Dynamic Searchable Symmetric Encryption
description
Transcript of Dynamic Searchable Symmetric Encryption
![Page 1: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/1.jpg)
Dynamic Searchable Symmetric Encryption
Tom RoedereXtreme Computing Group
Microsoft Research
Joint work with Seny Kamara
![Page 2: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/2.jpg)
Cloud backup◦ Users want to back up their data◦ The cloud provides storage
Privacy, integrity, and confidentiality◦ But servers learn much about users this way◦ Honest-but-curious server can read everything◦ Malicious server can make arbitrary changes
Naïve solution: store all data encrypted◦ User keeps key and decrypts locally◦ Problems: key management, search, cloud
computation
Encrypted Cloud Backup
![Page 3: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/3.jpg)
SSE solves the search problem◦ Encrypt an index◦ User keeps key and generates search tokens◦ Server can use tokens to search encrypted index
Practical implementations need update◦ Current impls do not have efficient update◦ Either no supported update operations◦ Or each word has size linear in all documents
We provide two schemes with efficient update1. Update (add or delete) per word/doc pair 2. Update (add or delete) per doc
Searchable Symmetric Encryption (SSE)
![Page 4: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/4.jpg)
Introduction Dynamic SSE Protocols Security Proofs Implementation
Overview
![Page 5: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/5.jpg)
User has collection of documents◦ is a document identifier◦ Each document has set of unique words ◦ Set of all unique words:
Goal: Produce an encrypted index with ops◦ Search(): returns encrypted doc ids◦ Add(): adds the doc id with word set◦ Delete(): deletes the doc id and all words◦ Expand(): expands the index
The Encrypted Search Problem
client server
![Page 6: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/6.jpg)
User has collection of documents◦ is a document identifier◦ Each document has set of unique words ◦ Set of all unique words:
Goal: Produce an encrypted index with ops◦ Search(): returns encrypted doc ids◦ Add(): adds the doc id with word set◦ Delete(): deletes the doc id and all words◦ Expand(): expands the index
The Encrypted Search Problem
client server
encfiles
encindex
tokens
![Page 7: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/7.jpg)
User has collection of documents◦ is a document identifier◦ Each document has set of unique words ◦ Set of all unique words:
Goal: Produce an encrypted index with ops◦ Search(): returns encrypted doc ids◦ Add(): adds the doc id with word set◦ Delete(): deletes the doc id and all words◦ Expand(): expands the index
The Encrypted Search Problem
client server
encfiles
encindex
tokens
response
![Page 8: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/8.jpg)
SSE scheme without update operations Main idea:
◦ Each word is mapped to a token (under PRF)◦ Tokens map to an initial position in encrypted array◦ Each position points to next element in list
The large encrypted, randomized array hides the document count for each word
In original form, only secure against non-adaptive adversaries
Assume honest-but-curious server
CGKO
![Page 9: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/9.jpg)
Modified CGKO
index
list entries
index list entry
![Page 10: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/10.jpg)
Given◦ w, , , . ◦ construct token
Modified CGKO: Search
index
list entries
![Page 11: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/11.jpg)
Given◦ w, , , . ◦ construct token
Modified CGKO: Search
index
list entries
𝑓 𝑘𝑐(𝑤 )
![Page 12: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/12.jpg)
Given◦ w, , , . ◦ construct token
Modified CGKO: Search
index
list entries
𝑓 𝑘𝑐(𝑤 )
𝑓 𝑘𝑏❑ (𝑤 )
⊕
![Page 13: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/13.jpg)
Given◦ w, , , . ◦ construct token
Modified CGKO: Search
index
list entries
𝑓 𝑘𝑐(𝑤 )
𝑓 𝑘𝑏❑ (𝑤 )
⊕𝐷𝑒𝑐𝑘𝑤
![Page 14: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/14.jpg)
Given◦ w, , , . ◦ construct token
Modified CGKO: Search
index
list entries
𝑓 𝑘𝑐(𝑤 )
𝑓 𝑘𝑏❑ (𝑤 )
⊕𝐷𝑒𝑐𝑘𝑤
𝐷𝑒𝑐𝑘𝑤
![Page 15: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/15.jpg)
Given◦ w, , , . ◦ construct token
Modified CGKO: Search
index
list entries
𝑓 𝑘𝑐(𝑤 )
𝑓 𝑘𝑏❑ (𝑤 )
⊕𝐷𝑒𝑐𝑘𝑤
𝐷𝑒𝑐𝑘𝑤𝐷𝑒𝑐𝑘𝑤
![Page 16: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/16.jpg)
To delete an entry (), need◦ Location of entry to delete ◦ Location of next () and prev () entries (if any)
Use XOR encryption for list pointers
List Patching
𝑝 𝑥 𝑛𝑟 ,⟨ 𝑢 ,𝑥 ⟩⊕ 𝑓 𝑘𝑤
(𝑟 ) 𝑟 ′ ,⟨ 𝑝 ,𝑛 ⟩⊕ 𝑓 𝑘𝑤 (𝑟 ′ ) 𝑟 ′ ′ ,⟨ 𝑥 ,𝑣⟩⊕ 𝑓 𝑘𝑤(𝑟 ′ ′ )
![Page 17: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/17.jpg)
𝑟 ′ ′ ,⟨ 𝑥 ,𝑣⟩⊕ 𝑓 𝑘𝑤(𝑟 ′ ′ )𝑟 ,⟨ 𝑢 ,𝑥 ⟩⊕ 𝑓 𝑘𝑤
(𝑟 )
To delete an entry (), need◦ Location of entry to delete ◦ Location of next () and prev () entries (if any)
Use XOR encryption for list pointers
List Patching
𝑝 𝑥 𝑛𝑟 ′ ,⟨ 𝑝 ,𝑛 ⟩⊕ 𝑓 𝑘𝑤 (𝑟 ′ )
⊕ ⟨0 , 𝑥⊕𝑛 ⟩ ⊕ ⟨𝑥⊕𝑝 ,0 ⟩
![Page 18: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/18.jpg)
𝑟 ,⟨ 𝑢 ,𝑛⟩⊕𝑓 𝑘𝑤(𝑟 )
To delete an entry (), need◦ Location of entry to delete ◦ Location of next () and prev () entries (if any)
Use XOR encryption for list pointers
List Patching
𝑝 𝑥 𝑛𝑟 ′ ,⟨ 𝑝 ,𝑛 ⟩⊕ 𝑓 𝑘𝑤 (𝑟 ′ ) 𝑟 ′ ′ ,⟨ 𝑝 ,𝑣 ⟩⊕ 𝑓 𝑘𝑤
(𝑟 ′ ′ )
![Page 19: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/19.jpg)
To patch the data structure◦ E.g., pulling a document out of a list◦ And need a structure to index directly into the
lists Add deletion index
◦ Index:
◦ list structure uses to point to next word for d◦ and point to del index entries for and ◦ 1-1 correspondence between list entries
Deletion index
![Page 20: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/20.jpg)
Doc-Based Index
index
list entries
![Page 21: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/21.jpg)
Doc-Based Index
index
list entries
del list entries
![Page 22: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/22.jpg)
Doc-Based Index
index
list entries
del list entries
𝑥
𝑝
𝑛
![Page 23: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/23.jpg)
Doc-Based Index
index
list entries
del list entries
𝑛𝑑
𝑥
𝑝
𝑛
![Page 24: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/24.jpg)
Doc-Based Index
index
list entries
del list entries
𝑛𝑑
𝑥
𝑝
𝑛
𝑑𝑛𝑥 𝑑𝑝𝑥
![Page 25: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/25.jpg)
Add and delete must track unused space◦ revealing unused would reveal word * doc◦ user must keep track of freelist count
Free List
main del
main index
![Page 26: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/26.jpg)
Add and delete must track unused space◦ revealing unused would reveal word * doc◦ user must keep track of freelist count
Free List
main del
main index
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 27: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/27.jpg)
Add and delete must track unused space◦ revealing unused would reveal word * doc◦ user must keep track of freelist count
Free List
main del
main index
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 28: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/28.jpg)
Add and delete must track unused space◦ revealing unused would reveal word * doc◦ user must keep track of freelist count
Free List
main del
main index
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 29: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/29.jpg)
Add and delete must track unused space◦ revealing unused would reveal word * doc◦ user must keep track of freelist count
Free List
main del
main index
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
⟨ 𝑙𝑖−1 ,𝑙 𝑑𝑖 ⟩⊕ 𝑓 𝑘𝑓(𝑖)
⟨ 𝑙𝑖 −2 , 𝑙𝑑𝑖−1 ⟩⊕ 𝑓 𝑘𝑓(𝑖−1)
![Page 30: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/30.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
![Page 31: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/31.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
![Page 32: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/32.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 33: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/33.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 34: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/34.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 35: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/35.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 36: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/36.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
𝑓 𝑘𝑐(𝑤1)
![Page 37: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/37.jpg)
Add a Document doc tokens, freelist tokens, word count
◦ per word: word tokens, freelist mask, templates
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
𝑓 𝑘𝑐(𝑤1)
patchpatch
![Page 38: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/38.jpg)
Delete a Document doc tokens, doc key, freelist tokens, count
◦ per word: freelist mask
main del
main index del
index
![Page 39: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/39.jpg)
Delete a Document doc tokens, doc key, freelist tokens, count
◦ per word: freelist mask
main del
main index del
index
𝑓 𝑘𝑐(𝑑 )
![Page 40: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/40.jpg)
Delete a Document doc tokens, doc key, freelist tokens, count
◦ per word: freelist mask
main del
main index del
index
𝑓 𝑘𝑐(𝑤1) 𝑓 𝑘𝑐
(𝑑 )
![Page 41: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/41.jpg)
Delete a Document doc tokens, doc key, freelist tokens, count
◦ per word: freelist mask
main del
main index del
index
𝑓 𝑘𝑐(𝑤1) 𝑓 𝑘𝑐
(𝑑 )
![Page 42: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/42.jpg)
Delete a Document doc tokens, doc key, freelist tokens, count
◦ per word: freelist mask
main del
main index del
index
𝑓 𝑘𝑐(𝑤1) 𝑓 𝑘𝑐
(𝑑 )
patchpatch
patchpatch
![Page 43: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/43.jpg)
Delete a Document doc tokens, doc key, freelist tokens, count
◦ per word: freelist mask
main del
main index del
index
𝑓 𝑘𝑐(𝑤1) 𝑓 𝑘𝑐
(𝑑 )
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 44: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/44.jpg)
Index size is fixed at generation time◦ So, add to free list for expansion
Index Extension
main del
main index
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 45: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/45.jpg)
Index size is fixed at generation time◦ So, add to free list for expansion
Index Extension
main del
main index
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 46: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/46.jpg)
Index size is fixed at generation time◦ So, add to free list for expansion
Index Extension
main del
main index
𝑓 𝑘𝑐( 𝑓𝑟𝑒𝑒𝑙𝑖𝑠𝑡 )
![Page 47: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/47.jpg)
A Small Example: Indexes
![Page 48: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/48.jpg)
A Small Example: Arrays
![Page 49: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/49.jpg)
Deletion index uses doc/word pairs:◦ No lists of words per doc
Algorithms similar◦ Search identical◦ Add puts new word on front of list◦ Delete patches to pull word out of list◦ Extension identical
Word-Based Deletion
![Page 50: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/50.jpg)
Word-Based Update◦ Update token linear in number of word changes◦ Hides number of unique words in document◦ Uses less space for index◦ But requires keeping track of diffs on disk
Doc-Based Update◦ Stateless for client (except freelist count)◦ But reveals the unique words in old and new docs
We currently use Doc-Based Update◦ Cost of keeping diffs outweighs value of hiding
Tradeoffs
![Page 51: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/51.jpg)
Introduction Dynamic SSE Protocols Security Proofs Implementation
Overview
![Page 52: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/52.jpg)
Adaptive Simulatability◦ Gen, Index, TrapS, Search, Retrieve, TrapA, Add,
TrapD, Delete, ExtendIndex is a dynamic SSE scheme
Security Proofs
𝐴
𝑆 SSE
RO
?
![Page 53: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/53.jpg)
Searchable Symmetric Encryption leaks info◦ Query pattern: unique terms and result counts◦ Access pattern: which documents are retrieved
Our algorithm leaks a little more◦ unique ID for words in added and deleted docs
Update pattern: add to existing, pos of delete◦ tail of the free list◦ amount of index expansion◦ when the index is full
Leakage
![Page 54: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/54.jpg)
Index Generation and Expansion: random Search: given number of results
◦ If seen search (+ any updates), then repeat◦ Otherwise, choose a random index entry◦ Provide random unused location for first element◦ Choose unused locations for other elements◦ Program random oracle to “decrypt” list ()
Proof Outline
𝑥𝑟 ,𝑟 ′ ,𝑟 ′ ′
![Page 55: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/55.jpg)
Index Generation and Expansion: random Search: given number of results
◦ If seen search (+ any updates), then repeat◦ Otherwise, choose a random index entry◦ Provide random unused location for first element◦ Choose unused locations for other elements◦ Program random oracle to “decrypt” list ()
Proof Outline
𝑥𝑓 𝑘𝑤(𝑟 )=⟨𝑝 ,𝑛⟩⊕𝑟 ′
𝑟 ,𝑟 ′ ,𝑟 ′ ′𝑟 ′⊕ 𝑓 𝑘𝑤
(𝑟 )=𝑟 ′⊕ ⟨𝑝 ,𝑛 ⟩⊕𝑟 ′=⟨ 𝑝 ,𝑛⟩
![Page 56: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/56.jpg)
Add: given unique IDs of added words◦ Find random locations and setup freelist tokens◦ Choose random index entry and get word tokens◦ Set masks to XOR to chosen pattern
Proof Outline: Add and Delete
Delete: given unique IDs of deleted words◦ Choose deletion locations (from prev or random)◦ Choose index entry to delete (from prev or random)◦ Program random oracle to decrypt chosen pattern ()
![Page 57: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/57.jpg)
Introduction Dynamic SSE Protocols Security Proofs Implementation
Overview
![Page 58: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/58.jpg)
Prototype doc-based scheme in C++ Intel Xeon x64 2.26 GHz with Win 2008 R2
◦ Zipf, Docs, Email datasets◦ 500k to 1.5M doc/word pairs
Results◦ Generation (doc/word pair): 40 µs (c)◦ Search (doc): 8 µs (s)◦ Add (word): 35 µs (c), 2 µs (s)◦ Delete (word): 3 µs (c), 24 µs (s)
Performance
![Page 59: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/59.jpg)
[CGKO06]◦ Efficient search ◦ Provides an adaptive scheme in plain model◦ Doesn’t provide any update properties
[SLDH09]◦ Efficient update via XOR encryption◦ Uses padded lists: linear in number of docs◦ Large storage cost: O(|w| |d|)
Related SSE Schemes
![Page 60: Dynamic Searchable Symmetric Encryption](https://reader035.fdocuments.net/reader035/viewer/2022062302/56816468550346895dd65527/html5/thumbnails/60.jpg)
Dynamic SSE algorithms Add and Delete use XOR encryption to
modify index Practical for real-world applications Can trade off leakage for server operations
Conclusions