Encrypted Search: Leakage Suppression Seny Kamara How Should we - - PowerPoint PPT Presentation
SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed
Encrypted Search: Leakage Suppression
Seny Kamara
SAC Summer School 2019
How Should we Handle Leakage?
How Should we Handle Leakage?
Leakage Suppression via ORAM
ORAM
6Setup time Query time
ORAM.Setup
Read(i)
ORAM.Read(i)
Write(i,v)
ORAM.Write(i,v)
Leakage Suppression via ORAM
ORAM Simulation
ORAM Simulation
9Setup time Query time
ORAM.Setup
Read(3)
ORAM.Read(3)
Write(1,v)
ORAM.Write(1,v)
DSRepresent
Query(DS,q)
Read(10)
ORAM.Read(10)
ORAM Simulation
Suppression Compiler
12Compiler STE
π³ = (βS, βQ) = (β , (patt1, patt2))
STE
π³ = (βS, βQ) = (β , patt2)
Suppression Compiler for Query Equality
13Compiler STE STE
π³ = (βS, βQ) = (β , qeq) π³ = (βS, βQ) = (β , β)
Suppression Compiler for Query Equality
15Cache-based Compiler STE STE
π³ = (βS, βQ) = (β , (qeq, patt)) π³ = (βS, βQ) = (β , nrp) nrp is the non-repeating sub-pattern of patt
Non-Repeating Sub-Patterns
patt = ( patt1 if βconditionβ is true patt2
patt = ( nrp if queries are unique misc
Suppression Compiler for Query Equality
17Cache-based Compiler STE STE
π³ = (βS, βQ) = (β , (qeq, patt)) π³ = (βS, βQ) = (β , nrp)
patt = ( nrp if queries are unique misc
Cache-based Compiler and Rebuilding
Our Suppression Pipeline
[K.-Moataz-Ohrimenko18]
19Cache-based Compiler Rebuild Compiler PBS
π³ = (βS, βQ,βA) = (β , (qeq, patt), pattA)
RPBS
π³ = (βS, βQ,βA) = (β , (qeq, patt), pattRb)
AZL
π³ = (βS, βQ) = (β , srlen)
FZL
π³ = (βS, βQ) = (β , β)
patt = ( srlen if queries are unique misc
Square Root ORAM
[Goldreigh-Ostrovsky92]
21Setup time
Cache Main Memory + Dummies Cache Main Memory + Dummies ORAM.Setup if item in cache get dummy else get item
Query time
Zero-leakage Leaks qeq but query never repeated
Reinterpreting Square Root ORAM
[K.-Moataz-Ohrimenko18]
22Setup time
ORAM.Setup if item in cache get dummy else get item
Query time
Cache
EDXπ³EDX = (βS, βQ) = (β , β) Main Memory + Dummies
ERAMπ³ERAM = (βS, βQ) = (β , qeq) Main Memory + Dummies
ERAMπ³ERAM = (βS, βQ) = (β , qeq) Cache
EDXπ³EDX = (βS, βQ) = (β , β)
Reinterpreting Square Root ORAM
The Cache-Based Compiler
24Setup time
ORAM.Setup if item in cache get dummy else get item
Query time
Cache
EDXπ³EDX = (βS, βQ) = (β , β) Main Memory + Dummies
EDSπ³EDS = (βS, βQ) = (β , qeq) Main Memory + Dummies
EDSπ³EDS = (βS, βQ) = (β , qeq) Cache
EDXπ³EDX = (βS, βQ) = (β , β)
The Cache-Based Compiler
Ξ»-extension
βS( ) β€ βS(DS) DS βQ( ,q) β€ βS(DS,q) DS
The Piggy Back Scheme (PBS)
[K.-Moataz-Ohrimenko18]
26MM β1 β2 β3 β1 β2 β3 DX β1|1 β2|1 β3|1 β1|2
The Piggy Back Scheme (PBS)
27State DX β1 2 β2 1 β3 1 EDX β1|1 β2|1 β3|1 β1|2
The Piggy Back Scheme (PBS)
28EDX β1|1 β2|1 β3|1 β1|2 State DX β1 2 β2 1 β3 1
The Piggy Back Scheme (PBS)
Latency Analysis of PBS
30Thm: If queries and responses are Zipf distributed then under the inverted
query hypothesis, latency is t + Ρ·t with probability at least
1 β exp β β 2t β Ξ΅ Β· Ξ± Β΅ β2β
<latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit> Our Suppression Pipeline
[K.-Moataz-Ohrimenko18]
31Cache-based Compiler Rebuild Compiler PBS
π³ = (βS, βQ,βA) = (β , (qeq, patt), pattA)
RPBS
π³ = (βS, βQ,βA) = (β , (qeq, patt), pattRb)
AZL
π³ = (βS, βQ) = (β , srlen)
FZL
π³ = (βS, βQ) = (β , β)
patt = ( srlen if queries are unique misc
The Volume Pattern
Suppressing Volume with Naive Padding
34MM β1 β2 β3 MM β1 β2 β3 EMM.Setup EMM β1 β2 β3
O( max
`βLMM #MM[`])
O(#LMM Β· max
`βLMM #MM[`])
Can we do better?
Computationally-Secure Leakage
35Unbounded Adversary Bounded Adversary vs.
Pseudo-Random Transform (PRT)
36 Pseudo-Random Transform (PRT)
37MM β1 β2 β3 MM β1 β2 β3 Ξ»+FK(β1|4) = 1+ 0 = 1 Ξ»+FK(β2|2) = 1+ 2 = 3 Ξ»+FK(β3|3) = 1+ 1 = 1
EMM β1 β2 β3 EMM.Setup
Pseudo-Random Transform (PRT)
Zipf-Distributed Multi-Maps
1 r Β· H#LMM,1 Β· X
`βLMM
#MM[`]
rth Response length Number of labels
0.05 0.1 0.15 0.2 200 400 600 800 1000 Frequency Keywords rank SU dataset M-MU dataset L-MU datasetEnron dataset
Pseudo-Random Transform (PRT)
40Thm: Let 1/2 < π± < 1. If MM is Zipf-distributed, then MMβ has size at most
with probability at least . Furthermore, it incurs at most truncations with probability at least .
β΅ Β· #L Β· max
`βL #MM[`]
<latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit>1 β exp β β #L Β· (2Ξ± β 1)2/8 β
<latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit>1 log(#L) Β· #L
<latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit>1 β exp β β 2 Β· #L Β· log2(#L) β
<latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit> Pseudo-Random Transform (PRT)
Densest Subgraph Transform
[K.-Moataz19]
Densest Subgraph Transform
[K.-Moataz19]
MM β1 v1 β2 v3 β3 v2 v2 v4 v4 Client state v1 v3 v4 β1 B1 B3 B4 β1 v3 β2 B2 B3 B4 v2 v4 β3 B1 B2 B3 β2 β3
B1 B2 B3 B4
Size of client state β size of MM
Densest Subgraph Transform
[K.-Moataz19]
45Client state β1 rand1 β2 rand2 β3 rand3
Client state β1 B1 B3 B4 β2 B2 B3 B4 β3 B1 B2 B3
vs.
O(#L Β· max
`βL #MM[`])
<latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit>O(#L)
<latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit>Some PRF seeds can lead to collisions so just pick again until no collisions
Densest Subgraph Transform
[K.-Moataz19]
46v1 v3 v4 β1 v3 v2 v4 β2 β3
B1 B2 B3 B4
DX B1 v1 B2 v3 B3 v3 v2 B4 v4 v4 EDX B1 v1 B2 v3 B3 v3 v2 B4 v4 v4 EMM.Setup
Densest Subgraph Transform
[K.-Moataz19]
State DX β1 rand1 β2 rand2 β3 rand3 B2 B3 B4 EDX B1 v1 B2 v3 B3 v3 v2 B4 v4 v4 v3 v3 v4 v4
Densest Subgraph Transform
[K.-Moataz19]
48Thm: The load of a bin is at most
with probability at least 1 - Ξ΅, where N n + ln(1/Ξ΅) 3 β 1 + s 1 + 18N n Β· ln(1/Ξ΅) β
N = X
`βLMM#MM[`]
Densest Subgraph Transform
[K.-Moataz19]
MM β1 v1 β2 v3 β3 v2 v2 v4 v4 β1 β2 β3 v1 v3 v2 v4
Densest Subgraph Transform
[K.-Moataz19]
50Thm: The load of a bin is at most
with probability at least 1 - Ξ΅, where NDS is the size of concentrated part
NβNDS n + ln(1/Ξ΅) 3 β 1 + s 1 + 18(NβNDS) n Β· ln(1/Ξ΅) β
Densest Subgraph Assumption
[Applebaum-Barak-Wigderson10]
51ErdΓΆs-RΓ©nyi graph
Erdâs-Rényi graph with⨠planted dense subgraph
Densest Subgraph Assumption
[Applebaum-Barak-Wigderson10]
Conclusions
53 Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Thanks toβ¦
59Tarik Moataz Ghous Amjad Olya Ohrimenko Laura Blackstone Archita Agarwal Sam Zhao Marilyn George Hajar Alturki
The End
60