Order-Preserving Symmetric Encryption

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5479)


We initiate the cryptographic study of order-preserving symmetric encryption (OPE), a primitive suggested in the database community by Agrawal et al. (SIGMOD ’04) for allowing efficient range queries on encrypted data. Interestingly, we first show that a straightforward relaxation of standard security notions for encryption such as indistinguishability against chosen-plaintext attack (IND-CPA) is unachievable by a practical OPE scheme. Instead, we propose a security notion in the spirit of pseudorandom functions (PRFs) and related primitives asking that an OPE scheme look “as-random-as-possible” subject to the order-preserving constraint. We then design an efficient OPE scheme and prove its security under our notion based on pseudorandomness of an underlying blockcipher. Our construction is based on a natural relation we uncover between a random order-preserving function and the hypergeometric probability distribution. In particular, it makes black-box use of an efficient sampling algorithm for the latter.


Encryption Algorithm Range Query Sampling Algorithm Encrypt Data Symmetric Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: SIGMOD 2004, pp. 563–574. ACM, New York (2004)Google Scholar
  2. 2.
    Amanatidis, G., Boldyreva, A., O’Neill, A.: Provably-secure schemes for basic query support in outsourced databases. In: DBSec 2007, pp. 14–30. Springer, Heidelberg (2007)Google Scholar
  3. 3.
    Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: Online ciphers and the hash-CBC construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 292–309. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic encryption: Definitional equivalences and constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 360–378. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: CCS 2002, pp. 1–11. ACM Press, New York (2002)Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption (2009),
  10. 10.
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Cem Say, A.C., Kutsi Nircan, A.: Random generation of monotonic functions for Monte Carlo solution of qualitative differential equations. Automatica 41(5), 739–754 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Erkin, Z., Piva, A., Katzenbeisser, S., Lagendijk, R.L., Shokrollahi, J., Neven, G., Barni, M.: Protection and retrieval of encrypted multimedia content: When cryptography meets signal processing. EURASIP Journal on Information Security (2007) (Article ID 78943)Google Scholar
  14. 14.
    Fishman, G.S.: Discrete-event simulation: modeling, programming, and analysis. Springer, Heidelberg (2001)CrossRefzbMATHGoogle Scholar
  15. 15.
    Fox, E.A., Chen, Q.F., Daoud, A.M., Heath, L.S.: Order-preserving minimal perfect hash functions and information retrieval. ACM Transactions on Information Systems 9(3), 281–308 (1991)CrossRefGoogle Scholar
  16. 16.
    Gentle, J.E.: Random Number Generation and Monte Carlo Methods. Springer, Heidelberg (2003)zbMATHGoogle Scholar
  17. 17.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33(4), 792–807 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Indyk, P., Motwani, R., Raghavan, P., Vempala, S.: Locality-preserving hashing in multidimensional spaces. In: STOC 1997, pp. 618–625. ACM Press, New York (1997)Google Scholar
  19. 19.
    Iwata, T., Kurosawa, K.: OMAC: One-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Kachitvichyanukul, V., Schmeiser, B.W.: Computer generation of hypergeometric random variates. Journal of Statistical Computation and Simulation 22(2), 127–145 (1985)CrossRefzbMATHGoogle Scholar
  21. 21.
    Kachitvichyanukul, V., Schmeiser, B.W.: Algorithm 668: H2PEC: sampling from the hypergeometric distribution. ACM Transactions on Mathematical Software 14(4), 397–398 (1988)CrossRefzbMATHGoogle Scholar
  22. 22.
    Li, J., Omiecinski, E.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: DBSec 2005, pp. 69–83. Springer, Heidelberg (2005)Google Scholar
  23. 23.
    Linial, N., Sasson, O.: Non-expansive hashing. In: STOC 1996, pp. 509–518. ACM Press, New York (1996)Google Scholar
  24. 24.
    López-Blázquez, F., Salamanca Miño, B.: Exact and approximated relations between negative hypergeometric and negative binomial probabilities. Communications in Statistics. Theory and Methods 30(5), 957–967 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Shi, E., Bethencourt, J., Chan, T.-H.H., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: Symposium on Security and Privacy 2007, pp. 350–364. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  27. 27.
    Walker, A.J.: An efficient method for generating discrete random variables with general distributions. ACM Transactions on Mathematical Software 3, 253–256 (1977)CrossRefzbMATHGoogle Scholar
  28. 28.
    Westhoff, D., Girao, J., Acharya, M.: Concealed data aggregation for reverse multicast traffic in sensor networks: Encryption, key distribution, and routing adaptation. IEEE Transactions on Mobile Computing 5(10), 1417–1431 (2006)CrossRefGoogle Scholar
  29. 29.
    Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: ICNP 2002, pp. 280–289. IEEE, Los Alamitos (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  1. 1.Georgia Institute of TechnologyAtlantaUSA

Personalised recommendations