SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara
How Should we Handle Leakage? • Approach #1: ORAM simulation • Store and simulate data structure with ORAM • General-purpose • Zero-leakage (if data is transformed appropriately) • polylog overhead per read/write on top of simulation • Approach #2: Custom oblivious structures 2
How Should we Handle Leakage? • Approach #3: Rebuild [K.14] • Rebuild encrypted structure after t queries • Set t using cryptanalysis • Open question: can you rebuild encrypted structures? • Approach #4: Leakage suppression • Suppression compilers • Suppression transforms 3
Q : can we reduce leakage? 4
Leakage Suppression via ORAM • Common answer is “use ORAM!” • usually without any details • or experiments • How exactly do we use ORAM to search? 5
ORAM Setup time ORAM.Setup Query time ORAM.Read(i) Read(i) ORAM.Write(i,v) Write(i,v) 6
Leakage Suppression via ORAM • ORAM supports read & write operations to an array • with polylog(n) cost • and leakage profile 𝚳 ORAM = ( ℒ S , ℒ Q ) = (dsize, ⟘ ) • ORAM is a “low-level” primitive • designed for read/write operations to an array • what if we want to query a more complex structure? • Need to use ORAM simulation 7
ORAM Simulation • Represent DS as an array and store in ORAM • Client simulates Query(DS,q) algorithm • replaces each Read(i) with ORAM.Read(i) • replaces each Write(i,v) with ORAM.Write(i,v) 8
ORAM Simulation Setup time ORAM.Setup DS Represent Query time Query(DS,q) Read(3) ORAM.Read(3) Write(1,v) ORAM.Write(1,v) Read(10) ORAM.Read(10) 9
ORAM Simulation • Costs O(T·polylog(|DS|)) • where T is runtime of Query(DS,q) • Leakage profile • 𝚳 = (dsize, (runtime, vol)) • vol : size of response (can be suppressed with padding) • Can we do better? 10
Q : can we do better than ORAM simulation? 11
Suppression Compiler STE STE Compiler 𝚳 = ( ℒ S , ℒ Q ) 𝚳 = ( ℒ S , ℒ Q ) = ( ★ , patt 2 ) = ( ★ , (patt 1 , patt 2 )) 12
Suppression Compiler for Query Equality STE STE Compiler 𝚳 = ( ℒ S , ℒ Q ) 𝚳 = ( ℒ S , ℒ Q ) = ( ★ , qeq) = ( ★ , ⟘ ) 13
Q : Can we build such a thing? 14
Suppression Compiler for Query Equality Cache-based STE STE Compiler 𝚳 = ( ℒ S , ℒ Q ) 𝚳 = ( ℒ S , ℒ Q ) = ( ★ , (qeq, patt)) = ( ★ , nrp) nrp is the non-repeating sub-pattern of patt 15
<latexit sha1_base64="RPjgyIct3h/2rqBbwTZzVSotFU=">ACgHicbVFNb9NAEF27hbYpHwGOvYxaikAIY3PhQ0Kq6IVjKxFaKY6i9WacrLof7u4YiCz/D478pt76Z1A3Tg405UkrvX0zb2Z3pqiU9JSm1G8sXnv/tb2Tm/3wcNHj/tPn73tnYCB8Iq684L7lFJgwOSpPC8csh1ofCsuDhexM9+oPSm80r3Ck+dTIUgpOQRr3fwM0uS+h4kQtfO5BQF7gVJpGhLK+7ZQFujTjqhZeQE74i4x1mqtGlnBZo5PogTuE2shwbSHP4bZVSy/WvZm6H5Kj2y7Ixmsuo7h+kSdoB7pJsRQ6O9vPXfxhjJ+P+VT6xotZoSCju/TBLKxo13JEUCteXnusuLjgUxwGarhGP2q6CbZwGJQJlNaFYwg69V9Hw7X3c12ETM1p5tdjC/F/sWFN5YdRI01VExqxbFTWCsjCYh0wkQ4FqXkgXDgZ3gpixh0XFJbWC0PI1r98lwzeJR+T7DQM4wtbYpvtsX32kmXsPTtiX9kJGzDB/kbPozdREm/Er+K3cbZMjaOV5xm7hfjTDes2vms=</latexit> <latexit sha1_base64="uyiZCzrLxl+0jsE3W4sWpZAXVk=">ACgHicbVFNb9NAEF27BdrwFeixl1ELCIRwbS58SJUiuPTYSoRWiqNovRknq+6H2R0DkeV/wYHfxa1/BrFxcmhTnrTS2zfzZnZnikpJT2l6FcVb23fu3tvZ7d1/8PDR4/6Tp1+9rZ3AobDKuouCe1TS4JAkKbyoHJdKDwvLj8v4+f0XlpzRdaVDjWfGZkKQWnIE36vwGa3JdQcaIWjnsQkBc4k6YRoaxvO2WJLs24qoUXkBP+JGOd5qRJXyr0Un0wB1CbWS4tpDncNOqpRebXktzdD+kxzZdUYzXfed9A/TJO0At0m2JoeDg/z1r6vB4nTS/5NPrag1GhKez/K0orGDXckhcK2l9ceKy4u+QxHgRqu0Y+boItPA/KFErwjEnXrd0XDt/UIXIVNzmvN2FL8X2xU/l+3EhT1YRGrBqVtQKysFwHTKVDQWoRCBdOhreCmHPHBYWl9cIQs0v3ybDt8mHJDsLw/jEVth+yAvWQZe8cG7ISdsiET7G/0LHoTJfFW/Co+irNVahytPXvsBuKP/wDzGr/x</latexit> <latexit sha1_base64="uyiZCzrLxl+0jsE3W4sWpZAXVk=">ACgHicbVFNb9NAEF27BdrwFeixl1ELCIRwbS58SJUiuPTYSoRWiqNovRknq+6H2R0DkeV/wYHfxa1/BrFxcmhTnrTS2zfzZnZnikpJT2l6FcVb23fu3tvZ7d1/8PDR4/6Tp1+9rZ3AobDKuouCe1TS4JAkKbyoHJdKDwvLj8v4+f0XlpzRdaVDjWfGZkKQWnIE36vwGa3JdQcaIWjnsQkBc4k6YRoaxvO2WJLs24qoUXkBP+JGOd5qRJXyr0Un0wB1CbWS4tpDncNOqpRebXktzdD+kxzZdUYzXfed9A/TJO0At0m2JoeDg/z1r6vB4nTS/5NPrag1GhKez/K0orGDXckhcK2l9ceKy4u+QxHgRqu0Y+boItPA/KFErwjEnXrd0XDt/UIXIVNzmvN2FL8X2xU/l+3EhT1YRGrBqVtQKysFwHTKVDQWoRCBdOhreCmHPHBYWl9cIQs0v3ybDt8mHJDsLw/jEVth+yAvWQZe8cG7ISdsiET7G/0LHoTJfFW/Co+irNVahytPXvsBuKP/wDzGr/x</latexit> <latexit sha1_base64="B+ZBEFD1rsp5mydZgBDIZdjAOcs=">ACgHicbVFLb9NAEF67PEp4pfTIZUQAwQHX5sJDQqrohWORCK0UR9F6M05W3YfZHRciy/+jv6u3/hnUjeMDTfmklb79Zr6Z3ZmiUtJTml5F8c6du/fu7z4YPHz0+MnT4d6zn97WTuBYWGXdacE9KmlwTJIUnlYOuS4UnhRnR+v4yTk6L635QasKp5ovjCyl4BSk2fACoMl9CRUnauHLALyAhfSNCKU9W2nrNGlGVe18Bpywj9krNcNbKEXzU6iR64Q6iNDNcW8hxuWrX0YtraYnut/TYJpvOaOZ939lwlCZpB7hNsp6MWI/j2fAyn1tRazQkFPd+kqUVTRvuSAqF7SCvPVZcnPEFTgI1XKOfNt0EW3gVlDmU1oVjCDr1X0fDtfcrXYRMzWnpt2Nr8X+xSU3lx2kjTVUTGrFpVNYKyMJ6HTCXDgWpVSBcOBneCmLJHRcUljYIQ8i2v3ybjN8n5Lsezo6/NpPY5c9Zy/YG5axD+yQfWPHbMwE+xu9jN5FSbwTv40P4myTGke9Z5/dQPz5GtpAvOI=</latexit> <latexit sha1_base64="i8p2FJOCQJSTi+CPAB+1LYAOq5E=">ACh3icbVHRbtMwFHUCg64DVuCRl6tOQ0iTqQaMB6QCrzscUiUTWqznFuWmuOHdk3QBXlW7Zv4o2/wWm3CbodydLRufcax+npZKOouhPED54uPXocWe7u/Pk6bPd3vMX352prMCxMrYs5Q7VFLjmCQpPCst8iJVeJpefGnrpz/QOmn0N1qWOC34XMtcCk5emvUuoU5cDiUnauBjFzySFOdS18JPdc1KaXHbNosbeA0J4S/SxhZc1TKH83NhdCbmX2QDshW2ECSwD3+4abf0ALtT+mwGawvgDq7WT/r7UWDaAW4S+JrsjfqJwdXjLGTWe93khlRFahJKO7cJI5KmtbckhQKm25SOSy5uOBznHiqeYFuWq+CbGDfKxnkxvqjCVbqv46aF84ti9R3FpwWbrPWivfVJhXlR9Na6rIi1GK9K8UkIH2VyCTFgWpSdcWJ+jALHglgvyf9eGEG8+S4ZDwcfBvFXH8ZntkaHvWJ9obF7D0bsWN2wsZMBFvBQXAYvA27YRS+C4/WrWFw7XnJ/kP46S8xy7+r</latexit> <latexit sha1_base64="3uvXwExZBiIh72RmQD/YX1ApuK0=">ACh3icbVFNT9tAEF0baCH9StjL6OgVpWQIhvRlh4qBXrhCFIDSHEU1utxsmK9a+2O20aW/wV3/lNv/BvWCa1o4EkrPb2ZN7P7Ni2VdBRFN0G4tr7x5OnmVufZ8xcvX3Vfvzl1prICh8IoY89T7lBJjUOSpPC8tMiLVOFZevm9rZ/9ROuk0T9oXuK4FMtcyk4eWnSvY6cTmUnKiBbx3wSFKcSl0LP9U1C6XFv7ZJ3MAHSAh/kza24KqWOVxcCKMz2c7sgXRAtsIGkgQe8e+u+g3N0P6SDpv+8gKos7/rJ93tqB8tA9JfEe2B71k5+pmMD+edP8kmRFVgZqE4s6N4qikc0tSaGw6SVw5KLSz7FkaeaF+jG9SLIBt57JYPcWH80wUK976h54dy8SH1nwWnmVmut+FhtVFG+P6lLitCLZaL8koBGWh/BTJpUZCae8KF9TkKEDNuSD/d20I8eqTH5Lhbv9rPz7xYRyJTbZO9ZjH1nMvrABO2LHbMhEsBHsBHvBp7ATRuHncH/ZGgZ3nrfsP4QHtzmvwTE=</latexit> <latexit sha1_base64="3uvXwExZBiIh72RmQD/YX1ApuK0=">ACh3icbVFNT9tAEF0baCH9StjL6OgVpWQIhvRlh4qBXrhCFIDSHEU1utxsmK9a+2O20aW/wV3/lNv/BvWCa1o4EkrPb2ZN7P7Ni2VdBRFN0G4tr7x5OnmVufZ8xcvX3Vfvzl1prICh8IoY89T7lBJjUOSpPC8tMiLVOFZevm9rZ/9ROuk0T9oXuK4FMtcyk4eWnSvY6cTmUnKiBbx3wSFKcSl0LP9U1C6XFv7ZJ3MAHSAh/kza24KqWOVxcCKMz2c7sgXRAtsIGkgQe8e+u+g3N0P6SDpv+8gKos7/rJ93tqB8tA9JfEe2B71k5+pmMD+edP8kmRFVgZqE4s6N4qikc0tSaGw6SVw5KLSz7FkaeaF+jG9SLIBt57JYPcWH80wUK976h54dy8SH1nwWnmVmut+FhtVFG+P6lLitCLZaL8koBGWh/BTJpUZCae8KF9TkKEDNuSD/d20I8eqTH5Lhbv9rPz7xYRyJTbZO9ZjH1nMvrABO2LHbMhEsBHsBHvBp7ATRuHncH/ZGgZ3nrfsP4QHtzmvwTE=</latexit> <latexit sha1_base64="Mr1Pcb3zvdwH+T3mZsNla8g3ts=">ACh3icbVFdb9MwFHXCvigwOnjk5WoVCAmpSipg4wFpwMseh7SySU3VOc5Na82xI/tmUEX5LftPe+Pf4LTdNLodydLRufcax+npZKOouhvED7Z2Nza3naefb8xe7L7t6rX85UVuBQGXsecodKqlxSJIUnpcWeZEqPEsvf7T1syu0Thp9SvMSxwWfaplLwclLk+41InLoeREDXztgEeS4lTqWviprlkoLe7aJnED7yAh/EPa2IKrWuZwcSGMzmQ7cx+kA7IVNpAk8Ih/sO43NEP7Wzps+sLoM5u10+6vagfLQAPSbwiPbCyaR7k2RGVAVqEo7N4qjksY1tySFwqaTVA5Li75FEeal6gG9eLIBt465UMcmP90QL9b6j5oVz8yL1nQWnmVuvteJjtVF+eG4lrqsCLVYLsorBWSg/RXIpEVBau4JF9bnKEDMuOWC/N+1IcTrT35IhoP+l378M+odfV+lscPesH32nsXsgB2xY3bChkwEm8GH4GPwKeyEUfg5PFy2hsHK85r9h/DbPyDVviI=</latexit> Non-Repeating Sub-Patterns • Leakage patterns can be decomposed into sub-patterns: ( if “condition” is true patt 1 patt = otherwise . patt 2 • Non-repeating sub-patterns ≈ leakage on non-repeating queries ( if queries are unique nrp patt = otherwise . misc 16
Recommend
More recommend
