Accession Number:

AD1033418

Title:

POPE: Partial Order Preserving Encoding

Descriptive Note:

Technical Report

Corporate Author:

MASSACHUSETTS INST OF TECH LEXINGTON LEXINGTON United States

Report Date:

2016-09-09

Pagination or Media Count:

12.0

Abstract:

Recently there has been much interest in performing search queries over encrypted data to enable functionality while protecting sensitive data. One particularly efficient mechanism for executing such queries is order-preserving encryptionencoding OPE which results in cipher texts that preserve the relative order of the underlying plaintexts thus allowing range and comparison queries to be performed directly on cipher texts. Recently, Popa et al. S and P 2013 gave the first construction of an ideally-secure OPE scheme and Kerschbaum CCS 2015 showed how to achieve the even stronger notion of frequency-hiding OPE. However, as Naveed et al. CCS2015 have recently demonstrated, these constructions remain vulnerable to several attacks. Additionally, all previous ideal OPE schemes with or without frequency-hiding either require a large round complexity of Olog n rounds for each insertion, or a large persistent client storage of size On, where n is the number of items in the database. It is thus desirable to achieve a range query scheme addressing both issues gracefully. In this paper, we propose an alternative approach to range queries over encrypted data that is optimized to support insert-heavy workloads as are common in big data applications while still maintaining search functionality and achieving stronger security. Specifically, we propose a new primitive called partial order preserving encoding POPE that achieves ideal OPE security with frequency hiding and also leaves a sizable fraction of the data pairwise incomparable. Using only O1 persistent and On non-persistent client storage for 0 1, our POPE scheme provides extremely fast batch insertion consisting of a single round, and efficient search with O1 amortized cost for up to On1 search queries. This improved security and performance makes our scheme better suited for todays insert-heavy databases.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE