Unidirectional order-revealing encryption for flexible cross-database range queries

초록

Cloud service providers offer support for cross-database queries, wherein clients possess individual databases and grant eachother authorization to execute queries involving data from other databases. In this context, the flexibility of the underlyingauthorization mechanism holds equal importance to the preservation of data privacy and query integrity. This research paperrevisits the concept of delegable order-revealing encryption (DORE), which encompasses a range query algorithm facilitatingauthorized clients in retrieving data from specific ranges across multiple databases encrypted under distinct secret keys. Theprimary objective of this study is to examine the factors within the authorization mechanism of DORE that contribute tobidirectional authorization, which mandates that a client seeking authorization from others must also authorize them in return.However, this property raises two significant concerns. Firstly, to gain access to other clients' databases, each client mustdisclose their own database, thereby hindering flexible authorization. Secondly, bidirectional authorization necessitates there-encryption process to be performed twice in order to compare two ciphertexts encrypted under different keys, resultingin a doubling of the comparison cost. To address these concerns, we propose a new algorithm called UNIQUE, whichemploys unidirectional order-revealing encryption for range queries. UNIQUE introduces a novel unidirectional authorizationmechanism that requires only a single re-encryption operation for comparing two ciphertexts. Furthermore, it eliminates theneed for each client to authorize others to access their respective databases, thus enabling flexible authorization. Experimentalresults indicate that UNIQUE achieves a two-fold reduction in comparison time compared to DORE, attributed to the decreasedre-encryption cost. Moreover, UNIQUE successfully demonstrates its capability to facilitate flexible authorization.

키워드