Outsourced pattern matching

  • Sebastian Faust
  • Carmit Hazay
  • Daniele Venturi
Regular Contribution


In secure delegatable computation, computationally weak devices (or clients) wish to outsource their computation and data to an untrusted server in the cloud. While most earlier work considers the general question of how to securely outsource any computation to the cloud server, we focus on concrete and important functionalities and give the first protocol for the pattern matching problem in the cloud. Loosely speaking, this problem considers a text T that is outsourced to the cloud \({\textsc {S}}\) by a sender \({\textsc {SEN}}\). In a query phase, receivers \({\textsc {REC}}_1, \ldots , {\textsc {REC}}_l\) run an efficient protocol with the server \({\textsc {S}}\) and the sender \({\textsc {SEN}}\) in order to learn the positions at which a pattern of length m matches the text (and nothing beyond that). This is called the outsourced pattern matching problem which is highly motivated in the context of delegatable computing since it offers storage alternatives for massive databases that contain confidential data (e.g., health-related data about patient history). Our constructions are simulation-based secure in the presence of semi-honest and malicious adversaries (in the random oracle model) and limit the communication in the query phase to O(m) bits plus the number of occurrences—which is optimal. In contrast to generic solutions for delegatable computation, our schemes do not rely on fully homomorphic encryption but instead use novel ideas for solving pattern matching, based on a reduction to the subset sum problem. Interestingly, we do not rely on the hardness of the problem, but rather we exploit instances that are solvable in polynomial time. A follow-up result demonstrates that the random oracle is essential in order to meet our communication bound.


94A60 Cryptography Outsourced secure computation Pattern matching Subset sum 


  1. 1.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: From secrecy to soundness: Efficient verification via secure computation. In: ICALP, pp. 152–163 (2010)Google Scholar
  2. 2.
    Asharov, G., Jain, A., López-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and interaction via threshold FHE. In: EUROCRYPT, pp. 483–501 (2012)Google Scholar
  3. 3.
    Au, M.H., Tsang, P.P., Susilo, W., Mu, Y.: Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. In: CT-RSA, pp. 295–308 (2009)Google Scholar
  4. 4.
    Benabbas, S., Gennaro, R., Vahlis, Y.: Verifiable delegation of computation over large datasets. In: CRYPTO, pp. 111–131 (2011)Google Scholar
  5. 5.
    Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Commun. ACM 20(10), 762–772 (1977)CrossRefzbMATHGoogle Scholar
  6. 6.
    Buldas, A., Laud, P., Lipmaa, H.: Accountable certificate management using undeniable attestations. In: CCS, pp. 9–17 (2000)Google Scholar
  7. 7.
    Buldas, A., Laud, P., Lipmaa, H.: Eliminating counterevidence with applications to accountable certificate management. J. Comput. Secur. 10(3), 273–296 (2002)CrossRefGoogle Scholar
  8. 8.
    Camacho, P., Hevia, A., Kiwi, M.A., Opazo, R.: Strong accumulators from collision-resistant hashing. Int. J. Inf. Secur. 11(5), 349–363 (2012)CrossRefGoogle Scholar
  9. 9.
    Canetti, R.: Security and composition of multi-party cryptographic protocols. J. Cryptol. 13, 143–202 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Catalano, D., Fiore, D.: Vector commitments and their applications. In: PKC, pp. 55–72 (2013)Google Scholar
  11. 11.
    Chaimovich, M., Freiman, G., Galil, Z.: Solving dense subset-sum problems by using analytical number theory. J. Complex. 5(3), 271–282 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Chase, M., Shen, E.: Substring-searchable symmetric encryption. PoPETs 2015(2), 263–281 (2015)Google Scholar
  13. 13.
    Chen, Y., Nguyen, P.Q.: Bkz 2.0: Better lattice security estimates. In: ASIACRYPT, pp. 1–20 (2011)Google Scholar
  14. 14.
    Choi, S.G., Katz, J., Kumaresan, R., Cid, C.: Multi-client non-interactive verifiable computation. In: TCC, pp. 499–518 (2013)Google Scholar
  15. 15.
    Chung, K.M., Kalai, Y.T., Vadhan, S.P.: Improved delegation of computation using fully homomorphic encryption. In: CRYPTO, pp. 483–501 (2010)Google Scholar
  16. 16.
    Coster, M.J., Joux, A., LaMacchia, B.A., Odlyzko, A.M., Schnorr, C.P., Stern, J.: Improved low-density subset sum algorithms. Comput. Complex. 2, 111–128 (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)CrossRefGoogle Scholar
  18. 18.
    Damgård, I., Triandopoulos, N.: Supporting non-membership proofs with bilinear-map accumulators. IACR Cryptol. ePrint Archive 2008, 538 (2008). URL
  19. 19.
    Derler, D., Hanser, C., Slamanig, D.: Revisiting cryptographic accumulators, additional properties and relations to other primitives. In: CT-RSA, pp. 127–144 (2015)Google Scholar
  20. 20.
    Faust, S., Hazay, C., Venturi, D.: Outsourced pattern matching. In: ICALP, pp. 545–556 (2013)Google Scholar
  21. 21.
    Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: CCS, pp. 844–855 (2014)Google Scholar
  22. 22.
    Flaxman, A., Przydatek, B.: Solving medium-density subset sum problems in expected polynomial time. In: STACS, pp. 305–314 (2005)Google Scholar
  23. 23.
    Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: TCC, pp. 303–324 (2005)Google Scholar
  24. 24.
    Frieze, A.M.: On the Lagarias–Odlyzko algorithm for the subset sum problem. SIAM J. Comput. 15(2), 536–539 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Galil, Z., Margalit, O.: An almost linear-time algorithm for the dense subset-sum problem. In: ICALP, pp. 719–727 (1991)Google Scholar
  26. 26.
    Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: EUROCRYPT, pp. 31–51 (2008)Google Scholar
  27. 27.
    Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: CRYPTO, pp. 465–482 (2010)Google Scholar
  28. 28.
    Gennaro, R., Hazay, C., Sorensen, J.S.: Text search protocols with simulation based security. In: PKC, pp. 332–350 (2010)Google Scholar
  29. 29.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)Google Scholar
  30. 30.
    Gordon, S.D., Katz, J., Liu, F., Shi, E., Zhou, H.: Multi-client verifiable computation with stronger security guarantees. In: TCC, pp. 144–168 (2015)Google Scholar
  31. 31.
    Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. J. Cryptol. 23(3), 422–456 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Hazay, C., Toft, T.: Computationally secure pattern matching in the presence of malicious adversaries. In: ASIACRYPT, pp. 195–212 (2010)Google Scholar
  33. 33.
    Hazay, C., Zarosim, H.: The feasibility of outsourced database search in the plain model. In: SCN, pp. 313–332 (2016)Google Scholar
  34. 34.
    Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptol. 9(4), 199–216 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  35. 35.
    Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M.C., Steiner, M.: Outsourced symmetric private information retrieval. In: CCS, pp. 875–888 (2013)Google Scholar
  36. 36.
    Kamara, S., Mohassel, P., Raykova, M.: Outsourcing multi-party computation. IACR Cryptol. ePrint Archive 2011, 272 (2011). URL
  37. 37.
    Kamara, S., Mohassel, P., Riva, B.: Salus: a system for server-aided secure function evaluation. In: CCS, pp. 797–808 (2012)Google Scholar
  38. 38.
    Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Financial Cryptography, pp. 258–274 (2013)Google Scholar
  39. 39.
    Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: CCS, pp. 965–976 (2012)Google Scholar
  40. 40.
    Katz, J., Malka, L.: Secure text processing with applications to private DNA matching. In: CCS, pp. 485–492 (2010)Google Scholar
  41. 41.
    Knuth, D.E., Morris, J.H.J., Pratt, V.R.: Fast pattern matching in strings. SIAM J. Comput. 6(2), 323–350 (1977)MathSciNetCrossRefzbMATHGoogle Scholar
  42. 42.
    Lagarias, J.C., Odlyzko, A.M.: Solving low-density subset sum problems. J. ACM 32(1), 229–246 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  43. 43.
    Li, D., Dong, X., Cao, Z.: Secure and privacy-preserving pattern matching in outsourced computing. Secur. Commun. Netw. 9(16), 3444–3451 (2016)CrossRefGoogle Scholar
  44. 44.
    Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: ACNS, pp. 253–269 (2007)Google Scholar
  45. 45.
    López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: STOC, pp. 1219–1234 (2012)Google Scholar
  46. 46.
    Lyubashevsky, V.: The parity problem in the presence of noise, decoding random linear codes, and the subset sum problem. In: APPROX-RANDOM, pp. 378–389 (2005)Google Scholar
  47. 47.
    Lyubashevsky, V., Palacio, A., Segev, G.: Public-key cryptographic primitives provably as secure as subset sum. In: TCC, pp. 382–400 (2010)Google Scholar
  48. 48.
    Merkle, R.C.: A certified digital signature. In: CRYPTO, pp. 218–238 (1989)Google Scholar
  49. 49.
    Mohassel, P.: Efficient and secure delegation of linear algebra. IACR Cryptol. ePrint Archive 2011, 605 (2011). URL
  50. 50.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: FOCS, pp. 458–467 (1997)Google Scholar
  51. 51.
    Nguyen, P.Q., Stehlé, D.: LLL on the average. In: ANTS, pp. 238–256 (2006)Google Scholar
  52. 52.
    Papamanthou, C., Tamassia, R., Triandopoulos, N.: Optimal verification of operations on dynamic sets. In: CRYPTO, pp. 91–110 (2011)Google Scholar
  53. 53.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: CRYPTO, pp. 554–571 (2008)Google Scholar
  54. 54.
    Shallue, A.: An improved multi-set algorithm for the dense subset sum problem. In: ANTS, pp. 416–429 (2008)Google Scholar
  55. 55.
    Troncoso-Pastoriza, J.R., Katzenbeisser, S., Celik, M.U.: Privacy preserving error resilient DNA searching through oblivious automata. In: CCS, pp. 519–528 (2007)Google Scholar
  56. 56.
    Zhou, J., Cao, Z., Dong, X.: PPOPM: more efficient privacy preserving outsourced pattern matching. In: ESORICS, pp. 135–153 (2016)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  • Sebastian Faust
    • 1
  • Carmit Hazay
    • 2
  • Daniele Venturi
    • 3
  1. 1.Ruhr-Universität BochumBochumGermany
  2. 2.Bar-Ilan UniversityRamat GanIsrael
  3. 3.Sapienza University of RomeRomeItaly

Personalised recommendations