Security-Efficiency Tradeoffs in Searchable Encryption


Besides their security, the efficiency of searchable encryption schemes is a major criteria when it comes to their adoption: in order to replace an unencrypted database by a more secure construction, it must scale to the systems which rely on it. Unfortunately, the relationship between the efficiency and the security of searchable encryption has not been widely studied, and the minimum cost of some crucial security properties is still unclear.

In this paper, we present new lower bounds on the trade-offs between the size of the client state, the efficiency and the security for searchable encryption schemes. These lower bounds target two kinds of schemes: schemes hiding the repetition of search queries, and forward-private dynamic schemes, for which updates are oblivious.

We also show that these lower bounds are tight, by either constructing schemes matching them, or by showing that even a small increase in the amount of leaked information allows for constructing schemes breaking the lower bounds.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [AKL+18] Asharov, G., Komargodski, I., Lin, W.K., Nayak, K., Peserico, E., and Shi, E. OptORAMa: Optimal oblivious ram. Cryptology ePrint Archive, Report 2018/892 (2018).

  • [ANSS16] Asharov, G., Naor, M., Segev, G., and Shahaf, I. Searchable symmetric encryption: optimal locality in linear space via two-dimensional balanced allocations. In: D. Wichs and Y. Mansour (eds.), 48th ACM STOC, pp. 1101–1114. ACM Press (Jun. 2016).

  • [ASS18] Asharov, G., Segev, G., and Shahaf, I. Tight tradeoffs in searchable symmetric encryption. In: H. Shacham and A. Boldyreva (eds.), CRYPTO 2018, Part I, LNCS, vol. 10991, pp. 407–436. Springer, Heidelberg (Aug. 2018).

  • [BBO07] Bellare, M., Boldyreva, A., and O’Neill, A. Deterministic and efficiently searchable encryption. In: A. Menezes (ed.), CRYPTO 2007, LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (Aug. 2007).

  • [BCLO09] Boldyreva, A., Chenette, N., Lee, Y., and O’Neill, A. Order-preserving symmetric encryption. In: A. Joux (ed.), EUROCRYPT 2009, LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (Apr. 2009).

  • [BDOP04] Boneh, D., Di Crescenzo, G., Ostrovsky, R., and Persiano, G. Public key encryption with keyword search. In: C. Cachin and J. Camenisch (eds.), EUROCRYPT 2004, LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (May 2004).

  • [BFP16] Bost, R., Fouque, P.A., and Pointcheval, D. Verifiable dynamic symmetric searchable encryption: Optimality and forward security. Cryptology ePrint Archive, Report 2016/062 (2016).

  • [BKOS07] Boneh, D., Kushilevitz, E., Ostrovsky, R., and Skeith III, W.E. Public key encryption that allows PIR queries. In: A. Menezes (ed.), CRYPTO 2007, LNCS, vol. 4622, pp. 50–67. Springer, Heidelberg (Aug. 2007).

  • [BMO17] Bost, R., Minaud, B., and Ohrimenko, O. Forward and backward private searchable encryption from constrained cryptographic primitives. In: B.M. Thuraisingham, D. Evans, T. Malkin, and D. Xu (eds.), ACM CCS 2017, pp. 1465–1482. ACM Press (Oct. / Nov. 2017).

  • [BN16] Boyle, E. and Naor, M. Is there an oblivious RAM lower bound? In: M. Sudan (ed.), ITCS 2016, pp. 357–368. ACM (Jan. 2016).

  • [Bos16] Bost, R. Σοφος: Forward secure searchable encryption. In: E.R. Weippl, S. Katzenbeisser, C. Kruegel, A.C. Myers, and S. Halevi (eds.), ACM CCS 2016, pp. 1143–1154. ACM Press (Oct. 2016).

  • [Bos18] Bost, R. Searchable Encryption – New Constructions of Encrypted Databases. Ph.D. thesis, Université de Rennes 1 (January 2018). URL

  • [BR06] Bellare, M. and Rogaway, P. The security of triple encryption and a framework for code-based game-playing proofs. In: S. Vaudenay (ed.), EUROCRYPT 2006, LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (May / Jun. 2006).

  • [CGKO06] Curtmola, R., Garay, J.A., Kamara, S., and Ostrovsky, R. Searchable symmetric encryption: improved definitions and efficient constructions. In: A. Juels, R.N. Wright, and S. De Capitani di Vimercati (eds.), ACM CCS 2006, pp. 79–88. ACM Press (Oct. / Nov. 2006).

  • [CGPR15] Cash, D., Grubbs, P., Perry, J., and Ristenpart, T. Leakage-abuse attacks against searchable encryption. In: I. Ray, N. Li, and C. Kruegel (eds.), ACM CCS 2015, pp. 668–679. ACM Press (Oct. 2015).

  • [CJJ+13] Cash, D., Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M.C., and Steiner, M. Highly-scalable searchable symmetric encryption with support for Boolean queries. In: R. Canetti and J.A. Garay (eds.), CRYPTO 2013, Part I, LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (Aug. 2013).

  • [CK10] Chase, M. and Kamara, S. Structured encryption and controlled disclosure. In: M. Abe (ed.), ASIACRYPT 2010, LNCS, vol. 6477, pp. 577–594. Springer, Heidelberg (Dec. 2010).

  • [CT14] Cash, D. and Tessaro, S. The locality of searchable symmetric encryption. In: P.Q. Nguyen and E. Oswald (eds.), EUROCRYPT 2014, LNCS, vol. 8441, pp. 351–368. Springer, Heidelberg (May 2014).

  • [DDF+16] Devadas, S., Dijk, M., Fletcher, C.W., Ren, L., Shi, E., and Wichs, D. Onion ORAM: A constant bandwidth blowup oblivious RAM. In: E. Kushilevitz and T. Malkin (eds.), TCC 2016-A, Part II, LNCS, vol. 9563, pp. 145–174. Springer, Heidelberg (Jan. 2016).

  • [DPP18] Demertzis, I., Papadopoulos, D., and Papamanthou, C. Searchable encryption with optimal locality: Achieving sublogarithmic read efficiency. In: H. Shacham and A. Boldyreva (eds.), CRYPTO 2018, Part I, LNCS, vol. 10991, pp. 371–406. Springer, Heidelberg (Aug. 2018).

  • [EKPE18] Etemad, M., Küpçü, A., Papamanthou, C., and Evans, D. Efficient dynamic searchable encryption with forward privacy. PoPETs, vol. 2018(1):(2018), pp. 5–20. URL

  • [Gen09] Gentry, C. A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009).

  • [GMP16] Garg, S., Mohassel, P., and Papamanthou, C. TWORAM: Efficient oblivious RAM in two rounds with applications to searchable encryption. In: M. Robshaw and J. Katz (eds.), CRYPTO 2016, Part III, LNCS, vol. 9816, pp. 563–592. Springer, Heidelberg (Aug. 2016).

  • [GO96] Goldreich, O. and Ostrovsky, R. Software protection and simulation on oblivious RAMs. Journal of the ACM, vol. 43(3):(1996), pp. 431–473.

  • [GSB+17] Grubbs, P., Sekniqi, K., Bindschaedler, V., Naveed, M., and Ristenpart, T. Leakage-abuse attacks against order-revealing encryption. In: 2017 IEEE Symposium on Security and Privacy, pp. 655–672. IEEE Computer Society Press (May 2017).

  • [JJK+13] Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M.C., and Steiner, M. Outsourced symmetric private information retrieval. In: A.R. Sadeghi, V.D. Gligor, and M. Yung (eds.), ACM CCS 2013, pp. 875–888. ACM Press (Nov. 2013).

  • [KKL+17] Kim, K.S., Kim, M., Lee, D., Park, J.H., and Kim, W.H. Forward secure dynamic searchable symmetric encryption with efficient updates. In: B.M. Thuraisingham, D. Evans, T. Malkin, and D. Xu (eds.), ACM CCS 2017, pp. 1449–1463. ACM Press (Oct. / Nov. 2017).

  • [KM17] Kamara, S. and Moataz, T. Boolean searchable symmetric encryption with worst-case sub-linear complexity. In: J. Coron and J.B. Nielsen (eds.), EUROCRYPT 2017, Part III, LNCS, vol. 10212, pp. 94–124. Springer, Heidelberg (Apr. / May 2017).

  • [KMO18] Kamara, S., Moataz, T., and Ohrimenko, O. Structured encryption and leakage suppression. In: H. Shacham and A. Boldyreva (eds.), CRYPTO 2018, Part I, LNCS, vol. 10991, pp. 339–370. Springer, Heidelberg (Aug. 2018).

  • [KO12] Kurosawa, K. and Ohtaki, Y. UC-secure searchable symmetric encryption. In: A.D. Keromytis (ed.), FC 2012, LNCS, vol. 7397, pp. 285–298. Springer, Heidelberg (Feb. / Mar. 2012).

  • [KO13] Kurosawa, K. and Ohtaki, Y. How to update documents verifiably in searchable symmetric encryption. In: M. Abdalla, C. Nita-Rotaru, and R. Dahab (eds.), CANS 13, LNCS, vol. 8257, pp. 309–328. Springer, Heidelberg (Nov. 2013).

  • [KP13] Kamara, S. and Papamanthou, C. Parallel and dynamic searchable symmetric encryption. In: A.R. Sadeghi (ed.), FC 2013, LNCS, vol. 7859, pp. 258–274. Springer, Heidelberg (Apr. 2013).

  • [KPR12] Kamara, S., Papamanthou, C., and Roeder, T. Dynamic searchable symmetric encryption. In: T. Yu, G. Danezis, and V.D. Gligor (eds.), ACM CCS 2012, pp. 965–976. ACM Press (Oct. 2012).

  • [LN18] Larsen, K.G. and Nielsen, J.B. Yes, there is an oblivious RAM lower bound! In: H. Shacham and A. Boldyreva (eds.), CRYPTO 2018, Part II, LNCS, vol. 10992, pp. 523–542. Springer, Heidelberg (Aug. 2018).

  • [LO13] Lu, S. and Ostrovsky, R. How to garble RAM programs. In: T. Johansson and P.Q. Nguyen (eds.), EUROCRYPT 2013, LNCS, vol. 7881, pp. 719–734. Springer, Heidelberg (May 2013).

  • [Nav15] Naveed, M. The fallacy of composition of oblivious RAM and searchable encryption. Cryptology ePrint Archive, Report 2015/668 (2015).

  • [NKW15] Naveed, M., Kamara, S., and Wright, C.V. Inference attacks on property-preserving encrypted databases. In: I. Ray, N. Li, and C. Kruegel (eds.), ACM CCS 2015, pp. 644–655. ACM Press (Oct. 2015).

  • [PKV+14] Pappas, V., Krell, F., Vo, B., Kolesnikov, V., Malkin, T., Choi, S.G., George, W., Keromytis, A.D., and Bellovin, S. Blind seer: A scalable private DBMS. In: 2014 IEEE Symposium on Security and Privacy, pp. 359–374. IEEE Computer Society Press (May 2014).

  • [PLZ13] Popa, R.A., Li, F.H., and Zeldovich, N. An ideal-security protocol for order-preserving encoding. In: 2013 IEEE Symposium on Security and Privacy, pp. 463–477. IEEE Computer Society Press (May 2013).

  • [PRZB11] Popa, R.A., Redfield, C., Zeldovich, N., and Balakrishnan, H. Cryptdb: protecting confidentiality with encrypted query processing. In: ACM SOSP 11, pp. 85–100. ACM (2011).

  • [PZ13] Popa, R.A. and Zeldovich, N. Multi-key searchable encryption. Cryptology ePrint Archive, Report 2013/508 (2013).

  • [SPS14] Stefanov, E., Papamanthou, C., and Shi, E. Practical dynamic searchable encryption with small leakage. In: NDSS 2014. The Internet Society (Feb. 2014).

  • [SWP00] Song, D.X., Wagner, D., and Perrig, A. Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, pp. 44–55. IEEE Computer Society Press (May 2000).

  • [WNL+14] Wang, X.S., Nayak, K., Liu, C., Chan, T.H.H., Shi, E., Stefanov, E., and Huang, Y. Oblivious data structures. In: G.J. Ahn, M. Yung, and N. Li (eds.), ACM CCS 2014, pp. 215–226. ACM Press (Nov. 2014).

  • [WW18] Weiss, M. and Wichs, D. Is there an oblivious RAM lower bound for online reads? Cryptology ePrint Archive, Report 2018/619 (2018).

  • [ZKP16] Zhang, Y., Katz, J., and Papamanthou, C. All your queries are belong to us: The power of file-injection attacks on searchable encryption. In: T. Holz and S. Savage (eds.), USENIX Security 2016, pp. 707–720. USENIX Association (Aug. 2016).

Journal + Issues