Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Encapsulated Search Index: Public-Key, Sub-linear, Distributed, and Delegatable

  • Conference paper
  • First Online:
Public-Key Cryptography – PKC 2022 (PKC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13178))

Included in the following conference series:

Abstract

We build the first sub-linear (in fact, potentially constant-time) public-key searchable encryption system:

  • server can publish a public key PK.

  • anybody can build an encrypted index for document D under PK.

  • client holding the index can obtain a token \(z_w\) from the server to check if a keyword w belongs to D.

  • search using \(z_w\) is almost as fast (e.g., sub-linear) as the non-private search.

  • server granting the token does not learn anything about the document D, beyond the keyword w.

  • yet, the token \(z_w\) is specific to the pair (Dw): the client does not learn if other keywords \(w'\ne w\) belong to D, or if w belongs to other, freshly indexed documents \(D'\).

  • server cannot fool the client by giving a wrong token \(z_w\).

We call such a primitive Encapsulated Search Index (ESI). Our ESI scheme can be made (tn)-distributed among n servers in the best possible way: non-interactive, verifiable, and resilient to any coalition of up to \((t-1)\) malicious servers. We also introduce the notion of delegatable ESI and show how to extend our construction to this setting.

   Our solution — including public indexing, sub-linear search, delegation, and distributed token generation — is deployed as a commercial application by a real-world company.

Y. Dodis–Partially supported by gifts from VMware Labs and Google, and NSF grants 1619158, 1319051, 1314568.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    In fact, our solution will allow for generating secure indices even outside the Desktop, possibly by different parties. But for simplicity, we discuss the already interesting setting where Alice herself generates indices on the Desktop.

  2. 2.

    ESI is the first searchable encryption primitive to do so; see Sect. 1.3.

  3. 3.

    As other prior distributed VRFs were either interactive [23, 33], or had no verifiability [2, 36] or offered no formal model/analysis [16, 17, 21, 32, 41].

  4. 4.

    E.g., we cannot use the interactive threshold Cramer-Shoup [19] construction of [13].

  5. 5.

    From an application perspective, universal and document-specific setting are incomparable, as some application might want to restrict which keywords are allowed for different databases. On a technical level, however, a universal scheme can always be converted to a document-specific one, by prefixing the keyword with the name of the document D. Thus, universal searching is more powerful.

  6. 6.

    Unfortunately, as surveyed by Cash et al. [14] and further studied by [20, 31] (and others), all SSE schemes in the literature do not achieve the strongest possible keyword privacy and suffer from various forms of information leakage.

  7. 7.

    It is easy to see that our syntax guarantees that any ESI construction is unconditionally Privacy-Preserving (even with knowledge of SK), for the simple reason that \( \textsc {Prep}\) that produces c does not depend on the input document D. Thus, we will never explicitly address this property, but list it for completeness, as it is important for our motivating application.

  8. 8.

    The algorithm \( \textsc {Split}\) is not technically needed, as one can always set \(R=C\). In fact, this will be the case for our EVRF in Sect. 5.1. However, one could envision EVRF constructions where the \( \textsc {Split}\) procedure can do a non-trivial (input-independent) part of the overall \( {\textsc {Prove}}= \textsc {Core}( \textsc {Split})\) procedure, and without the need to know the secret key SK. This will be the case for some of the delegatable EVRFs we consider in Sect. 7.1.

  9. 9.

    Without loss of generality, we will always assume that all the t partial evaluations \(z_i'\) satisfy \( \textsc {Shr}\hbox {-}\textsc {Vfy}(PK,vk_i,z_i')= 1\) (else, we output \(\bot \) before calling \( \textsc {Combine}\)). See also the definition of \( {\textsc {Eval}}\) below to explicitly model this assumption.

  10. 10.

    Of course, the indexing step is proportional to the size of the file.

References

  1. Abdalla, M., et al.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 205–222. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_13

    Chapter  Google Scholar 

  2. Agrawal, S., Mohassel, P., Mukherjee, P., Rindal, P.: DiSE: distributed symmetric-key encryption. In: Lie, D., Mannan, M., Backes, M., Wang, X.F. (eds.), ACM CCS 2018, pp. 1993–2010. ACM Press, October 2018

    Google Scholar 

  3. Aronesty, E., et al.: Encapsulated search index: Public-key, sub-linear, distributed, and delegatable. https://cs.nyu.edu/~dodis/ps/esi.pdf (2021)

  4. Baek, J., Safavi-Naini, R., Susilo, W.: Public key encryption with keyword search revisited. In: Gervasi, O., Murgante, B., Laganà, A., Taniar, D., Mun, Y., Gavrilova, M.L. (eds.) ICCSA 2008. LNCS, vol. 5072, pp. 1249–1259. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-69839-5_96

    Chapter  Google Scholar 

  5. Bellovin, S.M., Cheswick, W.R.: Privacy-enhanced searches using encrypted bloom filters. Cryptology ePrint Archive, Report 2004/022 (2004). http://eprint.iacr.org/2004/022

  6. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)

    Article  Google Scholar 

  7. Boneh, D., Boyen, X., Halevi, S.: Chosen ciphertext secure public key threshold encryption without random oracles. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 226–243. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_15

    Chapter  Google Scholar 

  8. Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_30

    Chapter  Google Scholar 

  9. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)

    Article  MathSciNet  Google Scholar 

  10. Boneh, D., Kushilevitz, E., Ostrovsky, R., Skeith, W.E.: Public key encryption that allows PIR queries. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 50–67. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_4

    Chapter  Google Scholar 

  11. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30

    Chapter  Google Scholar 

  12. Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: Atluri, V., Meadows, C., Juels, A. (eds.), ACM CCS 2005, pp. 320–329. ACM Press, November 2005

    Google Scholar 

  13. Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack (Extended abstract). In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 90–106. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_7

    Chapter  Google Scholar 

  14. Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Ray, I., Li, N., Kruegel, C. (eds.), ACM CCS 2015, pp. 668–679. ACM Press, October 2015

    Google Scholar 

  15. Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_30

    Chapter  Google Scholar 

  16. Cloudflare. Cloudflare Randomness Beacon docs. https://developers.cloudflare.com/randomness-beacon/

  17. Corestar. corestario/tendermint, October 2020. original-date: 2018–12-19T13:33:15Z

    Google Scholar 

  18. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edition. The MIT Press, Cambridge (2009)

    Google Scholar 

  19. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055717

    Chapter  Google Scholar 

  20. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.), ACM CCS 2006, pp. 79–88. ACM Press, October/November 2006

    Google Scholar 

  21. DAOBet. DAOBet (ex - DAO.Casino) to Deliver On-Chain Random Beacon Based on BLS Cryptography, May 2019. https://daobet.org/blog/on-chain-random-generator/

  22. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceeding 2000 IEEE Symposium on Security and Privacy. S P 2000, pp. 44–55 (2000)

    Google Scholar 

  23. Dodis, Y.: Efficient construction of (Distributed) verifiable random functions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 1–17. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_1

    Chapter  Google Scholar 

  24. Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_28

    Chapter  Google Scholar 

  25. Feldman, F.A.: Fast spectral tests for measuring nonrandomness and the DES. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 243–254. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_22

    Chapter  Google Scholar 

  26. Galindo, D., Liu, J., Ordean, M., Wong, J.M.: Fully distributed verifiable random functions and their application to decentralised random beacons. Cryptology ePrint Archive, Report 2020/096 (2020). https://eprint.iacr.org/2020/096

  27. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptology 20(1), 51–83 (2007)

    Article  MathSciNet  Google Scholar 

  28. Goh, E.J.: Secure indexes. Cryptology ePrint Archive, Report 2003/216 (2003). http://eprint.iacr.org/2003/216

  29. Goldberg, S., Naor, M., Papadopoulos, D., Reyzin, L., Vasant, S., Ziv, A.: NSEC5: Provably preventing DNSSEC zone enumeration. In: NDSS 2015. The Internet Society, February 2015

    Google Scholar 

  30. Goldberg, S., Reyzin, L., Papadopoulos, D., Včelák, J.: Verifiable Random Functions (VRFs). Internet-Draft draft-irtf-cfrg-vrf-07, Internet Engineering Task Force, June 2020. Work in Progress

    Google Scholar 

  31. Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Yu, T., Danezis, G., Gligor, V.D. (eds.), ACM CCS 2012, pp. 965–976. ACM Press, October 2012

    Google Scholar 

  32. Keep. The Keep Random Beacon: An Implementation of a Threshold Relay, 2020. https://docs.keep.network/random-beacon/

  33. Kuchta, V., Manulis, M.: Unique aggregate signatures with applications to distributed verifiable random functions. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 251–270. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02937-5_14

    Chapter  Google Scholar 

  34. Lysyanskaya, A.: Unique signatures and verifiable random functions from the DH-DDH separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_38

    Chapter  Google Scholar 

  35. Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: 40th FOCS, pp. 120–130. IEEE Computer Society Press, October 1999

    Google Scholar 

  36. Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and KDCs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_23

    Chapter  Google Scholar 

  37. Naor, M., Yogev, E.: Tight bounds for sliding bloom filters. Algorithmica 73(4), 652–672 (2015)

    Article  MathSciNet  Google Scholar 

  38. Pagh, A., Pagh, R., Rao, S.S.: An optimal bloom filter replacement. In: Proceedings of the Sixteenth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2005, pp. 823–829, USA, Society for Industrial and Applied Mathematics (2005)

    Google Scholar 

  39. Pagh, R., Rodler, F.F.: Cuckoo hashing. J. Algorithms 51(2), 122–144 (2004)

    Article  MathSciNet  Google Scholar 

  40. Rhee, H.S., Park, J.H., Susilo, W., Lee, D.H.: Improved searchable public key encryption with designated tester. In: Li, W., Susilo, W., Tupakula, U.K., Safavi-Naini, R., Varadharajan, V. (eds.), ASIACCS 09, pp. 376–379. ACM Press, March 2009

    Google Scholar 

  41. Schindler, P., Judmayer, A., Stifter, N., Weippl, E.: ETHDKG: distributed key generation with ethereum smart contracts. Cryptology ePrint Archive, Report 2019/985 (2019). https://eprint.iacr.org/2019/985

  42. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  43. Stern, J. (ed.): EUROCRYPT 1999. LNCS, vol. 1592. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X

    Book  Google Scholar 

  44. Zhou, Y., Li, N., Tian, Y., An, D., Wang, L.: Public key encryption with keyword search in cloud: a survey. Entropy 22(4), 421 (2020)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Atakama, Atakama, Chile

    Erik Aronesty, Daniel H. Gallancy, Christopher Higley & Oren Tysor

  2. University of Chicago, Chicago, USA

    David Cash

  3. New York University, New York City, USA

    Yevgeniy Dodis & Harish Karthikeyan

Authors
  1. Erik Aronesty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Cash
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yevgeniy Dodis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel H. Gallancy
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christopher Higley
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Harish Karthikeyan
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Oren Tysor
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Harish Karthikeyan .

Editor information

Editors and Affiliations

  1. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Goichiro Hanaoka

  2. Yokohama National University, Yokohama, Japan

    Junji Shikata

  3. The University of Electro-Communications, Tokyo, Japan

    Yohei Watanabe

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Aronesty, E. et al. (2022). Encapsulated Search Index: Public-Key, Sub-linear, Distributed, and Delegatable. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds) Public-Key Cryptography – PKC 2022. PKC 2022. Lecture Notes in Computer Science(), vol 13178. Springer, Cham. https://doi.org/10.1007/978-3-030-97131-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-97131-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-97130-4

  • Online ISBN: 978-3-030-97131-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation