International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Injection-Secure Structured and Searchable Symmetric Encryption

Authors:
Ghous Amjad , Google
Seny Kamara , MongoDB and Brown University
Tarik Moataz , MongoDB
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2023
Abstract: Recent work on dynamic structured and searchable symmetric encryption has focused on achieving the notion of forward-privacy. This is mainly motivated by the claim that forward privacy protects against adaptive file injection attacks (Zhang, Katz, Papamanthou, Usenix Security, 2016). In this work, we revisit the notion of forward-privacy in several respects. First, we observe that forward-privacy does not necessarily guarantee security against adaptive file injection attacks if a scheme reveals other leakage patterns like the query equality. We then propose a notion of security called correlation security which generalizes forward privacy. We then show how correlation security can be used to formally define security against different kinds of injection attacks. We then propose the first injection-secure multi-map encryption encryption scheme and use it as a building block to design the first injection-secure searchable symmetric encryption (SSE) scheme. Towards achieving this, we also propose a new fully-dynamic volume-hiding multi-map encryption scheme which may be of independent interest.
BibTeX
@inproceedings{asiacrypt-2023-33520,
  title={Injection-Secure Structured and Searchable Symmetric Encryption},
  publisher={Springer-Verlag},
  author={Ghous Amjad and Seny Kamara and Tarik Moataz},
  year=2023
}