Rong Cheng,Jingbo Yan,Chaowen Guan,Fangguo Zhang,Kui Ren

DOI: https://doi.org/10.1145/2714576.2714623

2015-01-01

Abstract:ABSTRACTSearchable symmetric encryption (SSE) allows a client to encrypt his data in such a manner that the data can be efficiently searched. SSE has practical application in cloud storage, where a client outsources his encrypted data to a cloud server while maintaining the searchable ability over his data. Most of the current SSE schemes assume that the cloud server is honest-but-curious. However, the cloud may actively cheat on the search process to keep its cost low. In this paper, we focus on the malicious cloud model and propose a new verifiable searchable symmetric encryption scheme. Our scheme is built on the secure indistinguishability obfuscation (iO) and can be considered as the first step to apply iO in the SSE field. Moreover, our scheme can be easily extended to multiple functionalities, such as conjunctive and boolean queries. Furthermore, it can be extended to realize a publicly verifiable SSE. Thorough analysis shows that our scheme is secure and achieves a better performance.

Lixue Sun,Chunxiang Xu,Yuan Zhang

DOI: https://doi.org/10.1016/j.jisa.2018.03.002

IF: 4.96

2018-01-01

Journal of Information Security and Applications

Abstract:Searchable symmetric encryption (SSE) allows one to outsource a collection of encrypted documents to a remote server, and later conduct keyword searches on these encrypted documents, while revealing minimal information to the server. Most existing SSE schemes are only proved adaptively secure against the untrusted server in the random oracle model. To enhance security, we consider the security in the standard model when designing an SSE scheme. We extend the OXT protocol of Cash et al. to support arbitrary boolean query in multi-client setting while achieving update of documents. Our scheme realizes access control on documents without requiring per-query interaction between the data owner and each client. In addition, we give a new effective T-set instantiation, which supports update of the index files. Besides, our scheme achieves provable security against adaptive adversarial server and malicious clients in the standard model. Finally, performance analysis shows the applicability of our scheme. (C) 2018 Elsevier Ltd. All rights reserved.

Jing Yao,Yifeng Zheng,Cong Wang,Xiaolin Gui

DOI: https://doi.org/10.1109/access.2018.2810297

IF: 3.9

2018-01-01

IEEE Access

Abstract:Searchable symmetric encryption (SSE) is a widely popular cryptographic technique that supports the search functionality over encrypted data on the cloud. Despite the usefulness, however, most of existing SSE schemes leak the search pattern, from which an adversary is able to tell whether two queries are for the same keyword. In recent years, it has been shown that the search pattern leakage can be exploited to launch attacks to compromise the confidentiality of the client's queried keywords. In this paper, we present a new SSE scheme which enables the client to search encrypted cloud data without disclosing the search pattern. Our scheme uniquely bridges together the advanced cryptographic techniques of chameleon hashing and indistinguishability obfuscation. In our scheme, the secure search tokens for plaintext keywords are generated in a randomized manner, so it is infeasible to tell whether the underlying plaintext keywords are the same given two secure search tokens. In this way, our scheme well avoids using deterministic secure search tokens, which is the root cause of the search pattern leakage. We provide rigorous security proofs to justify the security strengths of our scheme. In addition, we also conduct extensive experiments to demonstrate the performance. Although our scheme for the time being is not immediately applicable due to the current inefficiency of indistinguishability obfuscation, we are aware that research endeavors on making indistinguishability obfuscation practical is actively ongoing and the practical efficiency improvement of indistinguishability obfuscation will directly lead to the applicability of our scheme. Our paper is a new attempt that pushes forward the research on SSE with concealed search pattern.

Qingqing Gan,Joseph K. Liu,Xiaoming Wang,Xingliang Yuan,Shi-Feng Sun,Daxin Huang,Cong Zuo,Jianfeng Wang

DOI: https://doi.org/10.1007/s11704-021-0601-8

IF: 2.6688

2022-04-02

Frontiers of Computer Science

Abstract:Searchable symmetric encryption (SSE) has been introduced for secure outsourcing the encrypted database to cloud storage, while maintaining searchable features. Of various SSE schemes, most of them assume the server is honest but curious, while the server may be trustless in the real world. Considering a malicious server not honestly performing the queries, verifiable SSE (VSSE) schemes are constructed to ensure the verifiability of the search results. However, existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification. To address this challenge, we present an efficient VSSE scheme, built on OXT protocol (Cash et al., CRYPTO 2013), for conjunctive keyword queries with sublinear search overhead. The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator, by leveraging a well-established cryptographic primitive, Symmetric Hidden Vector Encryption (SHVE). Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations, thus greatly reducing the computational cost in the verification process. Besides, the proposed VSSE scheme can still provide a proof when the search result is empty. Finally, the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.

computer science, information systems, theory & methods, software engineering

Feng Li,Jianfeng Ma,Yinbin Miao,Ximeng Liu,Jianting Ning,Robert H. Deng

DOI: https://doi.org/10.1145/3617991

IF: 16.6

2024-01-01

ACM Computing Surveys

Abstract:Outsourcing data to the cloud has become prevalent, so Searchable Symmetric Encryption (SSE), one of the methods for protecting outsourced data, has arisen widespread interest. Moreover, many novel technologies and theories have emerged, especially for the attacks on SSE and privacy-preserving. But most surveys related to SSE concentrate on one aspect (e.g., single keyword search, fuzzy keyword search) or lack in-depth analysis. Therefore, we revisit the existing work and conduct a comprehensive analysis and summary. We provide an overview of state-of-the-art in SSE and focus on the privacy it can protect. Generally, (1) we study the work of the past few decades and classify SSE based on query expressiveness. Meanwhile, we summarize the existing schemes and analyze their performance on efficiency, storage space, index structures, and so on.; (2) we complement the gap in the privacy of SSE and introduce in detail the attacks and the related defenses; (3) we discuss the open issues and challenges in existing schemes and future research directions. We desire that our work will help novices to grasp and understand SSE comprehensively. We expect it can inspire the SSE community to discover more crucial leakages and design more efficient and secure constructions.

Haotian Wu,Rui Song,Kai Lei,Bin Xiao

DOI: https://doi.org/10.1109/icdcs54860.2022.00118

2022-01-01

Abstract:Verifiable Searchable Symmetric Encryption (SSE) enables reliable search over encrypted, privacy-preserving data on untrusted clouds. Most existing SSE designs only focus on keyword-file search. However, a more difficult but useful search, range search over encrypted numerical values remains unsolved. Moreover, the fairness of search in the mutual distrusted scenario without public verification, where data users may maliciously deny the results after the local result verification, is not well addressed yet. In this paper, we take the first step to study the public verification problem atop the blockchain for encrypted numerical search. We design a novel verifiable SSE scheme named Slicer based on a Succinct Order-Revealing Encryption (SORE) scheme to achieve range search on numerical data. Our search results are verifiable, updated and privacy-preserving by SSE and maintaining the forward security. We illustrate the security and practicality of our design through rigorous analysis and extensive evaluations respectively.

Qin Jiang,Yong Qi,Saiyu Qi,Wenjia Zhao,Youshui Lu

DOI: https://doi.org/10.1016/j.ins.2020.02.031

IF: 8.1

2020-01-01

Information Sciences

Abstract:Searchable encryption enables private keyword search over encrypted data held on an untrusted cloud. However, existing searchable encryption schemes promise search efficiency at the expense of additional privacy leakage or expensive storage overhead. Intel SGX is a promising tool to allow efficient and private keyword search. However, since the size of enclave created by SGX is limited, frequent sensitive-page swaps between the enclave and the untrusted memory cause severe performance degradation for large datasets. Moreover, SGX does not protect against access pattern leakages which are vulnerable to statistical inference attacks.To overcome the above problems, we present Pbsx, an efficient private boolean searchable encryption scheme using Intel SGX. Pbsx firstly analyzes and chooses the suitable index data structures (e.g. bitmap and bloom filter tree) for private boolean search in the context of Intel SGX. Pbsx then combines these index data structures with oblivious random access machine (ORAM) schemes to design oblivious index data structures (e.g. oblivious bitmap and oblivious bloom filter tree), such that it could provide storage efficiency without suffering from access pattern leakages. Since the direct composition of the index data structures and the ORAM schemes is extremely costly for search operations, we design auxiliary data structures (e.g. map table and id index tree) to mitigate the efficiency barrier. Based on these oblivious index data structures, we propose oblivious search algorithms which can achieve a worst-case sub-linear search time. We implement Pbsx and evaluate the performance of our constructions with various metrics. Comparing with previous schemes, the results indicate that Pbsx can achieve a 5~12x speed-up for the million-level dataset and a 13~51x speed-up for the small dataset. In addition, Pbsx also achieves less access pattern leakages.

Shunrong Jiang,Xiaoyan Zhu,Linke Guo,Jianqing Liu

DOI: https://doi.org/10.1109/tcc.2017.2684811

IF: 5.697

2017-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations while keeping privacy-preservation and achieving the verification requirements: authenticity, freshness, and completeness. The security analysis and performance evaluation show that the proposed scheme is privacy-preserving and practical.

Qin Jiang,Saiyu Qi,Xu Yang,Yong Qi,Jianfeng Wang,Youshui Lu,Bochao An,Ee-Chien Chang

DOI: https://doi.org/10.1109/TC.2023.3281857

IF: 3.183

2023-01-01

IEEE Transactions on Computers

Abstract:Paging and exit overheads have been proven to be the performance bottlenecks when adopting Searchable Symmetric Encryption (SSE) with trusted hardware such as Intel SGX for keyword search. This problem becomes more serious when incorporating ORAM and SGX to design oblivious SSE schemes such as POSUP [1] and Oblidb [2] which can defend against inference attacks. The main reason comes from high round communication complexity of ORAM and constrained trusted memory created by SGX. To overcome this performance bottleneck, we propose a set of novel SSE constructions with realistic security/performance trade-offs. Our core idea is to encode the keyword-identifier pairs into a bloom filter to reduce the number of ORAM operations during the search procedure. Specifically, Construction 1 loads the bloom filter into the enclave sequentially, which outperforms about <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$1.7\times$</tex-math></inline-formula> when the dataset is large compared with the performance of the baseline that directly combines ORAM and SGX. To further improve the performance of Construction 1, Construction 2 classifies keywords into groups and stores these groups in different bloom filters. By additionally leaking the keywords in search token belonging to which groups, Construction 2 outperforms Construction 1 by <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$16.5\sim 36.8\times$</tex-math></inline-formula> and provides an improvement of at least one order over state-of-the-art oblivious protocols.

Jianfeng Wang,Xiaofeng Chen,Shifeng Sun,Joseph K. Liu,Man Ho Au,Zhi-Hui Zhan

DOI: https://doi.org/10.1007/978-3-319-98989-1_5

2018-01-01

Abstract:Searchable Symmetric Encryption (SSE) enables a client to securely outsource large encrypted database to a server while supporting efficient keyword search. Most of the existing works are designed against the honest-but-curious server. That is, the server will be curious but execute the protocol in an honest manner. Recently, some researchers presented various verifiable SSE schemes that can resist to the malicious server, where the server may not honestly perform all the query operations. However, they either only considered single-keyword search or cannot handle very large database. To address this challenge, we propose a new verifiable conjunctive keyword search scheme by leveraging accumulator. Our proposed scheme can not only ensure verifiability of search result even if an empty set is returned but also support efficient conjunctive keyword search with sublinear overhead. Besides, the verification cost of our construction is independent of the size of search result. In addition, we introduce a sample check method for verifying the completeness of search result with a high probability, which can significantly reduce the computation cost on the client side. Security and efficiency evaluation demonstrate that the proposed scheme not only can achieve high security goals but also has a comparable performance.

Lei Xu,Huayi Duan,Anxin Zhou,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/tifs.2021.3128823

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) enables users to make confidential queries over always encrypted data while confining information disclosure to pre-defined leakage profiles. Despite the well-understood performance and potentially broad applications of SSE, recent leakage-abuse attacks (LAAs) are questioning its real-world security implications. They show that a passive adversary with certain prior information of a database can recover queries by exploiting the legitimately admitted leakage. While several countermeasures have been proposed, they are insufficient for either security, i.e., handling only specific leakage like query volume, or efficiency, i.e., incurring large storage and bandwidth overhead. We aim to fill this gap by advancing the understanding of LAAs from a fundamental algebraic perspective. Our investigation starts by revealing that the index matrices of a plaintext database and its encrypted image can be linked by linear transformation. The invariant characteristics preserved under the transformation encompass and surpass the information exploited by previous LAAs. They allow one to unambiguously link encrypted queries with corresponding keywords, even with only partial knowledge of the database. Accordingly, we devise a new powerful attack and conduct a series of experiments to show its effectiveness. In response, we propose a new security notion to thwart LAAs in general, inspired by the principle of local differential privacy (LDP). Under the notion, we further develop a practical countermeasure with tunable privacy and efficiency guarantee. Experiment results on representative real-world datasets show that our countermeasure can reduce the query recovery rate of LAAs, including our own.

computer science, theory & methods,engineering, electrical & electronic

Xi Zhang,Cheng Huang,Ye Su,Jing Qin,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001357

2022-01-01

Abstract:Searchable Symmetric Encryption (SSE) is a promising method for users to store data in remote clouds securely and search them using keywords over an encrypted index. In this paper, we explore a new function named "keyword diverting" and propose a variant of SSE named Divertible Searchable Symmetric Encryption (DivSSE). Specifically, the index in DivSSE is encoded into an inverted, compressed, and encrypted format, by using the super-increasing sequence, symmetric homomorphic encryption (SHE), and a secure hash function. According to the homomorphic properties of SHE, users can construct a unique keyword diverting token, which can be utilized to update the encrypted index by obliviously merging data identifiers corresponding to different keywords without searching in advance and thus achieve keyword diverting. Moreover, based on function secret sharing, DivSSE can protect users' search patterns and reduce communication costs with the assistance of two independent clouds. Detailed security proof demonstrates that DivSSE can achieve parallel privacy, forward privacy, and backward privacy. Extensive performance evaluation also shows that DivSSE is efficient in terms of computational and communication overheads.

Feng Liu,Kaiping Xue,Jinjiang Yang,Jing Zhang,Zixuan Huang,Jian Li,David S. L. Wei

DOI: https://doi.org/10.1109/tdsc.2023.3335304

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Searchable Symmetric Encryption (SSE) is a valuable cryptographic tool that allows a client to retrieve its outsourced data from an untrusted server via keyword search. Initially, SSE research primarily focused on the efficiency-security trade-off. However, in recent years, attention has shifted towards range queries instead of exact keyword searches, resulting in significant developments in the SSE field. Despite the advancements in SSE schemes supporting range queries, many are susceptible to leakage-abuse attacks due to volumetric profile leakage. Although several schemes exist to prevent volume leakage, these solutions prove inefficient when dealing with large-scale datasets. In this paper, we highlight the efficiency-security trade-off for range queries in SSE. Subsequently, we propose a volume-hiding range SSE scheme that ensures efficient operations on extensive datasets. Leveraging the order-weighted inverted index and bitmap structure, our scheme achieves high search efficiency while maintaining the confidentiality of the volumetric profile. To facilitate searching within large-scale datasets, we introduce a partitioning strategy that divides a broad range into disjoint partitions and stores the information in a local binary tree. Through an analysis of the leakage function, we demonstrate the security of our proposed scheme within the ideal/real model simulation paradigm. Our experimental results further validate the practicality of our scheme with real-life large-scale datasets.

Shengshan Hu,Chengjun Cai,Qian Wang,Cong Wang,Minghui Li,Zhibo Wang,Dengpan Ye

DOI: https://doi.org/10.48550/arXiv.1909.09472

2019-09-20

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) allows the data owner to outsource an encrypted database to a remote server in a private manner while maintaining the ability for selectively search. So far, most existing solutions focus on an honest-but-curious server, while security designs against a malicious server have not drawn enough attention. A few recent works have attempted to construct verifiable SSE that enables the data owner to verify the integrity of search results. Nevertheless, these verification mechanisms are highly dependent on specific SSE schemes, and fail to support complex queries. A general verification mechanism is desired that can be applied to all SSE schemes. In this work, instead of concentrating on a central server, we explore the potential of the smart contract, an emerging blockchain-based decentralized technology, and construct decentralized SSE schemes where the data owner can receive correct search results with assurance without worrying about potential wrongdoings of a malicious server. We study both public and private blockchain environments and propose two designs with a trade-off between security and efficiency. To better support practical applications, the multi-user setting of SSE is further investigated where the data owner allows authenticated users to search keywords in shared documents. We implement prototypes of our two designs and present experiments and evaluations to demonstrate the practicability of our decentralized SSE schemes.

Tianhao Wang,Yunlei Zhao

DOI: https://doi.org/10.1145/2897845.2897884

2016-01-01

Abstract:Cloud storage services such as Dropbox [1] and Google Drive [2] are becoming more and more popular. On the one hand, they provide users with mobility, scalability, and convenience. However, privacy issues arise when the storage becomes not fully controlled by users. Although modern encryption schemes are effective at protecting content of data, there are two drawbacks of the encryption-before-outsourcing approach: First, one kind of sensitive information, Access Pattern of the data is left unprotected. Moreover, encryption usually makes the data difficult to use. In this paper, we propose AIS (Access Indistinguishable Storage), the first client-side system that can partially conceal access pattern of the cloud storage in constant time. Besides data content, AIS can conceal information about the number of initial files, and length of each initial file. When it comes to the access phase after initiation, AIS can effectively conceal the behavior (read or write) and target file of the current access. Moreover, the existence and length of each file will remain confidential as long as there is no access after initiation. One application of AIS is SSE (Searchable Symmetric Encryption), which makes the encrypted data searchable. Based on AIS, we propose SBA (SSE Built on AIS). To the best of our knowledge, SBA is safer than any other SSE systems of the same complexity, and SBA is the first to conceal whether current keyword was queried before, the first to conceal whether current operation is an addition or deletion, and the first to support direct modification of files.

Shangqi Lai,Sikhar Patranabis,Amin Sakzad,Joseph K. Liu,Debdeep Mukhopadhyay,Ron Steinfeld,Shi-Feng Sun,Dongxi Liu,Cong Zuo

DOI: https://doi.org/10.1145/3243734.3243753

2018-01-01

Abstract:The recently proposed Oblivious Cross-Tags (OXT) protocol (CRYPTO 2013) has broken new ground in designing efficient searchable symmetric encryption (SSE) protocol with support for conjunctive keyword search in a single-writer single-reader framework. While the OXT protocol offers high performance by adopting a number of specialised data-structures, it also trades-off security by leaking 'partial' database information to the server. Recent attacks have exploited similar partial information leakage to breach database confidentiality. Consequently, it is an open problem to design SSE protocols that plug such leakages while retaining similar efficiency. In this paper, we propose a new SSE protocol, called Hidden Cross-Tags (HXT), that removes 'Keyword Pair Result Pattern' (KPRP) leakage for conjunctive keyword search. We avoid this leakage by adopting two additional cryptographic primitives - Hidden Vector Encryption (HVE) and probabilistic (Bloom filter) indexing into the HXT protocol. We propose a 'lightweight' HVE scheme that only uses efficient symmetric-key building blocks, and entirely avoids elliptic curve-based operations. At the same time, it affords selective simulation-security against an unbounded number of secret-key queries. Adopting this efficient HVE scheme, the overall practical storage and computational overheads of HXT over OXT are relatively small (no more than 10% for two keywords query, and 21% for six keywords query), while providing a higher level of security.

Zhongjun Zhang,Jianfeng Wang,Yunling Wang,Yaping Su,Xiaofeng Chen

DOI: https://doi.org/10.1007/978-3-030-29962-0_15

2019-01-01

Abstract:Searchable Symmetric Encryption (SSE) allows a server to perform search directly over encrypted data outsourced by user. Recently, the primitive of forward secure SSE has attracted significant attention due to its favorable property for dynamic data searching. That is, it can prevent the linkability from newly update data to previously searched keyword. However, the server is assumed to be honest-but-curious in the existing work. How to achieve verifiable forward secure SSE in malicious server model remains a challenging problem. In this paper, we propose an efficient verifiable forward secure SSE scheme, which can simultaneously achieve verifiability of search result and forward security property. In particular, we propose a new verifiable data structure based on the primitive of multiset hash functions, which enables efficient verifiable data update by incrementally hash operation. Compared with the state-of-the-art solution, our proposed scheme is superior in search and update efficiency while providing verifiability of search result. Finally, we present a formal security analysis and implement our scheme, which demonstrates that our proposed scheme is equipped with the desired security properties with practical efficiency.

Qingqing Gan,Cong Zuo,Jianfeng Wang,Shi-Feng Sun,Xiaoming Wang

DOI: https://doi.org/10.1007/978-3-030-36938-5_3

2019-01-01

Abstract:Searchable symmetric encryption (SSE) has been proposed that enables the clients to outsource their private encrypted data onto the cloud server and later the data can be searched with limited information leakage. However, existing surveys have not covered most recent advances on SSE technique. To fill the gap, we make a survey on state-of-the-art representative SSE schemes in cloud environment. We mainly focus on dynamic SSE schemes with forward and backward privacy, two vital security elements to maintain query privacy during data update operations. Specifically, we discuss about SSE protocols based on query expressiveness, including single keyword search, conjunctive keyword search, range search, disjunctive keyword search and verifiable search. Finally, through comparison on query expressiveness, security and efficiency, we demonstrate the strengths and weaknesses of the existing SSE protocols.

Chang Xu,Ruijuan Wang,Liehuang Zhu,Chuan Zhang,Rongxing Lu,Kashif Sharif

DOI: https://doi.org/10.48550/arXiv.2203.13662

2022-03-25

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency.

Jianhao Li,Jiabei Wang,Rui Zhang,Yansen Xin,Wenhan Xu

DOI: https://doi.org/10.1109/tifs.2024.3351433

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) schemes allow a client to store encrypted data with a storage provider and retrieve corresponding documents without revealing the content or search keywords to the provider. However, achieving efficient SSE schemes often comes at the cost of statistical information leakage, including search, access and size patterns. The known solutions from fully homomorphic encryption or oblivious RAM often admit poor performances due to significant computational and communication overheads. Additionally, the demand for rich search expressiveness, such as Boolean queries, further complicates the design. In this paper, we introduce NEMO, a novel SSE achieving a good balance between efficiency, security and query expressiveness. NEMO utilizes function secret sharing (FSS) and replicated secret sharing-based multi-party computation (MPC) protocol, but is highly optimized for large database. For functionality, NEMO supports arbitrary Boolean queries and enables dynamic updates in a multi-user setting. For security, NEMO achieves minimal leakage by eliminating all search, access, and size patterns, while only allowing the leakage of Boolean formulas in queries. Regarding efficiency, we propose a new FSS for multi-point functions, effectively batching multiple distributed point functions, and an infix-to-postfix conversion algorithm for Boolean formula to reduce the communication rounds in the MPC protocol. A proof-of-concept implementation of NEMO demonstrates its efficiency, with a search latency of approximately 622 ms for a conjunction query with 8 keywords, even with a dataset exceeding 1 million documents.

computer science, theory & methods,engineering, electrical & electronic