Security of Stateful Order-Preserving Encryption

Most of the proposed order-preserving encryption (OPE) schemes in the early stage of development including the first provably secure one are stateless and work efficiently, but guarantee only weak security. Additionally, subsequent works have shown that an ideal security notion IND-OCPA can be achieved using statefulness, ciphertexts mutability, and interactivity between client and server. Though such properties hinder availability of IND-OCPA secure OPE schemes, the only definitively known result is the impossibility of constructing a feasible IND-OCPA secure OPE scheme without ciphertext mutability. In this work, we study the security that can be fulfilled by only statefulness, from a viewpoint different from the existing research. We first consider a new security notion, called \(\delta \)-IND-OCPA, which is a natural relaxation of IND-OCPA. In comparison to IND-OCPA in which ciphertexts reveal no additional information beyond the order of the plaintexts, our notion can quantify the rate of plaintext bits that are leaked. To show achievability of our notion, we construct a new \(\delta \)-IND-OCPA secure OPE scheme. The proposed scheme is stateful and non-interactive, but does not require ciphertext mutation. Through several experiments, we show that our construction is also feasible and that has an advantage in the correlation analysis compared with the IND-OCPA secure scheme.

[1]  Mark Zhandry,et al.  Semantically Secure Order-Revealing Encryption: Multi-input Functional Encryption Without Obfuscation , 2015, EUROCRYPT.

[2]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[3]  Florian Kerschbaum,et al.  Optimal Average-Complexity Ideal-Security Order-Preserving Encryption , 2014, CCS.

[4]  Jonathan Katz,et al.  Characterization of Security Notions for Probabilistic Private-Key Encryption , 2005, Journal of Cryptology.

[5]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[6]  Nickolai Zeldovich,et al.  An Ideal-Security Protocol for Order-Preserving Encoding , 2013, 2013 IEEE Symposium on Security and Privacy.

[7]  K. Paterson,et al.  Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[8]  David J. Wu,et al.  Practical Order-Revealing Encryption with Limited Leakage , 2016, FSE.

[9]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[10]  Moti Yung,et al.  Order-Preserving Encryption Secure Beyond One-Wayness , 2014, IACR Cryptol. ePrint Arch..

[11]  Florian Kerschbaum,et al.  Frequency-Hiding Order-Preserving Encryption , 2015, CCS.

[12]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[13]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[14]  Thomas Ristenpart,et al.  Leakage-Abuse Attacks against Order-Revealing Encryption , 2017, 2017 IEEE Symposium on Security and Privacy (SP).