Paper 2012/192

Extending Order Preserving Encryption for Multi-User Systems

Liangliang Xiao, I-Ling Yen, and Dung T. Huynh

Abstract

Several order preserving encryption (OPE) algorithms have been developed in the literature to support search on encrypted data. However, existing OPE schemes only consider a single encryption key, which is infeasible for a practical system with multiple users (implying that all users should have the single encryption key in order to encrypt or decrypt confidential data). In this paper, we develop the first protocols, DOPE and OE-DOPE, to support the use of OPE in multi-user systems. First, we introduce a group of key agents into the system and invent the DOPE protocol to enable “distributed encryption” to assure that the OPE encryption key is not known by any entity in the system. However, in DOPE, if a key agent is compromised, the share of the secret data that is sent to this key agent is compromised. To solve the problem, we developed a novel oblivious encryption (OE) protocol based on the oblivious transfer concept to deliver and encrypt the shares obliviously. Then, we integrate it with DOPE to obtain the OE-DOPE protocol. Security of OE-DOPE is further enhanced with additional techniques. Both DOPE and OE-DOPE can be used with any existing OPE algorithms while retaining all the advantages of OPE without requiring the users to share the single encryption key, making the OPE approach feasible in practical systems.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
Order preserving encryptioncloud computingmulti-user systemschosen plaintext attack
Contact author(s)
xll052000 @ utdallas edu
History
2012-04-13: received
Short URL
https://ia.cr/2012/192
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/192,
      author = {Liangliang Xiao and I-Ling Yen and Dung T.  Huynh},
      title = {Extending Order Preserving Encryption for Multi-User Systems},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/192},
      year = {2012},
      url = {https://eprint.iacr.org/2012/192}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.