Semantically Secure Order-Revealing Encryption: Multi-input Functional Encryption Without Obfuscation

  • Dan Boneh
  • Kevin Lewi
  • Mariana Raykova
  • Amit Sahai
  • Mark Zhandry
  • Joe Zimmerman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9057)

Abstract

Deciding “greater-than” relations among data items just given their encryptions is at the heart of search algorithms on encrypted data, most notably, non-interactive binary search on encrypted data. Order-preserving encryption provides one solution, but provably provides only limited security guarantees. Two-input functional encryption is another approach, but requires the full power of obfuscation machinery and is currently not implementable.

We construct the first implementable encryption system supporting greater-than comparisons on encrypted data that provides the “best-possible” semantic security. In our scheme there is a public algorithm that given two ciphertexts as input, reveals the order of the corresponding plaintexts and nothing else. Our constructions are inspired by obfuscation techniques, but do not use obfuscation. For example, to compare two 16-bit encrypted values (e.g., salaries or age) we only need a 9-way multilinear map. More generally, comparing \(k\)-bit values requires only a \((k/2+1)\)-way multilinear map. The required degree of multilinearity can be further reduced, but at the cost of increasing ciphertext size.

Beyond comparisons, our results give an implementable secret-key multi-input functional encryption scheme for functionalities that can be expressed as (generalized) branching programs of polynomial length and width. Comparisons are a special case of this class, where for \(k\)-bit inputs the branching program is of length \(k+1\) and width \(4\).

Keywords

Range Query Execution Trace Encrypt Data Oracle Query Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ABG+13]
    Ananth, P., Boneh, D., Garg, S., Sahai, A., Zhandry, M.: Differing-inputs obfuscation and applications. IACR Cryptology ePrint Archive 2013, 689 (2013)Google Scholar
  2. [AGI+14]
    Ananth, P., Gupta, D., Ishai, Y., Sahai, A.: Optimizing obfuscation: Avoiding barrington’s theorem. IACR Cryptology ePrint Archive 2014, 222 (2014)Google Scholar
  3. [AGV+13]
    Agrawal, S., Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption: new perspectives and lower bounds. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 500–518. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  4. [AKS+04]
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data (2004)Google Scholar
  5. [Bar86]
    Barrington, D.A.: Bounded-width polynomial-size branching programs recognize exactly those languages in NC1. In: Proceedings, 18th ACM STOC, pp. 1–5 (1986)Google Scholar
  6. [BBC+14]
    Barak, B., Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O., Sahai, A.: Obfuscation for evasive functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 26–51. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  7. [BCL+09]
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  8. [BCO11]
    Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  9. [BCP14]
    Boyle, E., Chung, K.-M., Pass, R.: On extractability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 52–73. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  10. [BF01]
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  11. [BGI+01]
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  12. [BGK+14]
    Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 221–238. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  13. [BO13]
    Bellare, M., O’Neill, A.: Semantically-secure functional encryption: possibility results, impossibility results and the quest for a general definition. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 218–234. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  14. [BR14]
    Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 1–25. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  15. [BS03]
    Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. Contemporary Mathematics 324(1), 71–90 (2003)CrossRefMathSciNetGoogle Scholar
  16. [BS14]
    Brakerski, Z., Segev, G.: Function-private functional encryption in the private-key setting. Cryptology ePrint Archive, Report 2014/550, 2014. http://eprint.iacr.org/
  17. [BSW11]
    Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  18. [BW07]
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  19. [BZ14]
    Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  20. [CIJ+13]
    De Caro, A., Iovino, V., Jain, A., O’Neill, A., Paneth, O., Persiano, G.: On the achievability of simulation-based security for functional encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 519–535. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  21. [CLT13]
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  22. [GGG+14]
    Goldwasser, S., Gordon, S.D., Goyal, V., Jain, A., Katz, J., Liu, F.-H., Sahai, A., Shi, E., Zhou, H.-S.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  23. [GGH13a]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  24. [GGH+13b]
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. Cryptology ePrint Archive, Report 2013/451, 2013. http://eprint.iacr.org/
  25. [GGH+14]
    Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Fully secure functional encryption without obfuscation. Cryptology ePrint Archive, Report 2014/666 (2014). http://eprint.iacr.org/
  26. [GHL+14]
    Gentry, C., Halevi, S., Lu, S., Ostrovsky, R., Raykova, M., Wichs, D.: Garbled RAM revisited. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 405–422. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  27. [GKP+13]
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: STOC (2013)Google Scholar
  28. [GM82]
    Goldwasser, S., Micali, S.: Probabilistic encryption and how to play mental poker keeping secret all partial information. In: STOC, pp. 365–377 (1982)Google Scholar
  29. [GVW12]
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  30. [Jou00]
    Joux, A.: A one round protocol for tripartite diffie-hellman. In: Proceedings of the 4th International Symposium on Algorithmic Number Theory, pp. 385–394 (2000)Google Scholar
  31. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC (1988)Google Scholar
  32. [KSW08]
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  33. [LO13]
    Lu, S., Ostrovsky, R.: How to garble RAM programs? In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 719–734. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  34. [Mil04]
    Miller, V.J.: The Weil pairing, and its efficient calculation. Journal of Cryptology (2004)Google Scholar
  35. [MOV93]
    Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)CrossRefMATHMathSciNetGoogle Scholar
  36. [MTY13]
    Malkin, T., Teranishi, I., Yung, M.: Order-preserving encryption secure beyond one-wayness. IACR Cryptology ePrint Archive 2013, 409 (2013)Google Scholar
  37. [O’N10]
    O’Neill, A.: Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556 (2010). http://eprint.iacr.org/
  38. [PLZ13]
    Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: S&P, pp. 463–477 (2013)Google Scholar
  39. [SBC+07]
    Shi, E., Bethencourt, J., Chan, H.T., Song, D.X., Perrig, A.: Multi-dimensional range query over encrypted data. In: S&P, pp. 350–364 (2007)Google Scholar
  40. [Sho97]
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  41. [SSW09]
    Shen, E., Shi, E., Waters, B.: Predicate privacy in encryption systems. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 457–473. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  42. [SZ14]
    Sahai, A., Zhandry, M.: Obfuscating low-rank matrix branching programs. Cryptology ePrint Archive, Report 2014/773 (2014). http://eprint.iacr.org/
  43. [Zha14]
    Zhandry, M.: How to avoid obfuscation using witness PRFs. Cryptology ePrint Archive, Report 2014/301 (2014). http://eprint.iacr.org/

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Dan Boneh
    • 1
  • Kevin Lewi
    • 1
  • Mariana Raykova
    • 2
  • Amit Sahai
    • 3
  • Mark Zhandry
    • 1
  • Joe Zimmerman
    • 1
  1. 1.Stanford UniversityStanfordUS
  2. 2.SRI InternationalMenlo ParkUS
  3. 3.Computer ScienceUCLA and Center for Encrypted FunctionalitiesLos AngelesUS

Personalised recommendations