skip to main content
10.1145/2810103.2813711acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

IntegriDB: Verifiable SQL for Outsourced Databases

Published: 12 October 2015 Publication History

Abstract

This paper presents IntegriDB, a system allowing a data owner to outsource storage of a database to an untrusted server, and then enable anyone to perform verifiable SQL queries over that database. Our system handles a rich subset of SQL queries, including multidimensional range queries, JOIN, SUM, MAX/MIN, COUNT, and AVG, as well as (limited) nestings of such queries. Even for tables with 105 entries, IntegriDB has small proofs (a few KB) that depend only logarithmically on the size of the database, low verification time (tens of milliseconds), and feasible server computation (under a minute). Efficient updates are also supported. We prove security of IntegriDB based on known cryptographic assumptions, and demonstrate its practicality and expressiveness via performance measurements and verifiable processing of SQL queries from the TPC-H and TPC-C benchmarks.

References

[1]
S. Bajaj and R. Sion. CorrectDB: SQL engine with practical query authentication. Proceedings of the VLDB Endowment, 6(7):529--540, 2013.
[2]
E. Ben-Sasson, A. Chiesa, D. Genkin, E. Tromer, and M. Virza. SNARKs for C: Verifying program executions succinctly and in zero knowledge. In Crypto, pages 90--108, 2013.
[3]
E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza. Scalable zero knowledge via cycles of elliptic curves. In Crypto, pages 276--294. Springer, 2014.
[4]
E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza. Succinct non-interactive zero knowledge for a Von Neumann architecture. In USENIX Security, 2014.
[5]
N. Bitansky, R. Canetti, A. Chiesa, and E. Tromer. From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In ITCS, pages 326--349, 2012.
[6]
N. Bitansky, R. Canetti, A. Chiesa, and E. Tromer. Recursive composition and bootstrapping for SNARKs and proof-carrying data. In STOC, pages 111--120, 2013.
[7]
N. Bitansky, A. Chiesa, Y. Ishai, R. Ostrovsky, and O. Paneth. Succinct non-interactive arguments via linear interactive proofs. In TCC, pages 315--333, 2013.
[8]
D. Boneh and X. Boyen. Short signatures without random oracles and the SDH assumption in bilinear groups. Journal of Cryptology, 21(2):149--177, 2008.
[9]
B. Braun, A. J. Feldman, Z. Ren, S. T. V. Setty, A. J. Blumberg, and M. Walfish. Verifying computations with state. In SOSP, pages 341--357, 2013.
[10]
R. Canetti, O. Paneth, D. Papadopoulos, and N. Triandopoulos. Verifiable set operations over outsourced databases. In PKC, pages 113--130, 2014.
[11]
W. Cheng, H. Pang, and K.-L. Tan. Authenticating multi-dimensional query results in data publishing. In DAS, pages 60--73, 2006.
[12]
T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms, 3rd edition). MIT Press, 2009.
[13]
C. Costello, C. Fournet, J. Howell, M. Kohlweiss, B. Kreuter, M. Naehrig, B. Parno, and S. Zahur. Geppetto: Versatile verifiable computation. ePrint 2014.
[14]
P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic data publication over the internet. J. Computer Security, 11(3):291--314, 2003.
[15]
R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Crypto, pages 465--482, 2010.
[16]
R. Gennaro, C. Gentry, B. Parno, and M. Raykova. Quadratic span programs and succinct NIZKs without PCPs. In Eurocrypt, pages 626--645, 2013.
[17]
M. T. Goodrich, C. Papamanthou, and R. Tamassia. On the cost of persistence and authentication in skip lists. In Experimental Algorithms, pages 94--107, 2007.
[18]
L. Hu, W.-S. Ku, S. Bakiras, and C. Shahabi. Verifying spatial queries using Voronoi neighbors. In SIGSPATIAL GIS, pages 350--359, 2010.
[19]
F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin. Dynamic authenticated index structures for outsourced databases. In SIGMOD, pages 121--132, 2006.
[20]
F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin. Authenticated index structures for aggregation queries. ACM TISSEC, 13(4):32, 2010.
[21]
X. Lin, J. Xu, and H. Hu. Authentication of location-based skyline queries. In CIKM, pages 1583--1588, 2011.
[22]
C. Martel, G. Nuckolls, P. Devanbu, M. Gertz, A. Kwong, and S. G. Stubblebine. A general model for authenticated data structures. Algorithmica, 39(1):21--41, 2004.
[23]
R. C. Merkle. A certified digital signature. In Crypto, pages 218--238, 1990.
[24]
A. Miller, M. Hicks, J. Katz, and E. Shi. Authenticated data structures, generically. In POPL, pages 411--424, 2014.
[25]
E. Mykletun, M. Narasimha, and G. Tsudik. Signature bouquets: Immutability for aggregated/condensed signatures. In ESORICS, pages 160--176, 2004.
[26]
E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. ACM Trans. on Storage, 2(2):107--138, 2006.
[27]
M. Narasimha and G. Tsudik. Dsac: integrity for outsourced databases with signature aggregation and chaining. In CIKM, pages 235--236, 2005.
[28]
L. Nguyen. Accumulators from bilinear pairings and applications. In CT-RSA, pages 275--292. Springer, 2005.
[29]
H. Pang, A. Jain, K. Ramamritham, and K.-L. Tan. Verifying completeness of relational query results in data publishing. In SIGMOD, pages 407--418, 2005.
[30]
H. Pang and K.-L. Tan. Authenticating query results in edge computing. In ICDE, pages 560--571, 2004.
[31]
H. Pang, J. Zhang, and K. Mouratidis. Scalable verification for outsourced dynamic databases. Proceedings of the VLDB Endowment, 2(1):802--813, 2009.
[32]
D. Papadopoulos, S. Papadopoulos, and N. Triandopoulos. Taking authenticated range queries to arbitrary dimensions. In CCS, pages 819--830, 2014.
[33]
D. Papadopoulos, C. Papamanthou, R. Tamassia, and N. Triandopoulos. Practical authenticated pattern matching with optimal proof size. Proceedings of the VLDB Endowment, 8(7):750--761, 2015.
[34]
S. Papadopoulos, D. Papadias, W. Cheng, and K.-L. Tan. Separating authentication from query execution in outsourced databases. In ICDE, pages 1148--1151, 2009.
[35]
C. Papamanthou, E. Shi, R. Tamassia, and K. Yi. Streaming authenticated data structures. In Eurocrypt, pages 353--370, 2013.
[36]
C. Papamanthou, R. Tamassia, and N. Triandopoulos. Optimal verification of operations on dynamic sets. In Crypto, pages 91--110, 2011.
[37]
B. Parno, J. Howell, C. Gentry, and M. Raykova. Pinocchio: Nearly practical verifiable computation. In IEEE S&P, pages 238--252, 2013.
[38]
S. T. V. Setty, B. Braun, V. Vu, A. J. Blumberg, B. Parno, and M. Walfish. Resolving the conflict between generality and plausibility in verified computation. In EuroSys, pages 71--84, 2013.
[39]
S. T. V. Setty, R. McPherson, A. J. Blumberg, and M. Walfish. Making argument systems for outsourced computation practical (sometimes). In NDSS, 2012.
[40]
S. Singh and S. Prabhakar. Ensuring correctness over untrusted private database. In EDBT, 2008.
[41]
R. Tamassia. Authenticated data structures. In ESA, pages 2--5, 2003.
[42]
V. Vu, S. T. V. Setty, A. J. Blumberg, and M. Walfish. A hybrid architecture for interactive verifiable computation. In IEEE S&P, pages 223--237, 2013.
[43]
Y. Yang, D. Papadias, S. Papadopoulos, and P. Kalnis. Authenticated join processing in outsourced databases. In SIGMOD, pages 5--18, 2009.
[44]
Y. Yang, S. Papadopoulos, D. Papadias, and G. Kollios. Authenticated indexing for outsourced spatial databases. The VLDB Journal, 18(3):631--648, 2009.
[45]
Z. Yang, S. Gao, J. Xu, and B. Choi. Authentication of range query results in MapReduce environments. In CloudDB, 2011.

Cited By

View all
  • (2025)PoneglyphDB: Efficient Non-interactive Zero-Knowledge Proofs for Arbitrary SQL-Query VerificationProceedings of the ACM on Management of Data10.1145/37097133:1(1-27)Online publication date: 11-Feb-2025
  • (2024)Research progress of verifiable technologies for outsourcing servicesSCIENTIA SINICA Informationis10.1360/SSI-2022-036054:3(514)Online publication date: 6-Mar-2024
  • (2024)Honest-Majority Maliciously Secure Skyline Queries on Outsourced DataProceedings of the 33rd ACM International Conference on Information and Knowledge Management10.1145/3627673.3679666(344-353)Online publication date: 21-Oct-2024
  • Show More Cited By

Index Terms

  1. IntegriDB: Verifiable SQL for Outsourced Databases

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
      October 2015
      1750 pages
      ISBN:9781450338325
      DOI:10.1145/2810103
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 12 October 2015

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. authenticated data structures
      2. verifiable computation

      Qualifiers

      • Research-article

      Funding Sources

      • NSF
      • the U.S. Army Research Laboratory and the U.K. Ministry of Defence

      Conference

      CCS'15
      Sponsor:

      Acceptance Rates

      CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;
      Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)91
      • Downloads (Last 6 weeks)19
      Reflects downloads up to 15 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2025)PoneglyphDB: Efficient Non-interactive Zero-Knowledge Proofs for Arbitrary SQL-Query VerificationProceedings of the ACM on Management of Data10.1145/37097133:1(1-27)Online publication date: 11-Feb-2025
      • (2024)Research progress of verifiable technologies for outsourcing servicesSCIENTIA SINICA Informationis10.1360/SSI-2022-036054:3(514)Online publication date: 6-Mar-2024
      • (2024)Honest-Majority Maliciously Secure Skyline Queries on Outsourced DataProceedings of the 33rd ACM International Conference on Information and Knowledge Management10.1145/3627673.3679666(344-353)Online publication date: 21-Oct-2024
      • (2024)Enabling Verifiable and Secure Range Query in Multi-User Setting Under Cloud EnvironmentsIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2024.341993036:12(8148-8163)Online publication date: Dec-2024
      • (2024)VeriRange: A Verifiable Range Query Model on Encrypted Geographic Data for IoT EnvironmentIEEE Internet of Things Journal10.1109/JIOT.2023.329458911:2(3068-3081)Online publication date: 15-Jan-2024
      • (2024)V2FS : A Verifiable Virtual Filesystem for Multi-Chain Query Authentication2024 IEEE 40th International Conference on Data Engineering (ICDE)10.1109/ICDE60146.2024.00160(1999-2011)Online publication date: 13-May-2024
      • (2024)Blockchain-based Crowdsourcing for Human Intelligence Tasks with Dual FairnessBlockchain: Research and Applications10.1016/j.bcra.2024.100213(100213)Online publication date: Jun-2024
      • (2024)AegisDB: Scalable Blockchain Database with Secure Decentralised Load BalancingInformation Security and Privacy10.1007/978-981-97-5101-3_6(105-119)Online publication date: 15-Jul-2024
      • (2023)TAPProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620600(6489-6506)Online publication date: 9-Aug-2023
      • (2023)Modernization of Databases in the Cloud Era: Building Databases that Run Like LegosProceedings of the VLDB Endowment10.14778/3611540.361163916:12(4140-4151)Online publication date: 1-Aug-2023
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media