Cryptology ePrint Archive: Report 2017/1120

A Ciphertext-Size Lower Bound for Order-Preserving Encryption with Limited Leakage

David Cash and Cong Zhang

Abstract: We consider a recent security definition of Chenette, Lewi, Weis, and Wu for order-revealing encryption (ORE) and order-preserving encryption (OPE) (FSE 2016). Their definition says that the comparison of two ciphertexts should only leak the index of the most significant bit on which the differ. While their work could achieve ORE with short ciphertexts that expand the plaintext by a factor approximate 1.58, it could only find OPE with longer ciphertxts that expanded the plaintext by a security-parameter factor. We give evidence that this gap between ORE and OPE is inherent, by proving that any OPE meeting the information-theoretic version of their security definition (for instance, in the random oracle model) must have ciphertext length close to that of their constructions. We extend our result to identify an abstract security property of any OPE that will result in the same lower bound.

Category / Keywords: secret-key cryptography / Symmetric Encryption, Searchable Encryption, Lower Bound

Date: received 19 Nov 2017

Contact author: congresearch at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20171124:064902 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]