Cryptology ePrint Archive: Report 2017/1158

Oblivious Dynamic Searchable Encryption via Distributed PIR and ORAM

Thang Hoang and Attila A. Yavuz and Betul F. Durak and Jorge Guajardo

Abstract: Dynamic Searchable Symmetric Encryption (DSSE) allows to delegate search/update operations over encrypted data via an encrypted index. However, DSSE is known to be vulnerable against statistical inference attacks, which exploits information leakages from access patterns on encrypted index and files. Although generic Oblivious Random Access Machine (ORAM) can hide access patterns, it has been shown to be extremely costly to be directly used in DSSE setting.

We developed a series of Oblivious Distributed DSSE schemes that we refer to as \ODSE, which achieve oblivious access on the encrypted index with a high security and improved efficiency over the use of generic ORAM. Specifically, \ODSE schemes are 3-57 $\times$ faster than applying the state-of-the-art generic ORAMs on encrypted dictionary index in real network settings. One of the proposed \ODSE schemes offers desirable security guarantees such as information-theoretic security with robustness against malicious servers. These properties are achieved by exploiting some of the unique characteristics of searchable encryption and encrypted index, which permits us to harness the computation and communication efficiency of multi-server PIR and Write-Only ORAM simultaneously. We fully implemented \ODSE and conducted extensive experiments to assess the performance of our proposed schemes in a real cloud environment.

Category / Keywords: cryptographic protocols / Privacy Enhancing Technologies, Searchable Encryption, Oblivious Random Access Machine (ORAM), Private Information Retrieval

Date: received 28 Nov 2017, last revised 25 Dec 2017

Contact author: hoangmin at oregonstate edu

Available format(s): PDF | BibTeX Citation

Note: The full implementation of this paper can be found at

Version: 20171226:014819 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]