Visible to the public Secure Search on Encrypted Data via Multi-Ring Sketch

TitleSecure Search on Encrypted Data via Multi-Ring Sketch
Publication TypeConference Paper
Year of Publication2018
AuthorsAkavia, Adi, Feldman, Dan, Shaul, Hayim
Conference NameProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5693-0
Keywordsfirst positive sketch, fully homomorphic encryption, homomorphic encryption, human factors, low degree polynomials, Metrics, pubcrawl, Resiliency, Scalability, secure search, Sketching
AbstractWe consider the secure search problem of retrieving from an unsorted data cost=(x\_1,...,xm) an item (i,xi) matching a given lookup value l (for a generic matching criterion either hardcoded or given as part of the query), where both input and output are encrypted by a Fully Homomorphic Encryption (FHE). The secure search problem is central in applications of secure outsourcing to an untrusted party ("the cloud"). Prior secure search algorithms on FHE encrypted data are realized by polynomials of degree Ømega(m), evaluated in Ømega(log m) sequential homomorphic multiplication steps (ie., multiplicative depth) even using an unbounded number of parallel processors. This is too slow with current FHE implementations, especially as the size of the array grows. We present the first secure search algorithm that is realized by a polynomial of logarithmic degree, log3 m, evaluated in O(log log m) sequential homomorphic multiplication steps (ie., multiplicative depth) using m parallel processors. We implemented our algorithm in an open source library based on HElib and ran experiments on Amazon's EC2 cloud with up to 100 processors. Our experiments show that we can securely search in m= millions of entries in less than an hour on a standard EC2 64-cores machine. We achieve our result by: (1) Employing modern data summarization techniques known as sketching for returning as output (the encryption of) a short sketch C from which the matching item (i,xi) can be decoded in time polynomial in log m. (2) Designing for this purpose a novel sketch that returns the first strictly-positive entry in a (not necessarily sparse) array of non-negative integers; this sketch may be of independent interest. (3) Suggesting a multi-ring evaluation of FHE for degree reduction from linear to logarithmic.
Citation Keyakavia_secure_2018