Cryptology ePrint Archive: Report 2019/1055

Dynamic Searchable Symmetric Encryption with Forward and Stronger Backward Privacy

Cong Zuo and Shi-Feng Sun and Joseph K. Liu and Jun Shao and Josef Pieprzyk

Abstract: Dynamic Searchable Symmetric Encryption (DSSE) enables a client to perform updates and searches on encrypted data which makes it very useful in practice. To protect DSSE from the leakage of updates (leading to break query or data privacy), two new security notions, forward and backward privacy, have been proposed recently. Although extensive attention has been paid to forward privacy, this is not the case for backward privacy. Backward privacy, first formally introduced by Bost et al., is classified into three types from weak to strong, exactly Type-III to Type-I. To the best of our knowledge, however, no practical DSSE schemes without trusted hardware (e.g. SGX) have been proposed so far, in terms of the strong backward privacy and constant roundtrips between the client and the server. In this work, we present a new DSSE scheme by leveraging simple symmetric encryption with homomorphic addition and bitmap index. The new scheme can achieve both forward and backward privacy with one roundtrip. In particular, the backward privacy we achieve in our scheme (denoted by Type-I$^-$) is somewhat stronger than Type-I. Moreover, our scheme is very practical as it involves only lightweight cryptographic operations. To make it scalable for supporting billions of files, we further extend it to a multi-block setting. Finally, we give the corresponding security proofs and experimental evaluation which demonstrate both security and practicality of our schemes, respectively.

Category / Keywords: cryptographic protocols / Dynamic Searchable Symmetric Encryption, Forward Privacy, Backward Privacy

Original Publication (with minor differences): ESORICS 2019

Date: received 17 Sep 2019

Contact author: cong zuo1 at monash edu

Available format(s): PDF | BibTeX Citation

Version: 20190918:124029 (All versions of this report)

Short URL: ia.cr/2019/1055


[ Cryptology ePrint archive ]