Skip to main content
Springer Nature Link
Log in

Private Large-Scale Databases with Distributed Searchable Symmetric Encryption

  • Conference paper
  • First Online:
Topics in Cryptology - CT-RSA 2016 (CT-RSA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9610))

Included in the following conference series:

Abstract

With the growing popularity of remote storage, the ability to outsource a large private database yet be able to search on this encrypted data is critical. Searchable symmetric encryption (SSE) is a practical method of encrypting data so that natural operations such as searching can be performed on this data. It can be viewed as an efficient private-key alternative to powerful tools such as fully homomorphic encryption, oblivious RAM, or secure multiparty computation. The main drawbacks of existing SSE schemes are the limited types of search available to them and their leakage. In this paper, we present a construction of a private outsourced database in the two-server model (e.g. two cloud services) which can be thought of as an SSE scheme on a B-tree that allows for a wide variety of search features such as range queries, substring queries, and more. Our solution can hide all leakage due to access patterns (“metadata”) between queries and features a tunable parameter that provides a smooth tradeoff between privacy and efficiency. This allows us to implement a solution that supports databases which are terabytes in size and contain millions of records with only a \(5{\times }\) slowdown compared to MySQL when the query result size is around 10 % of the database, though the fixed costs dominate smaller queries resulting in over \(100{\times }\) relative slowdown (under 1 s actual).

In addition, our solution also provides a mechanism for allowing data owners to set filters that prevent prohibited queries from returning any results, without revealing the filtering terms. Finally, we also present the benchmarks of our prototype implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Yirong, X.: Order-preserving encryption for numeric data. In: SIGMOD Conference, pp. 563–574 (2004)

    Google Scholar 

  2. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. IACR Cryptology ePrint Archive 2012, 624 (2012)

    Google Scholar 

  4. Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: FOCS, pp. 97–106 (2011)

    Google Scholar 

  6. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  7. Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  8. Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Chase, M., Kamara, S.: Structured encryption and controlled disclosure. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 577–594. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: FOCS, pp. 41–50 (1995)

    Google Scholar 

  11. Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS, pp. 79–88 (2006)

    Google Scholar 

  12. Dautrich, J., Ravishankar, C.: Combining ORAM with PIR to minimize bandwidth costs. In: ACM CODASPY, pp. 289–296 (2015)

    Google Scholar 

  13. Fisch, B., Vo, B., Krell, F., Kumarasubramanian, A., Kolesnikov, V., Malkin, T., Bellovin, S.M.: Malicious-client security in blind seer: a scalable private DBMS. IACR Cryptology ePrint Archive, vol. 963, p. 2014 (2014)

    Google Scholar 

  14. Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)

    Google Scholar 

  16. Goh, E.-J.: Secure indexes (2003)

    Google Scholar 

  17. Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: STOC, pp. 182–194 (1987)

    Google Scholar 

  18. Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)

    Book  Google Scholar 

  19. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  20. Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M.-C., Steiner, M.: Outsourced symmetric private information retrieval. In: ACM CCS, pp. 875–888 (2013)

    Google Scholar 

  21. Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Financial Cryptography, pp. 258–274 (2013)

    Google Scholar 

  22. Kurosawa, K., Ohtaki, Y.: Uc-secure searchable symmetric encryption. In: Financial Cryptography, pp. 285–298 (2012)

    Google Scholar 

  23. Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally-private information retrieval. In: FOCS, pp. 364–373 (1997)

    Google Scholar 

  24. Mayberry, T., Blass, E.-O., Chan, A.H.: Efficient private file retrieval by combining ORAM and PIR. In: NDSS (2014)

    Google Scholar 

  25. Naor, M., Nissim, K.: Communication preserving protocols for secure function evaluation. In: STOC, pp. 590–599 (2001)

    Google Scholar 

  26. Ostrovsky, R.: Efficient computation on oblivious RAMs. In: STOC, pp. 514–523 (1990)

    Google Scholar 

  27. Ostrovsky, R.: Software protection and simulation on oblivious RAMs. Ph.D. thesis, Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, June 1992

    Google Scholar 

  28. Ostrovsky, R., Skeith III, W.E.: Private searching on streaming data. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 223–240. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  29. Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp. 44–55 (2000)

    Google Scholar 

  30. Wang, X.S., Nayak, K., Liu, C., T.-H., Chan, H., Shi, E., Stefanov, E., Huang, Y.: Oblivious data structures. In: ACM CCS, pp. 215–226 (2014)

    Google Scholar 

  31. Yao, A.C.C: Protocols for secure computations (extended abstract). In: FOCS, pp. 160–164 (1982)

    Google Scholar 

  32. Zhang, J., Ma, Q., Zhang, W., Qiao, D.: KT-ORAM: a bandwidth-efficient ORAM built on k-ary tree of PIR nodes. IACR Cryptology ePrint Archive 2014, 624 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technion, Haifa, Israel

    Yuval Ishai & Eyal Kushilevitz

  2. Stealth Software Technologies, Inc., Los Angeles, USA

    Steve Lu

  3. UCLA, Los Angeles, USA

    Yuval Ishai & Rafail Ostrovsky

Authors
  1. Yuval Ishai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eyal Kushilevitz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steve Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafail Ostrovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steve Lu .

Editor information

Editors and Affiliations

  1. NEC Cloud Systems Research Laboratories, Kawasaki, Japan

    Kazue Sako

Additional information

Y. Ishai, E. Kushilevitz, S. Lu and R. Ostrovsky—Work done while consulting for Stealth Software Technologies, Inc. Supported in part by the Intelligence Advanced Research Projects Activity (IARPA) via Department of Interior National Business Center (DoI/NBC) contract number D11PC20199 and ENTACT subcontract through MIT Lincoln Laboratory. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation therein. Disclaimer: The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsement, either expressed or implied, of IARPA, DoI/NBC, or the U.S. Government.

A Implementation and Benchmarking

A Implementation and Benchmarking

We implemented our protocol in C and C++ targeting a POSIX environment. In our implementation, we transmit all information over TLS, thus reducing the leakage to the network to just the size of communication. Our tests were run on a desktop machine running inside a Ubuntu 12.04 LTS virtual machine with 8GB of RAM and 4 cores of an Intel i7-2600K 3.4GHz CPU assigned to it. Here, we give the results of tests compared to MySQL and defer component testing to the full version.

Fig. 10.
figure 10

Actual query times

Full size image
Fig. 11.
figure 11

Relative query times

Full size image

Actual Queries and Comparison to MySQL. We set up a database of 10 million records, where each record is roughly 0.5KB. We query the database using range queries that return roughly 1000, 10000, 50000, 100000, 250000, 500000, 750000, and 1 million records (which is 10 % of the database). The raw times are presented in Fig. 10. We consider the relative multiplicative overhead, which is presented in Fig. 11. We show a trend line in Fig. 12.

Fig. 12.
figure 12

Comparison to MySQL trendline

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ishai, Y., Kushilevitz, E., Lu, S., Ostrovsky, R. (2016). Private Large-Scale Databases with Distributed Searchable Symmetric Encryption. In: Sako, K. (eds) Topics in Cryptology - CT-RSA 2016. CT-RSA 2016. Lecture Notes in Computer Science(), vol 9610. Springer, Cham. https://doi.org/10.1007/978-3-319-29485-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29485-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29484-1

  • Online ISBN: 978-3-319-29485-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics