1. Result Pattern Hiding Searchable Encryption for Conjunctive Queries 2018 CCS SearchableEncryption
    Shangqi Lai, Sikhar Patranabis, Amin Sakzad, Joseph K. Liu, Debdeep Mukhopadhyay, Ron Steinfeld, Shi-Feng Sun, Dongxi Liu and Cong Zuo
    [View PDF on eprint.iacr.org]
    [Show BibTex Citation]

    @inproceedings{Lai:2018:RPH:3243734.3243753,
    author = {Lai, Shangqi and Patranabis, Sikhar and Sakzad, Amin and Liu, Joseph K. and Mukhopadhyay, Debdeep and Steinfeld, Ron and Sun, Shi-Feng and Liu, Dongxi and Zuo, Cong},
    title = {Result Pattern Hiding Searchable Encryption for Conjunctive Queries},
    booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
    series = {CCS '18},
    year = {2018},
    isbn = {978-1-4503-5693-0},
    location = {Toronto, Canada},
    pages = {745--762},
    numpages = {18},
    url = {http://doi.acm.org/10.1145/3243734.3243753},
    doi = {10.1145/3243734.3243753},
    acmid = {3243753},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {hidden vector encryption, leakage profile, searchable encryption},
    }

The recently proposed Oblivious Cross-Tags (OXT) protocol (CRYPTO 2013) has broken new ground in designing efficient searchable symmetric encryption (SSE) protocol with support for conjunctive keyword search in a single-writer single-reader framework. While the OXT protocol offers high performance by adopting a number of specialised data-structures, it also trades-off security by leaking ‘partial’ database information to the server. Recent attacks have exploited similar partial information leakage to breach database confidentiality. Consequently, it is an open problem to design SSE protocols that plug such leakages while retaining similar efficiency. In this paper, we propose a new SSE protocol, called Hidden Cross-Tags (HXT), that removes ‘Keyword Pair Result Pattern’ (KPRP) leakage for conjunctive keyword search. We avoid this leakage by adopting two additional cryptographic primitives - Hidden Vector Encryption (HVE) and probabilistic (Bloom filter) indexing into the HXT protocol. We propose a ‘lightweight’ HVE scheme that only uses efficient symmetric-key building blocks, and entirely avoids elliptic curve-based operations. At the same time, it affords selective simulation-security against an unbounded number of secret-key queries. Adopting this efficient HVE scheme, the overall practical storage and computational overheads of HXT over OXT are relatively small (no more than 10% for two keywords query, and 21% for six keywords query), while providing a higher level of security.

  1.