Order Preserving Encryption for Numeric Data Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu IBM Almaden Research Center. Outline. Motivation and Introduction OPES encryption Modeling the distribution Experimental evaluation. Motivation.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
E is an order preserving encryption function,
and p1 and p2 are two plaintext values, and
c1 = E(p1)
c2 = E(p2)
if (p1 < p2) then (c1 < c2)
Users have a plaintext view of an encrypted database
We hereafter strictly focus on the OPES algorithms
Comparison operators are directly applied over encrypted columns
Queries
Plaintext queries are translated into equivalent queries over encrypted data
Select name from Emp where sal > 100000
Translation layer
Select decrypt (“xsxx”)
from “cwlxss”
where “xescs” > OPESencrypt(100000)
DBMS
Tables are encrypted using standard as well as order preserving encryption
Encrypted data
And metadata
Original
Target
Effect of OPES Encryption on Plaintext DistributionsInput: Gaussian, Target: Zipf
Input: Uniform, Target: Zipf
Sample of source values from the plaintext distribution
Sample of target values from the ciphertext distribution
OPES Key Generation
OPES Key
Number of values in a bucket may be disproportional to the size of the bucket
Uniform
x
x
x
x
x
Source
x
x
x
x
x
b
b+1
b1
Default
Source: Gaussian
Target: Zipf
Encode(p) = z(sp2+p)
p c [0,ph), s = q/(2r), z > 0
distribution has density function qp + r
p is the source (target) value
s is the quadratic coefficient
z is the scale factor
z ! z2 + 4zsf
Decode (f) =
2zs
fc [0, fh), s = q/(2r), z > 0
f is the flattened value
s is the quadratic coefficient
z is the scale factor
Ciphertext is the index value
Compute distinct attribute values in ascending order
x
x
x
x
x
x
x
x
x
x
…
v =
b1
b2
i1
j1
i2
j2
j2 – i2
j1 – i1

vj2 – vi2
vj1 – vi1
q
q =
s =
vb1 – vb2
j1 – i1
2
vj1 – vi1
for all p c [0,w) : M(p+1) – M(p) o 2
Ensures that there is a distinct mapped value for each input value
wf = Kn
The width of a bucket in the mapped space is a function of the number of elements n in the bucket
K is the minimum width needed across buckets
The scale factor will stretch short buckets to the width of the largest bucket, further increasing the dimension of a bucket by a factor of the number of elements in the bucket
Kn
z =
sw2 + w
K = max [x(swi2+w)], i = 1, …, m,
2, s o 0
2/(1 + s(2w – 1)), s < 0
x =