Deterministic and Efficiently Searchable Encryption

  • Mihir Bellare
  • Alexandra Boldyreva
  • Adam O’Neill
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4622)


We present as-strong-as-possible definitions of privacy, and constructions achieving them, for public-key encryption schemes where the encryption algorithm is deterministic. We obtain as a consequence database encryption methods that permit fast (i.e. sub-linear, and in fact logarithmic, time) search while provably providing privacy that is as strong as possible subject to this fast search constraint. One of our constructs, called RSA-DOAEP, has the added feature of being length preserving, so that it is the first example of a public-key cipher. We generalize this to obtain a notion of efficiently-searchable encryption schemes which permit more flexible privacy to search-time trade-offs via a technique called bucketization. Our results answer much-asked questions in the database community and provide foundations for work done there.


Encryption Scheme Encryption Algorithm Range Query Random Oracle Encrypt Data 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Adya, A., Bolosky, W.J., Castro, M., Cermak, G., Chaiken, R., Douceur, J.R., Howell, J., Lorch, J.R., Theimer, M., Wattenhofer, R.: FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In: OSDI 2002. Symposium on Operating System Design and Implementation, Springer, Heidelberg (2002)Google Scholar
  3. 3.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: SIGMOD 2004, ACM Press, New York (2004)Google Scholar
  4. 4.
    Amanatidis, G., Boldyreva, A., O’Neill, A.: New security models and provably-secure schemes for basic query support in outsourced databases. In: DBSec 2007. Working Conference on Data and Applications Security. LNCS, Springer, Heidelberg (2007)Google Scholar
  5. 5.
    An, J.-H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, Springer, Heidelberg (2002)Google Scholar
  6. 6.
    Baek, J., Safavi-Naini, R., Susilo, W.: Public key encryption with keyword search revisited. Cryptology ePrint Archive, Report 2005/151 (2005)Google Scholar
  7. 7.
    Baudron, O., Pointcheval, D., Stern, J.: Extended notions of security for multicast public key cryptosystems. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, Springer, Heidelberg (2000)Google Scholar
  8. 8.
    Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: Security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)Google Scholar
  9. 9.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. Full Version of this paper (2007),
  10. 10.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS 1997, pp. 394–403 (1997)Google Scholar
  11. 11.
    Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: CCS 2002. Conference on Computer and Communications Security, ACM Press, New York (2002)Google Scholar
  12. 12.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: CCS 1993. Conference on Computer and Communications Security, ACM Press, New York (1993)Google Scholar
  13. 13.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption – how to encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, Springer, Heidelberg (1995)CrossRefGoogle Scholar
  14. 14.
    Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, Springer, Heidelberg (2004)Google Scholar
  15. 15.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data (2007)Google Scholar
  17. 17.
    Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (without random oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Boyko, V.: On the security properties of OAEP as an all-or-nothing transform. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, Springer, Heidelberg (1999)Google Scholar
  19. 19.
    Brinkman, R., Feng, L., Doumen, J.M., Hartel, P.H., Jonker, W.: Efficient tree search in encrypted data. Technical Report TR-CTIT-04-15, Enschede (March 2004)Google Scholar
  20. 20.
    Canetti, R.: Towards realizing random oracles: Hash functions that hide all partial information. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, Springer, Heidelberg (1997)Google Scholar
  21. 21.
    Canetti, R., Micciancio, D., Reingold, O.: Perfectly one-way probabilistic hash functions. In: STOC 1998, ACM Press, New York (1998)Google Scholar
  22. 22.
    Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Trans. Inf. Syst. Secur. 8(1), 119–152 (2005)CrossRefGoogle Scholar
  23. 23.
    Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, Springer, Heidelberg (2005)Google Scholar
  24. 24.
    Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) CCS 2006. Conference on Computer and Communications Security, ACM Press, New York (2006)Google Scholar
  25. 25.
    Damiani, E., De Capitani Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) CCS 2003. Conference on Computer and Communications Security, ACM Press, New York (2003)Google Scholar
  26. 26.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 1130–1140 (1976)CrossRefGoogle Scholar
  27. 27.
    Dodis, Y., Smith, A.: Entropic security and the encryption of high entropy messages. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, Springer, Heidelberg (2005)Google Scholar
  28. 28.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM Journal on Computing 30(2) (2000)Google Scholar
  29. 29.
    Douceur, J.R., Adya, A., Bolosky, W.J., Simon, D., Theimer, M.: Reclaiming space from duplicate files in a serverless distributed file system. In: ICDCS 2002. Conference on Distributed Computing Systems (2002)Google Scholar
  30. 30.
    ElGamal, T.: A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31 (1985)Google Scholar
  31. 31.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, Springer, Heidelberg (2001)Google Scholar
  32. 32.
    Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: FOCS 2001, IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  33. 33.
    Goh, E.-J.: Secure indexes. Cryptology ePrint Archive, Report, 2003/216 (2003),
  34. 34.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2) (1984)Google Scholar
  35. 35.
    Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, Springer, Heidelberg (2004)Google Scholar
  36. 36.
    Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD 2002. Conference on Management of data, ACM Press, New York (2002)Google Scholar
  37. 37.
    Hacigümüs, H., Iyer, B.R., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, Springer, Heidelberg (2004)Google Scholar
  38. 38.
    Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Nascimento, M.A., Özsu, M.T., Kossmann, D., Miller, R.J., Blakeley, J.A., Schiefer, K.B. (eds.) VLDB 2004, Morgan Kaufmann, San Francisco (2004)Google Scholar
  39. 39.
    Iyer, B.R., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y.: A framework for efficient storage security in RDBMS. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, Springer, Heidelberg (2004)Google Scholar
  40. 40.
    Kantracioglu, M., Clifton, C.: Security issues in querying encrypted data. In: DBSec 2005. Working Conference on Data and Applications Security. LNCS, Springer, Heidelberg (2005)Google Scholar
  41. 41.
    Li, J., Omiecinski, E.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: DBSec 2005. Working Conference on Data and Applications Security. LNCS, Springer, Heidelberg (2005)Google Scholar
  42. 42.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2) (1988)Google Scholar
  43. 43.
    Micali, S., Rackoff, C., Sloan, B.: The notion of security for probabilistic cryptosystems. SIAM Journal on Computing 17(2), 412–426 (1988)zbMATHCrossRefGoogle Scholar
  44. 44.
    Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: DBSec 2006. Working Conference on Data and Applications Security. LNCS, Springer, Heidelberg (2006)Google Scholar
  45. 45.
    Özsoyoglu, G., Singer, D.A., Chung, S.S.: Anti-tamper databases: Querying encrypted databases. In: DBSec 2003. Working Conference on Data and Applications Security. LNCS, Springer, Heidelberg (2003)Google Scholar
  46. 46.
    Pointcheval, D.: How to encrypt properly with RSA. RSA Laboratories’ CryptoBytes, 5(1) (Winter/Spring 2002)Google Scholar
  47. 47.
    Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, Springer, Heidelberg (1992)Google Scholar
  48. 48.
    Russell, A., Wang, H.: How to fool an unbounded adversary with a short key. IEEE Transactions on Information Theory 52(3), 1130–1140 (2006)CrossRefGoogle Scholar
  49. 49.
    Arsenal Digital Solutions. Top 10 reasons to outsource remote data protection,
  50. 50.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Symposium on Security and Privacy, IEEE Press, New York (2000)Google Scholar
  51. 51.
    Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: VLDB 2006. VLDB Endowment (2006)Google Scholar
  52. 52.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Alexandra Boldyreva
    • 2
  • Adam O’Neill
    • 2
  1. 1.Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093USA
  2. 2.College of Computing, Georgia Institute of Technology, 266 Ferst Drive, Atlanta, GA 30332USA

Personalised recommendations