Property Preserving Symmetric Encryption

  • Omkant Pandey
  • Yannis Rouselakis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7237)


Processing on encrypted data is a subject of rich investigation. Several new and exotic encryption schemes, supporting a diverse set of features, have been developed for this purpose. We consider encryption schemes that are suitable for applications such as data clustering on encrypted data. In such applications, the processing algorithm needs to learn certain properties about the encrypted data to make decisions. Often these decisions depend upon multiple data items, which might have been encrypted individually and independently. Current encryption schemes do not capture this setting where computation must be done on multiple ciphertexts to make a decision.

In this work, we seek encryption schemes which allow public computation of a pre-specified property P about the encrypted messages. That is, such schemes have an associated property P of fixed arity k, and a publicly computable algorithm Test, such that Test(ct1,…,ctk) = P(m1,…,mk), where cti is an encryption of mi for i = 1,…,k. Further, this requirement holds even if the ciphertexts ct1,…,ctk were generated individually and independently. We call such schemes property preserving encryption schemes. Property preserving encryption (PPEnc) makes most sense in the symmetric setting due to the requirement that Test is publicly computable.

In this work, we present a thorough investigation of property preserving symmetric encryption. We start by formalizing several meaningful notions of security for PPEnc. Somewhat surprisingly, we show that there exists a hierarchy of security notions for PPEnc, indexed by integers η ∈ ℕ, which does not collapse. We also present a symmetric PPEnc scheme for encrypting vectors in ℤN of polynomial length. This construction supports the orthogonality property: for every two vectors \((\vec{x},\vec{y})\) it is possible to publicly learn whether \(\vec{x}\cdot\vec{y}=0\mod p\). Our scheme is based on bilinear groups of composite order.

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Omkant Pandey
    • 1
    • 2
  • Yannis Rouselakis
    • 3
  1. 1.MicrosoftRedmondUSA
  2. 2.Microsoft ResearchBangaloreIndia
  3. 3.The University of Texas at AustinUSA

Personalised recommendations