Towards Efficient and Secure Encrypted Databases: Extending Message-Locked Encryption in Three-Party Model
In database systems with three parties consisting of a data owner, a database manager and a data analyst, the data owner uploads encrypted data to a database and the data analyst delegated by the data owner analyzes the data by accessing to the database without knowing plaintexts. In this work, towards an efficient and secure scheme whose encryption can be processed in real time, we extend message-locked encryption (Bellare et al. ), where parts of ciphertexts are generated from their plaintexts deterministically. In particular, we introduce both delegations of relational search between ciphertexts from a data owner to a data analyst, and re-encryption of ciphertexts such that ciphertexts of the message-locked encryption become truly probabilistic against a database manager. We call the scheme message-locked encryption with re-encryption and relational search, and formalize the security, which is feasible and practical, in two cases, i.e., any relationship in a general setting and only an equality test in a restricted setting. Both settings are useful from a standpoint of trade-offs between the security and the efficiency. We also propose an instantiation with the equality test between ciphertexts.
KeywordsMessage-locked encryption Encrypted database Re-encryption Relational search Three-party model
We would like to thank Taisuke Yamauchi in NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION for his support.
- 7.Gentry, C.: Fully homomorphic encryption using ideal lattice. In: Proceedings of STOC 1999, pp. 169–178. ACM (2009)Google Scholar
- 12.Li, J., Qin, C., Lee, P.P.C., Li, J.: Rekeying for encrypted deduplication storage. In: Proceedings of DSN 2016, pp. 618–629. IEEE (2016)Google Scholar
- 13.Naveed, M., Prabhakaran, M., Gunter, C.A.: Dynamic searchable encryption via blind storage. In: Proceedings of IEEE S&P, pp. 639–654. IEEE (2014)Google Scholar
- 16.Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of ACM CCS 2001, pp. 196–205. ACM (2001)Google Scholar
- 17.Shi, E., Chan, T.-H.H., Rieffel, E.G., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: Proceedings of NDSS 2011 (2011)Google Scholar
- 18.Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of IEEE S&P 2000, pp. 44–55. IEEE (2000)Google Scholar