference on Computer and Communications Security (ACM, New York, 2007), pp. 519–528 CrossRefGoogle Scholar
  44. [44]
    B. Terelius, D. Wikström, Proofs of restricted shuffles, in AFRICACRYPT (2010), pp. 100–113 Google Scholar
  45. [45]
    D. Vergnaud, Efficient and secure generalized pattern matching via fast Fourier transform, in AFRICACRYPT (2011), pp. 41–58 Google Scholar
  46. [46]
    A.C.-C. Yao, How to generate and exchange secrets, in SFCS’86: Proceedings of the 27th Annual Symposium on Foundations of Computer Science, (IEEE Computer Society, Washington, 1986), pp. 162–167 Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  1. 1.Department of EngineeringBar-Ilan UniversityRamat-GanIsrael
  2. 2.Department of Computer ScienceAarhus UniversityAarhusDenmark

Personalised recommendations