Skip to main content

Efficient Multi-client Order-Revealing Encryption and Its Applications

  • 1486 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12973)

Abstract

Order-revealing encryption (ORE) is a cryptographic primitive that enables ciphertext comparison while leaking nothing about the underlying plaintext beyond their lexicographic ordering. However, how to achieve efficient and secure ciphertext comparison for multi-user settings is still a challenging problem. In this work, we propose an efficient multi-client order-revealing encryption scheme (named m-ORE) by introducing a new token-based comparison method. Specifically, data owner is enabled to delegate token generation ability to some authorized users without revealing his secret key, and then each authorized user can perform comparison on ciphertexts from multiple data owners by generating the associated comparison tokens. Benefiting from our new method, m-ORE can not only reduce ciphertext size but also improve comparison efficiency, compared with the state-of-the-art (Cash et al. Asiacrypt 2018). Further, we present a non-interactive multi-client range query scheme by extending m-ORE. Finally, we show a formal security analysis and implement our scheme. The evaluation result demonstrates that m-ORE outperforms the scheme by Cash et al. in terms of both query and storage cost while achieving the same level of security.

Keywords

  • Order-revealing encryption
  • Property-presering hash
  • Range query
  • Multi-client searchable encryption

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-88428-4_3
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-88428-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.99
Price excludes VAT (USA)
Fig. 1.

Notes

  1. 1.

    https://github.com/kevinlewi/fastore.

  2. 2.

    https://github.com/collisionl/m-ORE.

References

  1. OpenSSL: Cryptography and SSL/TLS toolkit. https://www.openssl.org/

  2. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD 2004, pp. 563–574 (2004)

    Google Scholar 

  3. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13

    CrossRef  Google Scholar 

  4. Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_33

    CrossRef  Google Scholar 

  5. Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., Zimmerman, J.: Semantically secure order-revealing encryption: multi-input functional encryption without obfuscation. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 563–594. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_19

    CrossRef  Google Scholar 

  6. Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 668–679. ACM (2015)

    Google Scholar 

  7. Cash, D., Liu, F.-H., O’Neill, A., Zhandry, M., Zhang, C.: Parameter-hiding order revealing encryption. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 181–210. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03326-2_7

    CrossRef  Google Scholar 

  8. Chenette, N., Lewi, K., Weis, S.A., Wu, D.J.: Practical order-revealing encryption with limited leakage. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 474–493. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_24

    CrossRef  MATH  Google Scholar 

  9. Durak, F.B., DuBuisson, T.M., Cash, D.: What else is revealed by order-revealing encryption? In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1155–1166 (2016)

    Google Scholar 

  10. Dyer, J., Dyer, M., Djemame, K.: Order-preserving encryption using approximate common divisors. J. Inform. Secur. Appl. 49, 102391 (2019)

    Google Scholar 

  11. Eom, J., Lee, D.H., Lee, K.: Multi-client order-revealing encryption. IEEE Access 6, 45458–45472 (2018)

    CrossRef  Google Scholar 

  12. Granlund, T., the GMP development team: GNU MP: the GNU multiple precision arithmetic library. https://gmplib.org/

  13. Grubbs, P., Sekniqi, K., Bindschaedler, V., Naveed, M., Ristenpart, T.: Leakage-abuse attacks against order-revealing encryption. In: Proceedings of the 2017 IEEE Symposium on Security and Privacy, S&P 2017, pp. 655–672. IEEE (2017)

    Google Scholar 

  14. Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 656–667 (2015)

    Google Scholar 

  15. Kerschbaum, F., Schröpfer, A.: Optimal average-complexity ideal-security order-preserving encryption. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 275–286 (2014)

    Google Scholar 

  16. Lewi, K., Wu, D.J.: Order-revealing encryption: new constructions, applications, and lower bounds. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1167–1178 (2016)

    Google Scholar 

  17. Li, Y., Wang, H., Zhao, Y.: Delegatable order-revealing encryption. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019, pp. 134–147 (2019)

    Google Scholar 

  18. Lynn, B., other contributors: The pairing-based cryptography library. https://crypto.stanford.edu/pbc/

  19. Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 644–655 (2015)

    Google Scholar 

  20. Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, S&P 2013, pp. 463–477. IEEE (2013)

    Google Scholar 

  21. Roche, D.S., Apon, D., Choi, S.G., Yerukhimovich, A.: POPE: partial order preserving encoding. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1131–1142 (2016)

    Google Scholar 

  22. Tang, Q.: Nothing is for free: security in searching shared and encrypted data. IEEE Trans. Inf. Forensics Secur. 9(11), 1943–1952 (2014)

    CrossRef  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China (Nos. 62072357 and 61960206014), the Preferential Funding for Scientific and Technological Activities of Overseas Students in Shaanxi Province (No. 2019-25), the Fundamental Research Funds for the Central Universities (No. JB211503), and Innovation Fund of Xidian University (No. YJS2114).

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Jianfeng Wang or Xiaofeng Chen .

Editor information

Editors and Affiliations

Appendices

Appendix

A Security Analysis of Range Query Scheme

To define the security of multi-client range query scheme in Sect. 5.1, we first introduce a slight modification to the security notions that by our m-ORE scheme from Sect. 4. Recall that an m-ORE scheme is secure with respect to a leakage profile \(\mathcal {L}_f(\cdot )\) if for any adversarially-chosen sequence of messages \((m_1,\cdots ,m_q)\), there is an efficient simulator \(\mathcal {S}\) that can simulate the real m-ORE ciphertext and token given the leakage \(\mathcal {L}_f(m_1,\cdots ,m_q)\).

Similar to [16], we define a leakage function \(\mathcal {L}_f(\cdot ,\cdot )\) that if there exists an efficient simulator such that for any two adversarially-chosen collections of plaintexts \((m_1,\cdots ,m_q)\) and \((m_1,\cdots ,m_k)\), the simulator can simulate the outputs of \(\textsf {m-ORE.Enc}(\cdot ,m_i)\) and \(\textsf {m-ORE.TGen}(\cdot ,m_j)\) for all \(i\in [q], j\in [k]\) given only the leakage \(\mathcal {L}_f((m_1,\cdots ,m_q),\) \((m_1,\cdots ,m_k))\). That is:

$$\begin{aligned} \mathcal {L}_f((m_1,\cdots ,m_q),(m_1,\cdots ,m_k))=&(\forall 1 \le i,l \le q,1 \le j \le k | \mathbf{1} (m_i<m_j), \\&\mathbf{1} (\textsf {msdb}(m_j,m_i)=\textsf {msdb}(m_j,m_l))) \end{aligned}$$

in which \(q=k\). We argue that this leakage profile is essentially the same as \(\mathcal {L}_f(m_1,\cdots ,m_q)\).

We then define the security of our range query scheme \(\varSigma \) in two different aspects, online and offline security. Online security models the information revealed to a malicious server during Update and Search, while offline security considers the situation of an adversary obtains a one-time snapshot of the encrypted database from the server which was studied by Naveed et al. [19] and Grubbs et al. [13]. First, we formalize the online security as follows:

Theorem 3

For a database \(\mathbf{DB} _i\) containing user i’s data which is essentially a set of m-ORE ciphertext \((c_1,\cdots ,c_q)\) on the server and a sequence of queries \(\mathbf{q} _i\) from user i which is a set of m-ORE token \((t_1,\cdots ,t_k)\). Let \(\mathcal {L}_{RQ}\) be the leakage function.

$$\mathcal {L}_{RQ}(\mathbf{DB} _i,\mathbf{q} _i)=\mathcal {L}_f((m_1,\cdots ,m_q),(m_1,\cdots ,m_k))$$

We say that the range query scheme \(\varSigma \) achieves online security with respect to the leakage function \(\mathcal {L}_{RQ}\).

Proof

The proof follows the proof of Theorem 2 except the leakage profile were substituted by \(\mathcal {L}_f((m_1,\cdots ,m_q),(m_1,\cdots ,m_k))\) which is very similar. And the simulator \(\mathcal {S}\) only needs to output the ciphertexts for \(m_i\) where \(\forall i\in [q]\) and token for \(m_j\) where \(\forall j\in [k]\).

Note that we define the leakage function \(\mathcal {L}_{RQ}\) under a condition that \(\mathbf{DB} \) and \(\mathbf{q} \) are from the same user. It is clear that the leakage will be none if these are from different users. The reason is that m-ORE.Cmp will not work in this case and \(\textsf {msdb}(m_j,m_i)=\textsf {msdb}(m_j,m_l)\) will always hold for all i and j.

The offline security of our range query scheme follows directly from the fact that the encrypted database stored on the server only contains a collection group elements from \(\mathbb {G}_1\) and were generated with random factor, which is simulatable given just the size of the collection.

Theorem 4

The range query scheme \(\varSigma \) is offline secure.

Proof

The proof follows the proof of Theorem 2 except the simulator \(\mathcal {S}\) only needs to simulate the ciphertext for all the messages.

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Lv, C., Wang, J., Sun, SF., Wang, Y., Qi, S., Chen, X. (2021). Efficient Multi-client Order-Revealing Encryption and Its Applications. In: Bertino, E., Shulman, H., Waidner, M. (eds) Computer Security – ESORICS 2021. ESORICS 2021. Lecture Notes in Computer Science(), vol 12973. Springer, Cham. https://doi.org/10.1007/978-3-030-88428-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88428-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88427-7

  • Online ISBN: 978-3-030-88428-4

  • eBook Packages: Computer ScienceComputer Science (R0)