Substring-Searchable Symmetric Encryption

Open access


In this paper, we consider a setting where a client wants to outsource storage of a large amount of private data and then perform substring search queries on the data – given a data string s and a search string p, find all occurrences of p as a substring of s. First, we formalize an encryption paradigm that we call queryable encryption, which generalizes searchable symmetric encryption (SSE) and structured encryption. Then, we construct a queryable encryption scheme for substring queries. Our construction uses suffix trees and achieves asymptotic efficiency comparable to that of unencrypted suffix trees. Encryption of a string of length n takes On) time and produces a ciphertext of size On), and querying for a substring of length m that occurs k times takes Om+k) time and three rounds of communication. Our security definition guarantees correctness of query results and privacy of data and queries against a malicious adversary. Following the line of work started by Curtmola et al. (ACM CCS 2006), in order to construct more efficient schemes we allow the query protocol to leak some limited information that is captured precisely in the definition. We prove security of our substring-searchable encryption scheme against malicious adversaries, where the query protocol leaks limited information about memory access patterns through the suffix tree of the encrypted string.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] M. Abadi and P. Rogaway. Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2):103–127 2002.

  • [2] A. V. Aho and M. J. Corasick. Efficient string matching: An aid to bibliographic search. Comm. ACM 18(6):333–340 June 1975.

  • [3] J. Baron K. El Defrawy K. Minkovich R. Ostrovsky and E. Tressler. 5PM: Secure pattern matching. In I. Visconti and R. D. Prisco editors SCN 12 volume 7485 of LNCS pages 222–240. Springer Sept. 2012.

  • [4] M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In T. Okamoto editor ASIACRYPT 2000 volume 1976 of LNCS pages 531–545. Springer Dec. 2000.

  • [5] M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In T. Okamoto editor ASIACRYPT 2000 volume 1976 of LNCS pages 317–330. Springer Dec. 2000.

  • [6] S. Benabbas R. Gennaro and Y. Vahlis. Verifiable delegation of computation over large datasets. In P. Rogaway editor CRYPTO 2011 volume 6841 of LNCS pages 111–131. Springer Aug. 2011.

  • [7] D. Boneh A. Sahai and B. Waters. Functional encryption: Definitions and challenges. In Y. Ishai editor TCC 2011 volume 6597 of LNCS pages 253–273. Springer Mar. 2011.

  • [8] R. S. Boyer and J. S. Moore. A fast string searching algorithm. Comm. ACM 20(10):762–772 1977.

  • [9] Z. Brakerski and V. Vaikuntanathan. Efficient fully homomorphic encryption from (standard) LWE. In R. Ostrovsky editor 52nd FOCS pages 97–106. IEEE Computer Society Press Oct. 2011.

  • [10] Z. Brakerski C. Gentry and V. Vaikuntanathan. (leveled) fully homomorphic encryption without bootstrapping. In S. Goldwasser editor ITCS 2012 pages 309–325. ACM Jan. 2012.

  • [11] D. Cash S. Jarecki C. S. Jutla H. Krawczyk M.-C. Rosu and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In R. Canetti and J. A. Garay editors CRYPTO 2013 Part I volume 8042 of LNCS pages 353–373. Springer Aug. 2013. 10.1007/978-3-642-40041-4_20.

  • [12] D. Cash J. Jaeger S. Jarecki C. S. Jutla H. Krawczyk M.-C. Rosu and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In NDSS 2014. The Internet Society Feb. 2014.

  • [13] M. Chase and S. Kamara. Structured encryption and controlled disclosure. In M. Abe editor ASIACRYPT 2010 volume 6477 of LNCS pages 577–594. Springer Dec. 2010.

  • [14] K.-M. Chung Y. T. Kalai F.-H. Liu and R. Raz. Memory delegation. In P. Rogaway editor CRYPTO 2011 volume 6841 of LNCS pages 151–168. Springer Aug. 2011.

  • [15] T. H. Cormen C. E. Leiserson R. L. Rivest and C. Stein. Introduction to Algorithms. The MIT Press 3rd edition 2009.

  • [16] R. Curtmola J. A. Garay S. Kamara and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In A. Juels R. N. Wright and S. Vimercati editors ACM CCS 06 pages 79–88. ACM Press Oct. / Nov. 2006.

  • [17] I. Damgård V. Pastro N. P. Smart and S. Zakarias. Multiparty computation from somewhat homomorphic encryption. In R. Safavi-Naini and R. Canetti editors CRYPTO 2012 volume 7417 of LNCS pages 643–662. Springer Aug. 2012.

  • [18] C. Dwork M. Naor G. N. Rothblum and V. Vaikuntanathan. How efficient can memory checking be? In O. Reingold editor TCC 2009 volume 5444 of LNCS pages 503–520. Springer Mar. 2009.

  • [19] M. Farach. Optimal suffix tree construction with large alphabets. In 38th FOCS pages 137–143. IEEE Computer Society Press Oct. 1997.

  • [20] M. Fischlin. Pseudorandom function tribe ensembles based on one-way permutations: Improvements and applications. In J. Stern editor EUROCRYPT’99 volume 1592 of LNCS pages 432–445. Springer May 1999.

  • [21] C. Fletcher M. van Dijk and S. Devadas. A secure processor architecture for encrypted computation on untrusted programs. In STC 2012 2012.

  • [22] K. B. Frikken. Practical private DNA string searching and matching through efficient oblivious automata evaluation. In DBSec ’09 pages 81–94 2009.

  • [23] R. Gennaro C. Gentry and B. Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In T. Rabin editor CRYPTO 2010 volume 6223 of LNCS pages 465–482. Springer Aug. 2010.

  • [24] R. Gennaro C. Hazay and J. S. Sorensen. Text search protocols with simulation based security. In P. Q. Nguyen and D. Pointcheval editors PKC 2010 volume 6056 of LNCS pages 332–350. Springer May 2010.

  • [25] C. Gentry. Fully homomorphic encryption using ideal lattices. In M. Mitzenmacher editor 41st ACM STOC pages 169–178. ACM Press May / June 2009.

  • [26] C. Gentry S. Halevi and N. P. Smart. Homomorphic evaluation of the AES circuit. In R. Safavi-Naini and R. Canetti editors CRYPTO 2012 volume 7417 of LNCS pages 850–867. Springer Aug. 2012.

  • [27] C. Gentry S. Halevi and N. P. Smart. Fully homomorphic encryption with polylog overhead. In D. Pointcheval and T. Johansson editors EUROCRYPT 2012 volume 7237 of LNCS pages 465–482. Springer Apr. 2012.

  • [28] D. Gusfield. Algorithms on Strings Trees and Sequences: Computer Science and Computational Biology. Cambridge University Press 1997.

  • [29] C. Hazay and Y. Lindell. Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. Journal of Cryptology 23(3):422–456 July 2010.

  • [30] S. Kamara and C. Papamanthou. Parallel and dynamic searchable symmetric encryption. In A.-R. Sadeghi editor FC 2013 volume 7859 of LNCS pages 258–274. Springer Apr. 2013. 10.1007/978-3-642-39884-1_22.

  • [31] S. Kamara C. Papamanthou and T. Roeder. Dynamic searchable symmetric encryption. In T. Yu G. Danezis and V. D. Gligor editors ACM CCS 12 pages 965–976. ACM Press Oct. 2012.

  • [32] R. M. Karp and M. O. Rabin. Efficient randomized pattern-matching algorithms. IBM Journal of Research and Development 31(2):249–260 March 1987.

  • [33] J. Katz and Y. Lindell. Introduction to Modern Cryptography. Chapman & Hall/CRC 2008.

  • [34] J. Katz and L. Malka. Secure text processing with applications to private DNA matching. In E. Al-Shaer A. D. Keromytis and V. Shmatikov editors ACM CCS 10 pages 485–492. ACM Press Oct. 2010.

  • [35] J. Katz and M. Yung. Unforgeable encryption and chosen ciphertext secure modes of operation. In B. Schneier editor FSE 2000 volume 1978 of LNCS pages 284–299. Springer Apr. 2001.

  • [36] J. Katz A. Sahai and B. Waters. Predicate encryption supporting disjunctions polynomial equations and inner products. In N. P. Smart editor EUROCRYPT 2008 volume 4965 of LNCS pages 146–162. Springer Apr. 2008.

  • [37] D. E. Knuth J. H. M. Jr. and V. R. Pratt. Fast pattern matching in strings. SIAM Journal on Computing 6(2): 323–350 1977.

  • [38] K. Kurosawa and Y. Ohtaki. UC-secure searchable symmetric encryption. In A. D. Keromytis editor FC 2012 volume 7397 of LNCS pages 285–298. Springer Feb. / Mar. 2012.

  • [39] P. Mohassel S. Niksefat S. S. Sadeghian and B. Sadeghiyan. An efficient protocol for oblivious DFA evaluation and applications. In O. Dunkelman editor CTRSA 2012 volume 7178 of LNCS pages 398–415. Springer Feb. / Mar. 2012.

  • [40] J. B. Nielsen P. S. Nordholt C. Orlandi and S. S. Burra. A new approach to practical active-secure two-party computation. In R. Safavi-Naini and R. Canetti editors CRYPTO 2012 volume 7417 of LNCS pages 681–700. Springer Aug. 2012.

  • [41] R. Ostrovsky. Software protection and simulation on oblivious RAMs. PhD thesis MIT 1992.

  • [42] E. Shen E. Shi and B. Waters. Predicate privacy in encryption systems. In O. Reingold editor TCC 2009 volume 5444 of LNCS pages 457–473. Springer Mar. 2009.

  • [43] E. Stefanov E. Shi and D. X. Song. Towards practical oblivious RAM. In NDSS 2012. The Internet Society Feb. 2012.

  • [44] E. Stefanov M. van Dijk A. Juels and A. Oprea. Iris: A scalable cloud file system with efficient integrity checks. In ACSAC ’12 2012.

  • [45] E. Stefanov C. Papamanthou and E. Shi. Practical dynamic searchable encryption with small leakage. In NDSS 2014. The Internet Society Feb. 2014.

  • [46] J. R. Troncoso-Pastoriza S. Katzenbeisser and M. Celik. Privacy preserving error resilient dna searching through oblivious automata. In P. Ning S. D. C. di Vimercati and P. F. Syverson editors ACM CCS 07 pages 519–528. ACM Press Oct. 2007.

  • [47] E. Ukkonen. On-line construction of suffix trees. Algorithmica 14(3):249–260 1995.

Journal information
Cited By
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 515 263 4
PDF Downloads 234 122 0