Revision as of 15:13, 12 August 2023 edit OAbot (talk \| contribs) Bots 644,369 edits m Open access bot: doi added to citation with #oabot. ← Previous edit		Revision as of 07:16, 5 September 2023 edit undo Citation bot (talk \| contribs) Bots 5,870,361 edits Alter: title, template type. Add: chapter. Removed proxy/dead URL that duplicated identifier. Removed parameters. Some additions/deletions were parameter name changes. \| Use this bot. Report bugs. \| Suggested by Headbomb \| Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox2 \| #UCB_webform_linked 168/207 Next edit →
Line 27: == History of Searchable Symmetric Encryption == The problem of searching on encrypted data was considered by [[Dawn Song\|Song]], [[David A. Wagner\|Wagner]] and [[Adrian Perrig\|Perrig]]<ref name=":0" /> though previous work on [[Oblivious RAM]] by [[Oded Goldreich\|Goldreich]] and [[Rafail Ostrovsky\|Ostrovsky]]<ref>{{Cite journal\|last1=Goldreich\|first1=Oded\|last2=Ostrovsky\|first2=Rafail\|date=May 1996\|title=Software protection and simulation on oblivious RAMs\|url=http://dx.doi.org/10.1145/233551.233553\|journal=Journal of the ACM\|volume=43\|issue=3\|pages=431–473\|doi=10.1145/233551.233553\|hdl=1721.1/103684 \|s2cid=7502114 \|issn=0004-5411\|hdl-access=free}}</ref> could be used in theory to address the problem. This work<ref name=":0" /> proposed an SSE scheme with a search algorithm that runs in time <math>O(s)</math>, where <math>s = \|\mathbf{D}\|</math>. Goh<ref name=":2">{{Cite web\|last=Goh\|first=Eu-Jin\|title=Secure Indexes\|year=2003 \|url=https://eprint.iacr.org/2003/216}}</ref> and Chang and [[Michael Mitzenmacher\|Mitzenmacher]]<ref name=":3">{{Cite ~~journal~~book\|last1=Chang\|first1=Yan-Cheng\|last2=Mitzenmacher\|first2=Michael\|title=Applied Cryptography and Network Security \|chapter=Privacy Preserving Keyword Searches on Remote Encrypted Data \|date=2005\|editor-last=Ioannidis\|editor-first=John\|editor2-last=Keromytis\|editor2-first=Angelos\|editor3-last=Yung\|editor3-first=Moti~~\|title=Privacy Preserving Keyword Searches on Remote Encrypted Data\|journal=Applied Cryptography and Network Security~~\|series=Lecture Notes in Computer Science\|volume=3531 \|language=en\|___location=Berlin, Heidelberg\|publisher=Springer\|pages=442–455\|doi=10.1007/11496137_30\|isbn=978-3-540-31542-1\|doi-access=free}}</ref> gave new SSE constructions with search algorithms that run in time <math>O(n)</math>, where <math>n</math> is the number of documents. Curtmola, Garay, [[Seny Kamara\|Kamara]] and [[Rafail Ostrovsky\|Ostrovsky]]<ref name=":1" /> later proposed two static constructions with <math>O(\mathrm{opt} )</math> search time, where <math>\mathrm{opt}</math> is the number of documents that contain <math>w</math>, which is optimal. This work also proposed a semi-dynamic construction with <math>O(\mathrm{opt}\cdot \log(u))</math> search time, where <math>u</math> is the number of updates. An optimal dynamic SSE construction was later proposed by [[Seny Kamara\|Kamara]], Papamanthou and Roeder.<ref>{{Cite book\|last1=Kamara\|first1=Seny\|last2=Papamanthou\|first2=Charalampos\|last3=Roeder\|first3=Tom\|title=Proceedings of the 2012 ACM conference on Computer and communications security \|chapter=Dynamic searchable symmetric encryption \|date=2012-10-16\|chapter-url=https://doi.org/10.1145/2382196.2382298\|series=CCS '12\|___location=New York, NY, USA\|publisher=Association for Computing Machinery\|pages=965–976\|doi=10.1145/2382196.2382298\|isbn=978-1-4503-1651-4\|s2cid=243046 }}</ref> Goh<ref name=":2" /> and Chang and [[Michael Mitzenmacher\|Mitzenmacher]]<ref name=":3" /> proposed security definitions for SSE. These were strengthened and extended by Curtmola, Garay, Kamara and Ostrovsky<ref name=":1" /> who proposed the notion of adaptive security for SSE. This work also was the first to observe leakage in SSE and to formally capture it as part of the security definition. Leakage was further formalized and generalized by Chase and [[Seny Kamara\|Kamara]].<ref>{{Cite book\|last1=Chase\|first1=Melissa\|last2=Kamara\|first2=Seny\|title=Advances in Cryptology - ASIACRYPT 2010 \|chapter=Structured Encryption and Controlled Disclosure \|date=2010\|editor-last=Abe\|editor-first=Masayuki\|series=Lecture Notes in Computer Science\|volume=6477 \|language=en\|___location=Berlin, Heidelberg\|publisher=Springer\|pages=577–594\|doi=10.1007/978-3-642-17373-8_33\|isbn=978-3-642-17373-8\|doi-access=free}}</ref> Islam, Kuzu and Kantarcioglu described the first leakage attack.<ref>{{Cite journal\|last1=Islam\|first1=Mohammad\|last2=Kuzu\|first2=Mehmet\|last3=Kantarcioglu\|first3=Murat\|title=Access Pattern disclosure on Searchable Encryption:Ramification, Attack and Mitigation\|url=https://www.ndss-symposium.org/wp-content/uploads/2017/09/06_1.pdf\|journal=Network and Distributed System Security (NDSS) Symposium}}</ref> Line 39: * the persistent model,<ref name=":1" /> where an adversary is given the encrypted data collection and a transcript of all the operations executed on the collection; * the snapshot model,<ref name=":4">{{Cite journal\|last1=Amjad\|first1=Ghous\|last2=Kamara\|first2=Seny\|last3=Moataz\|first3=Tarik\|date=2019-01-01\|title=Breach-Resistant Structured Encryption~~\|url=https://www.sciendo.com/article/10.2478/popets-2019-0014~~\|journal=Proceedings on Privacy Enhancing Technologies\|language=en\|volume=2019\|issue=1\|pages=245–265\|doi=10.2478/popets-2019-0014\|s2cid=4047057 \|doi-access=free}}</ref> where an adversary is only given the encrypted data collection (but possibly after each operation). === Security in the Persistent Model ===

Searchable symmetric encryption: Difference between revisions