Cryptology ePrint Archive: Report 2018/953

A Comparative Evaluation of Order-Revealing Encryption Schemes and Secure Range-Query Protocols

Dmytro Bogatov and George Kollios and Leo Reyzin

Abstract: Database query evaluation over encrypted data can allow database users to maintain the privacy of their data while outsourcing data processing. Order-Preserving Encryption (OPE) and Order-Revealing Encryption (ORE) were designed to enable efficient query execution, but provide only partial privacy. More private protocols, based on Searchable Symmetric Encryption (SSE), Oblivious RAM (ORAM) or custom encrypted data structures, have also been designed. In this paper, we develop a framework to provide the first comprehensive comparison among a number of range query protocols that ensure varying levels of privacy of user data. We evaluate five ORE-based and five generic range query protocols. We analyze and compare them both theoretically and experimentally and measure their performance over database indexing and query evaluation. We report not only execution time but also I/O performance, communication amount, and usage of cryptographic primitive operations. Our comparison reveals some interesting insights concerning the relative security and performance of these approaches in database settings.

Category / Keywords: implementation / Range query protocols, ORE, OPE, searchable encryption, databases

Date: received 5 Oct 2018, last revised 17 Feb 2019

Contact author: dmytro at bu edu

Available format(s): PDF | BibTeX Citation

Note: This is a revised version submitted to VLDB 2019.

Version: 20190218:015512 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]