Efficient cryptanalysis of an encrypted database supporting data interoperability

Efficient cryptanalysis of an encrypted database supporting data interoperability

연구 분야: Databases

학회: The VLDB Journal

In an encrypted database, all data items stored at the server are encrypted and some operations can be performed directly over ciphertexts. Most existing encrypted database schemes cannot support data interoperability, that is, it cannot handle complex queries which require the output of one operator as the input to another. Wong et al. presented the encrypted database SDB (SIGMOD’14), and it is the only scheme that achieves data interoperability to the best of our knowledge. Recently, Cao et al. revisited the security of SDB (PVLDB’21) and proposed a ciphertext-only attack named “co-prime” attack. Their attack has a high success rate (84.9–99.9% on real-world benchmarks) and works on several common operations in SDB, including addition, sum, equi-join and group-by. However, the attack is time-consuming when the plaintext space (denoted as M) is large, since the time complexity is , or O(M) with the meet-in-the-middle strategy. Cao et al. ’s experiments showed that the attack takes minutes on a laptop when . And the expected time cost will be 15,261 years if , which is infeasible. In addition, the authors provided the countermeasures to prevent co-prime attack. Our main contribution in this paper is twofold. First, we propose an improved ciphertext-only attack based on lattice reduction against SDB with time complexity O(1). Our attack works on not only the previous four operations discussed by Cao et al., but also some aggregate operations, and its success rate is the same as that of co-prime attack. With the same parameters, our attack only takes s on a laptop, which is 37 faster than co-prime attack. Besides, our attack works for large M up to while the time cost remains almost unchanged. Thus, our attack is much more efficient and powerful. Next, we analyze the countermeasures proposed by Cao et al. and present an efficient attack with the orthogonal lattice reduction method, which denies the security of Cao et al.’s modified scheme. The time complexity is , and the attack takes several minutes on a laptop. Furthermore, we validate our attacks on two real-world public datasets and make some discussions.