International Association for Cryptologic Research

International Association
for Cryptologic Research


Hermes: I/O-Efficient Forward-Secure Searchable Symmetric Encryption

Brice Minaud , INRIA and ENS, Paris, France
Michael Reichle , ETH Z├╝rich, Switzerland
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2023
Abstract: Dynamic Symmetric Searchable Encryption (SSE) enables a user to outsource the storage of an encrypted database to an untrusted server, while retaining the ability to privately search and update the outsourced database. The performance bottleneck of SSE schemes typically comes from their I/O efficiency. Over the last decade, a line of work has substantially improved that bottleneck. However, all existing I/O-efficient SSE schemes have a common limitation: they are not forward-secure. Since the seminal work of Bost at CCS 2016, forward security has become a de facto standard in SSE. In the same article, Bost conjectures that forward security and I/O efficiency are incompatible. This explains the current status quo, where users are forced to make a difficult choice between security and efficiency. The central contribution of this paper it to show that, contrary to what the status quo suggests, forward security and I/O efficiency can be realized simultaneously. This result is enabled by two new key techniques. First, we make use of a controlled amount of client buffering, combined with a deterministic update schedule. Second, we introduce the notion of SSE supporting dummy updates. In combination, those two techniques offer a new path to realizing forward security, which is compatible with I/O efficiency. Our new SSE scheme, Hermes, achieves sublogarithmic I/O efficiency O(log log N/p), storage efficiency O(1), with standard leakage, as well as backward and forward security. Practical experiments confirm that Hermes achieves excellent performance.
  title={Hermes: I/O-Efficient Forward-Secure Searchable Symmetric Encryption},
  author={Brice Minaud and Michael Reichle},