Skip to main content

Order-Preserving Symmetric Encryption

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 5479)

Abstract

We initiate the cryptographic study of order-preserving symmetric encryption (OPE), a primitive suggested in the database community by Agrawal et al. (SIGMOD ’04) for allowing efficient range queries on encrypted data. Interestingly, we first show that a straightforward relaxation of standard security notions for encryption such as indistinguishability against chosen-plaintext attack (IND-CPA) is unachievable by a practical OPE scheme. Instead, we propose a security notion in the spirit of pseudorandom functions (PRFs) and related primitives asking that an OPE scheme look “as-random-as-possible” subject to the order-preserving constraint. We then design an efficient OPE scheme and prove its security under our notion based on pseudorandomness of an underlying blockcipher. Our construction is based on a natural relation we uncover between a random order-preserving function and the hypergeometric probability distribution. In particular, it makes black-box use of an efficient sampling algorithm for the latter.

Keywords

  • Encryption Algorithm
  • Range Query
  • Sampling Algorithm
  • Encrypt Data
  • Symmetric Encryption

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-642-01001-9_35

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: SIGMOD 2004, pp. 563–574. ACM, New York (2004)

    Google Scholar 

  2. Amanatidis, G., Boldyreva, A., O’Neill, A.: Provably-secure schemes for basic query support in outsourced databases. In: DBSec 2007, pp. 14–30. Springer, Heidelberg (2007)

    Google Scholar 

  3. Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  4. Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: Online ciphers and the hash-CBC construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 292–309. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  5. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  6. Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic encryption: Definitional equivalences and constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 360–378. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  7. Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: CCS 2002, pp. 1–11. ACM Press, New York (2002)

    Google Scholar 

  8. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  9. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption (2009), www.cc.gatech.edu/~aboldyre/publications.html

  10. Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  11. Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  12. Cem Say, A.C., Kutsi Nircan, A.: Random generation of monotonic functions for Monte Carlo solution of qualitative differential equations. Automatica 41(5), 739–754 (2005)

    MathSciNet  CrossRef  MATH  Google Scholar 

  13. Erkin, Z., Piva, A., Katzenbeisser, S., Lagendijk, R.L., Shokrollahi, J., Neven, G., Barni, M.: Protection and retrieval of encrypted multimedia content: When cryptography meets signal processing. EURASIP Journal on Information Security (2007) (Article ID 78943)

    Google Scholar 

  14. Fishman, G.S.: Discrete-event simulation: modeling, programming, and analysis. Springer, Heidelberg (2001)

    CrossRef  MATH  Google Scholar 

  15. Fox, E.A., Chen, Q.F., Daoud, A.M., Heath, L.S.: Order-preserving minimal perfect hash functions and information retrieval. ACM Transactions on Information Systems 9(3), 281–308 (1991)

    CrossRef  Google Scholar 

  16. Gentle, J.E.: Random Number Generation and Monte Carlo Methods. Springer, Heidelberg (2003)

    MATH  Google Scholar 

  17. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33(4), 792–807 (1986)

    MathSciNet  CrossRef  MATH  Google Scholar 

  18. Indyk, P., Motwani, R., Raghavan, P., Vempala, S.: Locality-preserving hashing in multidimensional spaces. In: STOC 1997, pp. 618–625. ACM Press, New York (1997)

    Google Scholar 

  19. Iwata, T., Kurosawa, K.: OMAC: One-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  20. Kachitvichyanukul, V., Schmeiser, B.W.: Computer generation of hypergeometric random variates. Journal of Statistical Computation and Simulation 22(2), 127–145 (1985)

    CrossRef  MATH  Google Scholar 

  21. Kachitvichyanukul, V., Schmeiser, B.W.: Algorithm 668: H2PEC: sampling from the hypergeometric distribution. ACM Transactions on Mathematical Software 14(4), 397–398 (1988)

    CrossRef  MATH  Google Scholar 

  22. Li, J., Omiecinski, E.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: DBSec 2005, pp. 69–83. Springer, Heidelberg (2005)

    Google Scholar 

  23. Linial, N., Sasson, O.: Non-expansive hashing. In: STOC 1996, pp. 509–518. ACM Press, New York (1996)

    Google Scholar 

  24. López-Blázquez, F., Salamanca Miño, B.: Exact and approximated relations between negative hypergeometric and negative binomial probabilities. Communications in Statistics. Theory and Methods 30(5), 957–967 (2001)

    MathSciNet  CrossRef  MATH  Google Scholar 

  25. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  26. Shi, E., Bethencourt, J., Chan, T.-H.H., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: Symposium on Security and Privacy 2007, pp. 350–364. IEEE, Los Alamitos (2007)

    CrossRef  Google Scholar 

  27. Walker, A.J.: An efficient method for generating discrete random variables with general distributions. ACM Transactions on Mathematical Software 3, 253–256 (1977)

    CrossRef  MATH  Google Scholar 

  28. Westhoff, D., Girao, J., Acharya, M.: Concealed data aggregation for reverse multicast traffic in sensor networks: Encryption, key distribution, and routing adaptation. IEEE Transactions on Mobile Computing 5(10), 1417–1431 (2006)

    CrossRef  Google Scholar 

  29. Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: ICNP 2002, pp. 280–289. IEEE, Los Alamitos (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A. (2009). Order-Preserving Symmetric Encryption. In: Joux, A. (eds) Advances in Cryptology - EUROCRYPT 2009. EUROCRYPT 2009. Lecture Notes in Computer Science, vol 5479. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01001-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01001-9_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01000-2

  • Online ISBN: 978-3-642-01001-9

  • eBook Packages: Computer ScienceComputer Science (R0)