Security-Efficiency Tradeoffs in Searchable Encryption

Bost, Raphaël; Fouque, Pierre-Alain

doi:10.2478/popets-2019-0062

Cited by 13 publications

(7 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…decrypting the results obtained from the server. Algorithm 3, specifically lines (25)(26)(27), is employed for the decryption process. Subsequently, the client generates a filter line (25)(26)(27) to identify and retain the values that were added, ensuring that only those additions and not the deleted values persist within the designated group ID 1 .…”

Section: Plos Onementioning

confidence: 99%

“…Algorithm 3, specifically lines (25)(26)(27), is employed for the decryption process. Subsequently, the client generates a filter line (25)(26)(27) to identify and retain the values that were added, ensuring that only those additions and not the deleted values persist within the designated group ID 1 . After decryption, the plaintext data and current Con are returned to the server for storage in the hash table S r .…”

Section: Plos Onementioning

confidence: 99%

“…After this, the researchers turned their attention to Dynamic SSE (DSSE) [20][21][22][23][24][25][26]. Secure DSSE schemes are challenging, from a security perspective, because database updates may reveal additional information to the server.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A provably lightweight and secure DSSE scheme, with a constant storage cost for a smart device client

Bulbul,

Abduljabbar,

Mohammed

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

Outsourcing data to remote cloud providers is becoming increasingly popular amongst organizations and individuals. A semi-trusted server uses Searchable Symmetric Encryption (SSE) to keep the search information under acceptable leakage levels whilst searching an encrypted database. A dynamic SSE (DSSE) scheme enables the adding and removing of documents by performing update queries, where some information is leaked to the server each time a record is added or removed. The complexity of structures and cryptographic primitives in most existing DSSE schemes makes them inefficient, in terms of storage, and query requests generate overhead costs on the Smart Device Client (SDC) side. Achieving constant storage cost for SDCs enhances the viability, efficiency, and easy user experience of smart devices, promoting their widespread adoption in various applications while upholding robust privacy and security standards. DSSE schemes must address two important privacy requirements: forward and backward privacy. Due to the increasing number of keywords, the cost of storage on the client side is also increasing at a linear rate. This article introduces an innovative, secure, and lightweight Dynamic Searchable Symmetric Encryption (DSSE) scheme, ensuring Type-II backward and forward privacy without incurring ongoing storage costs and high-cost query generation for the SDC. The proposed scheme, based on an inverted index structure, merges the hash table with linked nodes, linking encrypted keywords in all hash tables. Achieving a one-time O(1) storage cost without keyword counters on the SDC side, the scheme enhances security by generating a fresh key for each update. Experimental results show low-cost query generation on the SDC side (6,460 nanoseconds), making it compatible with resource-limited devices. The scheme outperforms existing ones, reducing server-side search costs significantly.

show abstract

Section: Plos Onementioning

confidence: 99%

Section: Plos Onementioning

confidence: 99%

See 1 more Smart Citation

A provably lightweight and secure DSSE scheme, with a constant storage cost for a smart device client

Bulbul,

Abduljabbar,

Mohammed

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

show abstract

“…For now, we note that it involves buffering O (W ) updates on the client side before pushing them to the server, where W is an upper bound on the number of searchable keywords. It was proved in [10] that single-round forward-secure SSE requires Ω(W ) client storage. As a consequence, the new buffer does not increase client storage beyond a constant factor 3 .…”

Section: Our Contributionsmentioning

confidence: 99%

“…Recall that our scheme uses W bins, each of capacity one page. As noted in the introduction, single-round forward-secure SSE requires Ω(W ) client storage [10]. If we buffer W updates on the client before pushing them to the server, we can afford to scan all W bins.…”

Section: Technical Overviewmentioning

confidence: 99%

Hermes: I/O-Efficient Forward-Secure Searchable Symmetric Encryption

Minaud,

Reichle

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Dynamic Symmetric Searchable Encryption (SSE) enables a user to outsource the storage of an encrypted database to an untrusted server, while retaining the ability to privately search and update the outsourced database. The performance bottleneck of SSE schemes typically comes from their I/O efficiency. Over the last decade, a line of work has substantially improved that bottleneck. However, all existing I/O-efficient SSE schemes have a common limitation: they are not forward-secure. Since the seminal work of Bost at CCS 2016, forward security has become a de facto standard in SSE. In the same article, Bost conjectures that forward security and I/O efficiency are incompatible. This explains the current status quo, where users are forced to make a difficult choice between security and efficiency. The central contribution of this paper it to show that, contrary to what the status quo suggests, forward security and I/O efficiency can be realized simultaneously. This result is enabled by two new key techniques. First, we make use of a controlled amount of client buffering, combined with a deterministic update schedule. Second, we introduce the notion of SSE supporting dummy updates. In combination, those two techniques offer a new path to realizing forward security, which is compatible with I/O efficiency. Our new SSE scheme, Hermes, achieves sublogarithmic I/O efficiency O log log N p , storage efficiency O (1), with standard leakage, as well as backward and forward security. Practical experiments confirm that Hermes achieves excellent performance.

show abstract