Order-Preserving Encryption Secure Beyond One-Wayness [chapter]

Isamu Teranishi, Moti Yung, Tal Malkin
2014 Lecture Notes in Computer Science  
Semantic-security of individual plaintext bits given the corresponding ciphertext is a fundamental notion in modern cryptography. We initiate the study of this basic problem for Order-Preserving Encryption (OPE), asking "what plaintext information can be semantically hidden by OPE encryptions?" OPE has gained much attention in recent years due to its usefulness for secure databases, and has received a thorough formal treamtment with innovative and useful security notions. However, all previous
more » ... otions are one-way based, and tell us nothing about partial-plaintext indistinguishability (semantic security). In this paper, we propose the first indistinguishability-based security notion for OPE, which can ensure secrecy of lower bits of a plaintext (under essentially a random ciphertext probing setting). We then justify the definition, from the theoretical plausibility and practicality aspects. Finally, we propose a new scheme satisfying this security notion (the first one to do so). In order to be clear, we note that the earlier security notions, while innovative and surprising, nevertheless tell us nothing about the above partial-plaintext indistinguishability because they are limited to being one-way-based. Order-Preserving Encryption (OPE): This is, perhaps, the most promising new primitives in the area of encrypted database processing [1, 17, 3, 7, 8, 28] . It is a symmetric encryption over the integers such that ciphertexts preserve the numerical orders of the corresponding plaintexts. That is, ∀m, m {m < m ⇒ Enc K (m) < Enc K (m )}. OPE was originally studied in an ad-hoc fashion in the database community by Agrawal, Kiernan, Ramakrishnan, Srikant and Xu [1], and seemed like a clever heuristics. However, its careful foundational study was initiated with surprising formal cryptographic models and proofs by
