Optimal Re-encryption Strategy for Joins in Encrypted Databases

  title={Optimal Re-encryption Strategy for Joins in Encrypted Databases},
  author={Florian Kerschbaum and Martin H{\"a}rterich and Patrick Grofig and Mathias Kohler and Andreas Schaad and Axel Schr{\"o}pfer and Walter Tighzert},
In order to perform a join in a deterministically, adjustably encrypted database one has to re-encrypt at least one column. The problem is to select that column that will result in the minimum number of re-encryptions even under an unknown schedule of joins. Naive strategies may perform too many or even infinitely many re-encryptions. We provide two strategies that allow for a much better performance. In particular the asymptotic behavior is O(n) resp. O(n log n) re-encryptions for n columns… 
Equi-Joins Over Encrypted Data for Series of Queries
This paper presents a new encryption scheme that can efficiently perform equijoins over encrypted data with better security than the state-of-theart and evaluated it over a dataset from the TPC-H benchmark.
Joins Over Encrypted Data with Fine Granular Security
Instead of implementing a stand-alone join operator that reveals the frequency of each element in the column, this paper shows how to construct joins over encrypted data after selection operations have been applied and only leak the fine granular access pattern and frequency of elements selected for the join.
Secure Top-k Query Processing on Encrypted Databases
This paper proposes the first efficient and provable secure top-k query processing construction that achieves adaptively IND-CQA security and develops an encrypted data structure called \emph{EHL} and describes several secure sub-protocols under this security model to answer top- k queries.
Top-k Query Processing on Encrypted Databases with Strong Security Guarantees
This paper proposes the first efficient and provably secure top-k query processing construction that achieves adaptive CQA security and develops an encrypted data structure called EHL and describes several secure sub-protocols under this security model to answer top- k queries.
Frequency-Hiding Order-Preserving Encryption
This work presents a scheme that achieves a strictly stronger notion of security than any other scheme so far, and can be used to more securely outsource large data sets, since it can also show that the security increases with larger data sets.
An Encrypted In-Memory Column-Store: The Onion Selection Problem
The algorithm extended by CryptDB's approach by three new functions: configurable onions, local execution and searchable encryption is evaluated in a prototypical implementation in an in-memory column store database system.
Optimized and controlled provisioning of encrypted outsourced data
An algorithm and tool set is presented that determines an optimal balance between security and functionality as well as helps to identify and resolve possible conflicts and is tested on a database benchmark and business-driven security policies.
ENKI: Access Control for Encrypted Query Processing
ENKI is a system for securely executing queries over sensitive, access restricted data on an outsourced database that introduces an encryption based access control model and techniques for query execution over encrypted, accessrestricted data on the database with only a few cases requiring computations on the client.
Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data
The three made observations on query execution, execution time measurements and domain-specific query analysis will lead to the conclusion that although searching over outsourced encrypted data is always a trade off between functionality, performance and security, it is realistic to assume that working solutions can be provided in the not too distant future to the market.
Practices of backuping homomorphically encrypted databases
CryptZip is presented, a backup and recovery system that could highly reduce the backup storage cost of encrypted databases and leverage the metadata information of encryption schemes and selectively backup one or several columns among semantically redundant columns.


Deterministic and Efficiently Searchable Encryption
This work obtains as a consequence database encryption methods that permit fast database search while provably providing privacy that is as strong as possible subject to this fast search constraint.
Order-Preserving Symmetric Encryption
We initiate the cryptographic study of order-preserving symmetric encryption (OPE), a primitive suggested in the database community by Agrawal et al. (SIGMOD '04) for allowing efficient range queries
Cryptographic Treatment of CryptDB's Adjustable Join
In this document, we provide a cryptographic treatment of the adjustable join protocol from CryptDB [5]. We also discuss how our scheme could be used outside of CryptDB because it provides a simple
CryptDB: protecting confidentiality with encrypted query processing
The evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL.
Executing SQL over encrypted data in the database-service-provider model
The paper explores an algebraic framework to split the query to minimize the computation at the client site, and explores techniques to execute SQL queries over encrypted data.
Divertible Protocols and Atomic Proxy Cryptography
A definition of protocol divertibility is given that applies to arbitrary 2-party protocols and is compatible with Okamoto and Ohta's definition in the case of interactive zero-knowledge proofs and generalizes to cover several protocols not normally associated with divertibility.
Dictionary-based order-preserving string compression for main memory column stores
This paper proposes new data structures that efficiently support an order-preserving dictionary compression for (variablelength) string attributes with a large domain size that is likely to change over time and introduces a novel indexing approach that provides efficient access paths to such a dictionary while compressing the index data.
An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.)
An improved algorithm is derived which requires O =(\log^{2} p) complexity if p - 1 has only small prime factors and such values of p must be avoided in the cryptosystem.
An improved equivalence algorithm
An algorithm for assigning storage on the basis of EQUIVALENCE, DIMENSION and COMMON declarations is presented, and has reduced computation time by 40 percent over a previously published algorithm.
The Representation Theory of the Symmetric Groups