Deterministic Public-Key Encryption Under Continual Leakage

Deterministic public-key encryption, introduced by Bellare, Boldyreva, and O’Neill (CRYPTO 2007), is an important database encryption technique which allows quick, logarithmic-time, search over encrypted data items. The technique is most effective in scenarios where frequent search queries are performed over a huge database of highly sensitive, yet unpredictable, data items such as credit card or social security numbers. Such databases, however, are also the ideal target for hackers since even partial data leaks may reveal significantly damaging information to the attacker. Motivated by the goal of limiting the damage in such scenarios, we apply the ideas from leakage resilient cryptography to deterministic public-key encryption (D-PKE). We formulate appropriate security notions for D-PKE in the presence of leakage, and present constructions that achieve them in the standard model. We work in the continual leakage model, where the secret-key is updated at regular intervals and an attacker can learn arbitrary but bounded leakage during each time interval. We, however, do not consider leakage during the updates. Our main construction is based on the (standard) linear assumption in bilinear groups, tolerating up to 0.5− o(1) fraction of arbitrary leakage. The leakage rate can be improved to 1− o(1) by relying on the SXDH assumption. At a technical level, we propose and construct a “continual leakage resilient” version of the all-but-one lossy trapdoor functions, introduced by Peikert and Waters (STOC 2008). Our formulation and construction of leakage-resilient lossy-TDFs is of independent general interest for leakage-resilient cryptography. ∗The University of Texas at Austin. Email: [email protected] †University of Illinois at Urbana-Champaign, Email: [email protected]. Part of the work done while at UT Austin. ‡Microsoft, Redmond. Email: [email protected]. Part of the work done while at UT Austin. §The University of Texas at Austin. Email: [email protected]. Supported by NSF CNS-0952692, CNS1228599 and CNS-1414082. DARPA through the U.S. Office of Naval Research under Contract N00014-11-1-0382, Google Faculty Research award, the Alfred P. Sloan Fellowship, Microsoft Faculty Fellowship, and Packard Foundation Fellowship.