In a private similarity search (PSS) protocol, a client receives from the database the entry, closest to her query, without either the client or the database getting to know more information than necessary. PSS protocols have potentially wide application in areas like bioinformatics, where precise queries might be impossible. We show that the previously proposed PSS protocols by Du and Atallah have serious weaknesses; in particular, some of their protocols can be broken by a semi-honest third party who observes a relatively small amount of traffic. In several cases, we show that even maximally securified versions of these protocols— when used as proposed by Du and Atallah—are not private in the sense, needed in the practice. We propose a few protocols that are better from the privacy viewpoint, but none of the proposed protocols is really efficient.
[1]
Helger Lipmaa,et al.
An Oblivious Transfer Protocol with Log-Squared Communication
,
2005,
ISC.
[2]
Moni Naor,et al.
Privacy preserving auctions and mechanism design
,
1999,
EC '99.
[3]
Wenliang Du,et al.
Protocols for Secure Remote Database Access with Approximate Matching
,
2001,
E-Commerce Security and Privacy.
[4]
Andrew Chi-Chih Yao,et al.
Protocols for Secure Computations (Extended Abstract)
,
1982,
FOCS.
[5]
Pascal Paillier,et al.
Public-Key Cryptosystems Based on Composite Degree Residuosity Classes
,
1999,
EUROCRYPT.