Leakage Cell Probe Model: Lower Bounds for Key-Equality Mitigation in Encrypted Multi-Maps

Encrypted multi-maps (EMMs) enable clients to outsource the storage of a multi-map to a potentially untrusted server while maintaining the ability to perform operations in a privacy-preserving manner. EMMs are an important primitive as they are an integral building block for many practical applications such as searchable encryption and encrypted databases. In this work, we formally examine the tradeoffs between privacy and efficiency for EMMs. Currently, all known dynamic EMMs with constant overhead reveal if two operations are performed on the same key or not; that is, they leak the global key-equality pattern. In our main result, we present strong evidence that the leakage of the global key-equality pattern is inherent for any dynamic EMM construction with O(1) efficiency. In particular, we consider the slightly smaller leakage of decoupled key-equality pattern where leakage of key-equality between update and query operations is decoupled and the adversary only learns whether two operations of the same type are performed on the same key or not. We show that any EMM with at most decoupled key-equality pattern leakage incurs Ω(lgn) overhead in the leakage cell probe model . This is tight as there exist ORAM-based constructions of EMMs with logarithmic slowdown that leak no more than the decoupled key-equality pattern (and actually, much less). Furthermore, we present stronger lower bounds that encrypted multi-maps leaking at most the decoupled key-equality pattern but are able to perform one of either the update or query operations in the plaintext still require Ω(lgn) overhead. Finally, we extend our lower bounds to show that dynamic, response-hiding searchable encryption schemes must also incur Ω(lgn) overhead even when one of either the document updates or searches may be performed in the plaintext.

[1]  Friedhelm Meyer auf der Heide,et al.  Dynamic perfect hashing: upper and lower bounds , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[2]  Michael E. Saks,et al.  The cell probe complexity of dynamic data structures , 1989, STOC '89.

[3]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[4]  Rasmus Pagh,et al.  Hashing, randomness and dictionaries , 2010 .

[5]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[6]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[7]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[8]  R. Ostrovsky,et al.  How to Garble RAM Programs 3 , 2013 .

[9]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[10]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[11]  Seny Kamara,et al.  SQL on Structurally-Encrypted Databases , 2018, IACR Cryptol. ePrint Arch..

[12]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[13]  Kasper Green Larsen,et al.  Crossing the Logarithmic Barrier for Dynamic Boolean Data Structure Lower Bounds , 2017, Electron. Colloquium Comput. Complex..

[14]  Seny Kamara,et al.  Boolean Searchable Symmetric Encryption with Worst-Case Sub-linear Complexity , 2017, EUROCRYPT.

[15]  Vitaly Shmatikov,et al.  Why Your Encrypted Database Is Not Secure , 2017, HotOS.

[16]  Abhi Shelat,et al.  Multi-Key Searchable Encryption, Revisited , 2018, IACR Cryptol. ePrint Arch..

[17]  Alptekin Küpçü,et al.  Efficient Dynamic Searchable Encryption with Forward Privacy , 2017, Proc. Priv. Enhancing Technol..

[18]  Kasper Green Larsen,et al.  Yes, There is an Oblivious RAM Lower Bound! , 2018, IACR Cryptol. ePrint Arch..

[19]  K. Paterson,et al.  Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[20]  Sarvar Patel,et al.  PanORAMa: Oblivious RAM with Logarithmic Overhead , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[21]  Seny Kamara,et al.  Structured Encryption and Leakage Suppression , 2018, IACR Cryptol. ePrint Arch..

[22]  Sarvar Patel,et al.  What Storage Access Privacy is Achievable with Small Overhead? , 2019, IACR Cryptol. ePrint Arch..

[23]  Kasper Green Larsen,et al.  Lower Bounds for Multi-Server Oblivious RAMs , 2019, IACR Cryptol. ePrint Arch..

[24]  Kasper Green Larsen,et al.  Lower Bounds for Oblivious Data Structures , 2018, SODA.

[25]  Marie-Sarah Lacharité,et al.  Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[26]  Tal Malkin,et al.  Lower Bounds for Oblivious Near-Neighbor Search , 2019, IACR Cryptol. ePrint Arch..

[27]  Roberto Tamassia,et al.  The State of the Uniform: Attacks on Encrypted Databases Beyond the Uniform Query Distribution , 2020, 2020 IEEE Symposium on Security and Privacy (SP).