research-article

Public Access

Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds

Authors:

David J. WuAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 1167 - 1178

https://doi.org/10.1145/2976749.2978376

Published: 24 October 2016 Publication History

Abstract

In the last few years, there has been significant interest in developing methods to search over encrypted data. In the case of range queries, a simple solution is to encrypt the contents of the database using an order-preserving encryption (OPE) scheme (i.e., an encryption scheme that supports comparisons over encrypted values). However, Naveed et al. (CCS 2015) recently showed that OPE-encrypted databases are extremely vulnerable to "inference attacks."

In this work, we consider a related primitive called order-revealing encryption (ORE), which is a generalization of OPE that allows for stronger security. We begin by constructing a new ORE scheme for small message spaces which achieves the "best-possible" notion of security for ORE. Next, we introduce a "domain extension" technique and apply it to our small-message-space ORE. While our domain-extension technique does incur a loss in security, the resulting ORE scheme we obtain is more secure than all existing (stateless and non-interactive) OPE and ORE schemes which are practical. All of our constructions rely only on symmetric primitives. As part of our analysis, we also give a tight lower bound for OPE and show that no efficient OPE scheme can satisfy best-possible security if the message space contains just three messages. Thus, achieving strong notions of security for even small message spaces requires moving beyond OPE.

Finally, we examine the properties of our new ORE scheme and show how to use it to construct an efficient range query protocol that is robust against the inference attacks of Naveed et al. We also give a full implementation of our new ORE scheme, and show that not only is our scheme more secure than existing OPE schemes, it is also faster: encrypting a 32-bit integer requires just 55 microseconds, which is more than 65 times faster than existing OPE schemes.

References

[1]

R. Abelson and J. Creswell. Data breach at anthem may forecast a trend. The New York Times, 2015.

[2]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order-preserving encryption for numeric data. In ACM SIGMOD, 2004.

Digital Library

[3]

P. Ananth and A. Jain. Indistinguishability obfuscation from compact functional encryption. In CRYPTO, 2015.

[4]

B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. J. ACM, 2012.

Digital Library

[5]

M. Bellare, V. T. Hoang, S. Keelveedhi, and P. Rogaway. Efficient garbling from a fixed-key blockcipher. In IEEE SP, 2013.

Digital Library

[6]

M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In CCS, 1993.

Digital Library

[7]

C. Binnig, S. Hildenbrand, and F. Farber. Dictionary-based order-preserving string compression for main memory column stores. In ACM SIGMOD, 2009.

Digital Library

[8]

T. Boelter, R. Poddar, and R. A. Popa. A secure one-roundtrip index for range queries. Cryptology ePrint Archive, Report 2016/568, 2016.

[9]

A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In EUROCRYPT, 2009.

Digital Library

[10]

A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO, 2011.

Digital Library

[11]

D. Boneh, C. Gentry, S. Halevi, F. Wang, and D. J. Wu. Private database queries using somewhat homomorphic encryption. In ACNS, 2013.

Digital Library

[12]

D. Boneh, K. Lewi, M. Raykova, A. Sahai, M. Zhandry, and J. Zimmerman. Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation. In EUROCRYPT, 2015.

[13]

D. Boneh, A. Sahai, and B. Waters. Functional encryption: Definitions and challenges. In TCC, 2011.

Digital Library

[14]

D. Boneh and A. Silverberg. Applications of multilinear forms to cryptography. Contemporary Mathematics, 2003.

[15]

D. Boneh and B. Waters. Conjunctive, subset, and range queries on encrypted data. In TCC, 2007.

Digital Library

[16]

Z. Brakerski, I. Komargodski, and G. Segev. From single-input to multi-input functional encryption in the private-key setting. IACR Cryptology ePrint Archive, 2015.

[17]

D. Cash, J. Jaeger, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS, 2014.

[18]

D. Cash, S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In CRYPTO, 2013.

[19]

Y. Chang and M. Mitzenmacher. Privacy preserving keyword searches on remote encrypted data. In ACNS, 2005.

Digital Library

[20]

M. Chase and S. Kamara. Structured encryption and controlled disclosure. In ASIACRYPT, pages 577--594, 2010.

[21]

S. Chatterjee and M. P. L. Das. Property preserving symmetric encryption revisited. In ASIACRYPT, 2015.

Digital Library

[22]

N. Chenette, K. Lewi, S. A. Weis, and D. J. Wu. Practical order-revealing encryption with limited leakage. In FSE, 2016.

Digital Library

[23]

J. Coron, T. Lepoint, and M. Tibouchi. Practical multilinear maps over the integers. In CRYPTO, 2013.

[24]

R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In ACM CCS, 2006.

Digital Library

[25]

S. Faber, S. Jarecki, H. Krawczyk, Q. Nguyen, M. Rosu, and M. Steiner. Rich queries on encrypted data: Beyond exact matches. In ESORICS, 2015.

[26]

J. Finkle and D. Volz. Database of 191 million u.s. voters exposed on internet: researcher. Reuters, 2015.

[27]

S. Garg, C. Gentry, and S. Halevi. Candidate multilinear maps from ideal lattices. In EUROCRYPT, 2013.

[28]

S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, and B. Waters. Candidate indistinguishability obfuscation and functional encryption for all circuits. In FOCS, 2013.

Digital Library

[29]

C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC, 2009.

Digital Library

[30]

E. Goh. Secure indexes. IACR Cryptology ePrint Archive, 2003.

[31]

O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. J. ACM, 1986.

Digital Library

[32]

O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. J. ACM, 1996.

Digital Library

[33]

S. Goldwasser, S. D. Gordon, V. Goyal, A. Jain, J. Katz, F. Liu, A. Sahai, E. Shi, and H. Zhou. Multi-input functional encryption. In EUROCRYPT, 2014.

[34]

S. Goldwasser and S. Micali. Probabilistic encryption. J. Comput. Syst. Sci., 1984.

[35]

T. Granlund and the GMP development team. GNU MP: The GNU Multiple Precision Arithmetic Library. http://gmplib.org/, 2012.

[36]

S. Gueron and N. Mouha. Simpira v2: A family of efficient permutations using the AES round function. IACR Cryptology ePrint Archive, 2016.

[37]

S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Outsourced symmetric private information retrieval. In ACM CCS, 2013.

Digital Library

[38]

H. Kadhem, T. Amagasa, and H. Kitagawa. A secure and efficient order preserving encryption scheme for relational databases. In KMIS, 2010.

[39]

G. Kelly. ebay suffers massive security breach, all users must change their passwords. Forbes, 2014.

[40]

F. Kerschbaum. Frequency-hiding order-preserving encryption. In ACM CCS, 2015.

Digital Library

[41]

F. Kerschbaum and A. Schröpfer. Optimal average-complexity ideal-security order-preserving encryption. In ACM CCS, 2014.

Digital Library

[42]

S. Kim, K. Lewi, A. Mandal, H. W. Montgomery, A. Roy, and D. J. Wu. Function-hiding inner product encryption is practical. IACR Cryptology ePrint Archive, 2016.

[43]

K. Lewi and D. J. Wu. Order-revealing encryption: New constructions, applications, and lower bounds. IACR Cryptology ePrint Archive, 2016:612, 2016.

Digital Library

[44]

M. Luby and C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput., 1988.

Digital Library

[45]

C. Mavroforakis, N. Chenette, A. O'Neill, G. Kollios, and R. Canetti. Modular order-preserving encryption, revisited. In ACM SIGMOD, 2015.

Digital Library

[46]

M. Naveed, S. Kamara, and C. V. Wright. Inference attacks on property-preserving encrypted databases. In ACM CCS, 2015.

Digital Library

[47]

M. Naveed, M. Prabhakaran, and C. A. Gunter. Dynamic searchable encryption via blind storage. In IEEE SP, 2014.

Digital Library

[48]

O. Pandey and Y. Rouselakis. Property preserving symmetric encryption. In EUROCRYPT, 2012.

Digital Library

[49]

V. Pappas, F. Krell, B. Vo, V. Kolesnikov, T. Malkin, S. G. Choi, W. George, A. D. Keromytis, and S. Bellovin. Blind seer: A scalable private DBMS. In IEEE SP, 2014.

Digital Library

[50]

R. A. Popa, F. H. Li, and N. Zeldovich. An ideal-security protocol for order-preserving encoding. In IEEE SP, 2013.

Digital Library

[51]

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In ACM SOSP, 2011.

Digital Library

[52]

D. S. Roche, D. Apon, S. G. Choi, and A. Yerukhimovich. POPE: partial order-preserving encoding. IACR Cryptology ePrint Archive, 2015.

[53]

D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In IEEE SP, 2000.

Digital Library

[54]

I. Teranishi, M. Yung, and T. Malkin. Order-preserving encryption secure beyond one-wayness. In ASIACRYPT, 2014.

[55]

The OpenSSL Project. OpenSSL: The open source toolkit for SSL/TLS. www.openssl.org, 2003.

[56]

A. C. Yao. Protocols for secure computations (extended abstract). In FOCS, 1982.

Digital Library

[57]

M. Yasuda, T. Shimoyama, J. Kogure, K. Yokoyama, and T. Koshiba. Secure pattern matching using somewhat homomorphic encryption. In CCSW, 2013.

Digital Library

Cited By

Zheng YZhu HLu RZhang SWang FShao JLi H(2025)Efficient and Privacy-Preserving Weighted Range Set Sampling in CloudIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.340881622:1(534-548)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3408816
Blindenbach JKang JHong SKaram CLehner TGürsoy G(2024)SQUiD: ultra-secure storage and analysis of genetic data for the advancement of precision medicineGenome Biology10.1186/s13059-024-03447-925:1Online publication date: 18-Dec-2024
https://doi.org/10.1186/s13059-024-03447-9
Xiao HSuh GDevadas SLuo BLiao XXu JKirda ELie D(2024)Formal Privacy Proof of Data Encoding: The Possibility and Impossibility of Learnable EncryptionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670277(1834-1848)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670277
Show More Cited By

Index Terms

Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds
1. Security and privacy
  1. Cryptography
    1. Symmetric cryptography and hash functions
  2. Database and storage security
    1. Management and querying of encrypted data
2. Theory of computation
  1. Computational complexity and cryptography
    1. Cryptographic primitives

Recommendations

Delegatable Order-Revealing Encryption
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Order-revealing encryption (ORE) is a basic cryptographic primitive for ciphertext comparisons based on the order relationship of plaintexts while maintaining the privacy of them. In the data era we are experiencing, cross-dataset transactions become ...
Order-Revealing Encryption: File-Injection Attack and Forward Security
Computer Security
Abstract
Order-preserving encryption (OPE) and order-revealing encryption (ORE) are among the core ingredients for encrypted databases (EDBs). In this work, we study the leakage of OPE and ORE and their forward security.
We propose generic yet powerful file-...
Order-Revealing Encryption: File-Injection Attack and Forward Security
Abstract
Order-preserving encryption (OPE) and order-revealing encryption (ORE) are among the core ingredients for encrypted databases (EDBs). In this work, we study the leakage of OPE and ORE and their forward security. We propose generic yet powerful ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

141
Total Citations
View Citations
2,086
Total Downloads

Downloads (Last 12 months)381
Downloads (Last 6 weeks)46

Reflects downloads up to 19 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zheng YZhu HLu RZhang SWang FShao JLi H(2025)Efficient and Privacy-Preserving Weighted Range Set Sampling in CloudIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.340881622:1(534-548)Online publication date: Jan-2025
https://doi.org/10.1109/TDSC.2024.3408816
Blindenbach JKang JHong SKaram CLehner TGürsoy G(2024)SQUiD: ultra-secure storage and analysis of genetic data for the advancement of precision medicineGenome Biology10.1186/s13059-024-03447-925:1Online publication date: 18-Dec-2024
https://doi.org/10.1186/s13059-024-03447-9
Xiao HSuh GDevadas SLuo BLiao XXu JKirda ELie D(2024)Formal Privacy Proof of Data Encoding: The Possibility and Impossibility of Learnable EncryptionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670277(1834-1848)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670277
Karn RNawaz KElfadel IDe V(2024)Order-Preserving Cryptography for the Confidential Inference in Random Forests: FPGA Design and ImplementationProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3658481(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3658481
Song YGe XYu JHao RYang M(2024)Enabling Privacy-Preserving K-Hop Reachability Query Over Encrypted GraphsIEEE Transactions on Services Computing10.1109/TSC.2024.338295417:3(893-904)Online publication date: May-2024
https://doi.org/10.1109/TSC.2024.3382954
Hu MChen LChen GMu YDeng R(2024)A Pruned Pendant Vertex Based Index for Shortest Distance Query Under Structured Encrypted GraphIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341415619(6351-6363)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3414156
Zhang FYang CZong RZheng XWang JMeng Y(2024)An Efficient and Scalable FHE-Based PDQ Scheme: Utilizing FFT to Design a Low Multiplication Depth Large-Integer Comparison AlgorithmIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334824619(2258-2272)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3348246
Lv CWang JSun SWang YQi SChen X(2024)Towards Practical Multi-Client Order-Revealing Encryption: Improvement and ApplicationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.326865221:3(1111-1126)Online publication date: May-2024
https://doi.org/10.1109/TDSC.2023.3268652
Zhang CXie QWang MGuo YJia X(2024)Optimal Compression for Encrypted Key-Value Store in Cloud SystemsIEEE Transactions on Computers10.1109/TC.2024.334965373:3(928-941)Online publication date: Mar-2024
https://doi.org/10.1109/TC.2024.3349653
Qiao HPeng CFeng QLuo MHe D(2024)Ciphertext Range Query Scheme Against Agent Transfer and Permission Extension Attacks for Cloud ComputingIEEE Internet of Things Journal10.1109/JIOT.2024.336014111:10(17975-17988)Online publication date: 15-May-2024
https://doi.org/10.1109/JIOT.2024.3360141
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten