Access-Pattern Hiding Search over Encrypted Databases by Using Distributed Point Functions

Encrypted databases have been extensively studied with the increasing concern of data privacy in cloud services. For practical efficiency, most encrypted database systems are built under Dynamic Searchable Symmetric Encryption (DSSE) schemes to support fast query and update over encrypted data. However, DSSE schemes allow leakages in their security frameworks, especially access-pattern leakages (i.e., the search results corresponding to queried keywords), which lead to various attacks to infer sensitive information of queries and databases. Existing oblivious-access techniques, such as Oblivious RAM and differential privacy, suffer from excessive communication overhead and loss of query accuracy. In this paper, we propose a new DSSE scheme that enables access-pattern hiding keyword search and update operations. Servers can obliviously query and update databases within only a single communication round. Our building block is based on the Distributed Point Function (DPF), an advanced secret sharing technique that provides provable security guarantees against adversaries with arbitrary background knowledge. Moreover, we devise a novel update protocol that integrates DPF and Somewhat Homomorphic Encryption (SHE) such that servers can obliviously update their local data. We formally analyze the security and implement the prototype. The comprehensive experimental results demonstrate the security and efficiency of our scheme. © 1968-2012 IEEE.