Skip to main content

Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 6841)


We further the study of order-preserving symmetric encryption (OPE), a primitive for allowing efficient range queries on encrypted data, recently initiated (from a cryptographic perspective) by Boldyreva et al. (Eurocrypt ’09). First, we address the open problem of characterizing what encryption via a random order-preserving function (ROPF) leaks about underlying data (ROPF being the “ideal object” in the security definition, POPF, satisfied by their scheme.) In particular, we show that, for a database of randomly distributed plaintexts and appropriate choice of parameters, ROPF encryption leaks neither the precise value of any plaintext nor the precise distance between any two of them. The analysis here is quite technically non-trivial and introduces useful new techniques. On the other hand, we also show that ROPF encryption does leak both the value of any plaintext as well as the distance between any two plaintexts to within a range of possibilities roughly the square root of the domain size. We then study schemes that are not order-preserving, but which nevertheless allow efficient range queries and achieve security notions stronger than POPF. In a setting where the entire database is known in advance of key-generation (considered in several prior works), we show that recent constructions of “monotone minimal perfect hash functions” allow to efficiently achieve (an adaptation of) the notion of IND-O(rdered) CPA also considered by Boldyreva et al., which asks that only the order relations among the plaintexts is leaked. Finally, we introduce modular order-preserving encryption (MOPE), in which the scheme of Boldyreva et al. is prepended with a shift cipher. MOPE improves the security of OPE in a sense, as it does not leak any information about plaintext location. We clarify that our work should not be interpreted as saying the original scheme of Boldyreva et al., or the variants that we introduce, are “secure” or “insecure.” Rather, the goal of this line of research is to help practitioners decide whether the options provide a suitable security-functionality tradeoff for a given application.


  • Searchable encryption
  • symmetric encryption
  • hypergeometric distribution
  • range queries


  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: SIGMOD 2004, pp. 563–574. ACM, New York (2004)

    CrossRef  Google Scholar 

  2. Amanatidis, G., Boldyreva, A., O’Neill, A.: Provably-secure schemes for basic query support in outsourced databases. In: DBSec 2007, pp. 14–30. Springer, Heidelberg (2007)

    Google Scholar 

  3. Bauer, F.: Decrypted Secrets: Methods and Maxims of Cryptology. Springer, Heidelberg (2006)

    Google Scholar 

  4. Belazzougui, D., Boldi, P., Pagh, R., Vigna, S.: Monotone minimal perfect hashing: searching a sorted table with o(1) accesses. In: SODA 2009, pp. 785–794. SIAM, Philadelphia (2009)

    Google Scholar 

  5. Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: Online ciphers and the hash-CBC construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 292–309. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  6. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  7. Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic encryption: Definitional equivalences and constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 360–378. Springer, Heidelberg (2008)

    Google Scholar 

  8. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  9. Boldyreva, A., Chenette, N., O’Neill, A.: Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions (2011) Full version of this paper,

  10. Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)

    Google Scholar 

  11. Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  12. Chvátal, V.: The tail of the hypergeometric distribution. Discrete Mathematics 25(3), 285–287 (1979)

    MathSciNet  MATH  CrossRef  Google Scholar 

  13. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved denitions and efficient constructions. In: CCS 2006, pp. 79–88. ACM, New York (2006)

    CrossRef  Google Scholar 

  14. Ding, Y., Klein, K.: Model-Driven Application-Level Encryption for the Privacy of E-health Data. In: International Conference on Availability, Reliability and Security, pp. 341–346 (2010)

    Google Scholar 

  15. Kershaw, D.: Some extensions of W. Gautschi’s inequalities for the gamma function. Mathematics of Computation 41(164), 607–611 (1983)

    MathSciNet  MATH  Google Scholar 

  16. Li, J., Omiecinski, E.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: DBSec 2005, pp. 69–83. Springer, Heidelberg (2005)

    Google Scholar 

  17. Liu, H., Wang, H., Chen, Y.: Ensuring Data Storage Security against Frequency-Based Attacks in Wireless Networks. In: Rajaraman, R., Moscibroda, T., Dunkels, A., Scaglione, A. (eds.) DCOSS 2010. LNCS, vol. 6131, pp. 201–215. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  18. Lu, W., Varna, A.L., Wu, M.: Security analysis for privacy preserving search of multimedia. In: Image Processing (ICIP), 2010, pp. 26–29 (2010)

    Google Scholar 

  19. Shi, E., Bethencourt, J., Chan, T.-H.H., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: Symposium on Security and Privacy 2007, pp. 350–364. IEEE, Los Alamitos (2007)

    Google Scholar 

  20. Tang, Q.: Privacy preserving mapping schemes supporting comparison. In: Proceedings of the ACM Workshop on Cloud Computing Security Workshop (CCSW 2010). ACM, New York (2010)

    Google Scholar 

  21. Wang, C., Cao, N., Li, J., Ren, K., Lou, W.: Secure Ranked Keyword Search over Encrypted Cloud Data. In: ICDCS 2010, pp. 253–262. IEEE, Los Alamitos (2010)

    Google Scholar 

  22. Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: ICNP 2002, pp. 280–289. IEEE, Los Alamitos (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2011 International Association for Cryptologic Research

About this paper

Cite this paper

Boldyreva, A., Chenette, N., O’Neill, A. (2011). Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions. In: Rogaway, P. (eds) Advances in Cryptology – CRYPTO 2011. CRYPTO 2011. Lecture Notes in Computer Science, vol 6841. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22791-2

  • Online ISBN: 978-3-642-22792-9

  • eBook Packages: Computer ScienceComputer Science (R0)