IntegriDB: Verifiable SQL for Outsourced Databases

This paper presents IntegriDB, a system allowing a data owner to outsource storage of a database to an untrusted server, and then enable anyone to perform verifiable SQL queries over that database. Our system handles a rich subset of SQL queries, including multidimensional range queries, JOIN, SUM, MAX/MIN, COUNT, and AVG, as well as (limited) nestings of such queries. Even for tables with 105 entries, IntegriDB has small proofs (a few KB) that depend only logarithmically on the size of the database, low verification time (tens of milliseconds), and feasible server computation (under a minute). Efficient updates are also supported. We prove security of IntegriDB based on known cryptographic assumptions, and demonstrate its practicality and expressiveness via performance measurements and verifiable processing of SQL queries from the TPC-H and TPC-C benchmarks.

[1]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[2]  Benjamin Braun,et al.  Verifying computations with state , 2013, IACR Cryptol. ePrint Arch..

[3]  Stavros Papadopoulos,et al.  Separating Authentication from Query Execution in Outsourced Databases , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[4]  Roberto Tamassia,et al.  Authenticated Data Structures , 2003, ESA.

[5]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[6]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[7]  Jianliang Xu,et al.  Authentication of location-based skyline queries , 2011, CIKM '11.

[8]  Gene Tsudik,et al.  Signature Bouquets: Immutability for Aggregated/Condensed Signatures , 2004, ESORICS.

[9]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[10]  Michael T. Goodrich,et al.  On the Cost of Persistence and Authentication in Skip Lists , 2007, WEA.

[11]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[12]  Feifei Li,et al.  Authenticated Index Structures for Aggregation Queries , 2010, TSEC.

[13]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[14]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[15]  Sunil Prabhakar,et al.  Ensuring correctness over untrusted private database , 2008, EDBT '08.

[16]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[17]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[18]  Gene Tsudik,et al.  DSAC: integrity for outsourced databases with signature aggregation and chaining , 2005, CIKM '05.

[19]  Kian-Lee Tan,et al.  Authenticating Multi-dimensional Query Results in Data Publishing , 2006, DBSec.

[20]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[21]  Omer Paneth,et al.  Verifiable Set Operations over Outsourced Databases , 2014, IACR Cryptol. ePrint Arch..

[22]  Yin Yang,et al.  Authenticated join processing in outsourced databases , 2009, SIGMOD Conference.

[23]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[24]  Radu Sion,et al.  CorrectDB: SQL Engine with Practical Query Authentication , 2013, Proc. VLDB Endow..

[25]  Jon Howell,et al.  Geppetto: Versatile Verifiable Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[26]  Roberto Tamassia,et al.  Optimal Verification of Operations on Dynamic Sets , 2011, CRYPTO.

[27]  Roberto Tamassia,et al.  Practical Authenticated Pattern Matching with Optimal Proof Size , 2015, Proc. VLDB Endow..

[28]  Yin Yang,et al.  Authenticated indexing for outsourced spatial databases , 2009, The VLDB Journal.

[29]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[30]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[31]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[32]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[33]  Cyrus Shahabi,et al.  Verifying spatial queries using Voronoi neighbors , 2010, GIS '10.

[34]  Elaine Shi,et al.  Authenticated data structures, generically , 2014, POPL.

[35]  Srinath T. V. Setty,et al.  A Hybrid Architecture for Interactive Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[36]  Michael Gertz,et al.  Authentic Data Publication Over the Internet , 2003, J. Comput. Secur..

[37]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[38]  Kyriakos Mouratidis,et al.  Scalable Verification for Outsourced Dynamic Databases , 2009, Proc. VLDB Endow..

[39]  Elaine Shi,et al.  Streaming Authenticated Data Structures , 2013, EUROCRYPT.

[40]  Stavros Papadopoulos,et al.  Taking Authenticated Range Queries to Arbitrary Dimensions , 2014, CCS.

[41]  Michael Gertz,et al.  A General Model for Authenticated Data Structures , 2004, Algorithmica.

[42]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[43]  Jianliang Xu,et al.  Authentication of range query results in mapreduce environments , 2011, CloudDB '11.

[44]  Ronald L. Rivest,et al.  Introduction to Algorithms, 3rd Edition , 2009 .

[45]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[46]  Kian-Lee Tan,et al.  Authenticating query results in edge computing , 2004, Proceedings. 20th International Conference on Data Engineering.