Parallel and Dynamic Searchable Symmetric Encryption
Searchable symmetric encryption (SSE) enables a client to outsource a collection of encrypted documents in the cloud and retain the ability to perform keyword searches without revealing information about the contents of the documents and queries. Although efficient SSE constructions are known, previous solutions are highly sequential. This is mainly due to the fact that, currently, the only method for achieving sub-linear time search is the inverted index approach (Curtmola, Garay, Kamara and Ostrovsky, CCS ’06) which requires the search algorithm to access a sequence of memory locations, each of which is unpredictable and stored at the previous location in the sequence. Motivated by advances in multi-core architectures, we present a new method for constructing sub-linear SSE schemes. Our approach is highly parallelizable and dynamic. With roughly a logarithmic number of cores in place, searches for a keyword w in our scheme execute in o(r) parallel time, where r is the number of documents containing keyword w (with more cores, this bound can go down to O(logn), i.e., independent of the result size r). Such time complexity outperforms the optimal Θ(r) sequential search time—a similar bound holds for the updates. Our scheme also achieves the following important properties: (a) it enjoys a strong notion of security, namely security against adaptive chosen-keyword attacks; (b) compared to existing sub-linear dynamic SSE schemes (e.g., Kamara, Papamanthou, Roeder, CCS ’12), updates in our scheme do not leak any information, apart from information that can be inferred from previous search tokens; (c) it can be implemented efficiently in external memory (with logarithmic I/O overhead). Our technique is simple and uses a red-black tree data structure; its security is proven in the random oracle model.
KeywordsSearchable encryption parallel search cloud storage
Unable to display preview. Download preview PDF.
- 5.Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press (2009)Google Scholar
- 6.Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. In: Computer and Communications Security (CCS), pp. 79–88 (2006)Google Scholar
- 7.Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Symposium on Theory of Computing (STOC), pp. 169–178 (2009)Google Scholar
- 8.Goh, E.-J.: Secure indexes. IACR Cryptology ePrint Archive, 2003:216 (2003)Google Scholar
- 11.Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Computer and Communications Security (CCS), pp. 965–976 (2012)Google Scholar
- 12.Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC (2008)Google Scholar
- 14.Lorch, J.R., Mickens, J.W., Parno, B., Raykova, M., Schiffman, J.: Toward practical private access to data centers via parallel ORAM. IACR Cryptology ePrint Archive, 2012:133 (2012)Google Scholar
- 15.Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
- 17.Shi, E., Bethencourt, J., Chan, T., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: IEEE Symposium on Security and Privacy (SSP), pp. 350–364 (2007)Google Scholar
- 18.Song, D., Wagner, D., Perrig, A.: Practical techniques for searching on encrypted data. In: IEEE Symposium on Security and Privacy (SSP), pp. 44–55 (2000)Google Scholar
- 19.Stefanov, E., Shi, E., Song, D.: Towards practical oblivious ram. In: Network and Distributed System Security Symposium, NDSS (2012)Google Scholar