Oblivious keyword search

In this paper, we introduce a notion of oblivious keyword search (OKS). Let W be the set of possible keywords. In the commit phase, a database supplier I commits n data. In each transfer subphase, a user U can choose a keyword w∈W adaptively and find Search(w) without revealing w to I, where Search(w) is the set of all data which includes w as a keyword.We then show two efficient protocols such that the size of the commitments is only O(nB) regardless of the size of W, where B is the size of each data. It is formally proved that U learns nothing more than search(w) and J gains no information on the keywords which U searched for. We further present a more efficient adaptive OTkn protocol than the previous one [19] as an application of our first OKS protocol.

[1]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[2]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[3]  Chanathip Namprempre,et al.  The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme , 2002, Financial Cryptography.

[4]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[5]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[6]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[7]  Christian Cachin On the Foundations of Oblivious Transfer , 1998, EUROCRYPT.

[8]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[9]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Applications , 1989, CRYPTO.

[10]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[11]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[12]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[13]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[14]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[15]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[16]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[17]  Claude Cripeaut Equivalence Between Two Flavours of Oblivious Transfers , 1988 .

[18]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[19]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[20]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[21]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[22]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[23]  Phong Q. Nguyen,et al.  Noisy Polynomial Interpolation and Noisy Chinese Remaindering , 2000, EUROCRYPT.

[24]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.