Encrypted Search: Leakage Suppression Seny Kamara How Should we - - PowerPoint PPT Presentation
SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed
Encrypted Search: Leakage Suppression
Seny Kamara
SAC Summer School 2019
How Should we Handle Leakage?
How Should we Handle Leakage?
Leakage Suppression via ORAM
ORAM
6Setup time Query time
ORAM.Setup
Read(i)
ORAM.Read(i)
Write(i,v)
ORAM.Write(i,v)
Leakage Suppression via ORAM
ORAM Simulation
ORAM Simulation
9Setup time Query time
ORAM.Setup
Read(3)
ORAM.Read(3)
Write(1,v)
ORAM.Write(1,v)
DSRepresent
Query(DS,q)
Read(10)
ORAM.Read(10)
ORAM Simulation
Suppression Compiler
12Compiler STE
š³ = (āS, āQ) = (ā , (patt1, patt2))
STE
š³ = (āS, āQ) = (ā , patt2)
Suppression Compiler for Query Equality
13Compiler STE STE
š³ = (āS, āQ) = (ā , qeq) š³ = (āS, āQ) = (ā , ā)
Suppression Compiler for Query Equality
15Cache-based Compiler STE STE
š³ = (āS, āQ) = (ā , (qeq, patt)) š³ = (āS, āQ) = (ā , nrp) nrp is the non-repeating sub-pattern of patt
Non-Repeating Sub-Patterns
patt = ( patt1 if āconditionā is true patt2
patt = ( nrp if queries are unique misc
Suppression Compiler for Query Equality
17Cache-based Compiler STE STE
š³ = (āS, āQ) = (ā , (qeq, patt)) š³ = (āS, āQ) = (ā , nrp)
patt = ( nrp if queries are unique misc
Cache-based Compiler and Rebuilding
Our Suppression Pipeline
[K.-Moataz-Ohrimenko18]
19Cache-based Compiler Rebuild Compiler PBS
š³ = (āS, āQ,āA) = (ā , (qeq, patt), pattA)
RPBS
š³ = (āS, āQ,āA) = (ā , (qeq, patt), pattRb)
AZL
š³ = (āS, āQ) = (ā , srlen)
FZL
š³ = (āS, āQ) = (ā , ā)
patt = ( srlen if queries are unique misc
Square Root ORAM
[Goldreigh-Ostrovsky92]
21Setup time
Cache Main Memory + Dummies Cache Main Memory + Dummies ORAM.Setup if item in cache get dummy else get item
Query time
Zero-leakage Leaks qeq but query never repeated
Reinterpreting Square Root ORAM
[K.-Moataz-Ohrimenko18]
22Setup time
ORAM.Setup if item in cache get dummy else get item
Query time
Cache
EDXš³EDX = (āS, āQ) = (ā , ā) Main Memory + Dummies
ERAMš³ERAM = (āS, āQ) = (ā , qeq) Main Memory + Dummies
ERAMš³ERAM = (āS, āQ) = (ā , qeq) Cache
EDXš³EDX = (āS, āQ) = (ā , ā)
Reinterpreting Square Root ORAM
The Cache-Based Compiler
24Setup time
ORAM.Setup if item in cache get dummy else get item
Query time
Cache
EDXš³EDX = (āS, āQ) = (ā , ā) Main Memory + Dummies
EDSš³EDS = (āS, āQ) = (ā , qeq) Main Memory + Dummies
EDSš³EDS = (āS, āQ) = (ā , qeq) Cache
EDXš³EDX = (āS, āQ) = (ā , ā)
The Cache-Based Compiler
Ī»-extension
āS( ) ā¤ āS(DS) DS āQ( ,q) ā¤ āS(DS,q) DS
The Piggy Back Scheme (PBS)
[K.-Moataz-Ohrimenko18]
26MM ā1 ā2 ā3 ā1 ā2 ā3 DX ā1|1 ā2|1 ā3|1 ā1|2
The Piggy Back Scheme (PBS)
27State DX ā1 2 ā2 1 ā3 1 EDX ā1|1 ā2|1 ā3|1 ā1|2
The Piggy Back Scheme (PBS)
28EDX ā1|1 ā2|1 ā3|1 ā1|2 State DX ā1 2 ā2 1 ā3 1
The Piggy Back Scheme (PBS)
Latency Analysis of PBS
30Thm: If queries and responses are Zipf distributed then under the inverted
query hypothesis, latency is t + ĪµĀ·t with probability at least
1 ā exp ā ā 2t ā Īµ Ā· Ī± Āµ ā2ā
<latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">ACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW941ni+WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqtJ3OxR9DtoQW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwgvYp/5XIMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit> Our Suppression Pipeline
[K.-Moataz-Ohrimenko18]
31Cache-based Compiler Rebuild Compiler PBS
š³ = (āS, āQ,āA) = (ā , (qeq, patt), pattA)
RPBS
š³ = (āS, āQ,āA) = (ā , (qeq, patt), pattRb)
AZL
š³ = (āS, āQ) = (ā , srlen)
FZL
š³ = (āS, āQ) = (ā , ā)
patt = ( srlen if queries are unique misc
The Volume Pattern
Suppressing Volume with Naive Padding
34MM ā1 ā2 ā3 MM ā1 ā2 ā3 EMM.Setup EMM ā1 ā2 ā3
O( max
`āLMM #MM[`])
O(#LMM Ā· max
`āLMM #MM[`])
Can we do better?
Computationally-Secure Leakage
35Unbounded Adversary Bounded Adversary vs.
Pseudo-Random Transform (PRT)
36 Pseudo-Random Transform (PRT)
37MM ā1 ā2 ā3 MM ā1 ā2 ā3 Ī»+FK(ā1|4) = 1+ 0 = 1 Ī»+FK(ā2|2) = 1+ 2 = 3 Ī»+FK(ā3|3) = 1+ 1 = 1
EMM ā1 ā2 ā3 EMM.Setup
Pseudo-Random Transform (PRT)
Zipf-Distributed Multi-Maps
1 r Ā· H#LMM,1 Ā· X
`āLMM
#MM[`]
rth Response length Number of labels
0.05 0.1 0.15 0.2 200 400 600 800 1000 Frequency Keywords rank SU dataset M-MU dataset L-MU datasetEnron dataset
Pseudo-Random Transform (PRT)
40Thm: Let 1/2 < š± < 1. If MM is Zipf-distributed, then MMā has size at most
with probability at least . Furthermore, it incurs at most truncations with probability at least .
āµ Ā· #L Ā· max
`āL #MM[`]
<latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vLBhXoVHV/CK8ghePFeLWlAlgY=">ACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCub2xubZd2du9UlEhCGyTikWz5oChngjY05y2Ykh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKB9dICOkINOURVdoTpqIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit>1 ā exp ā ā #L Ā· (2Ī± ā 1)2/8 ā
<latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">ACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXlfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFWMtCJBUOAz0vSHF6nfvCdCUh7eqFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJblTNK2KNQGcJ3ZGTJCh0Sl+uF2O4CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSyY1jeKCVLuxoV+o4ET93ZGgQMpR4OvKdH056Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit>1 log(#L) Ā· #L
<latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">ACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRdH0nCaEwcRUj3UQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnihgLhzM4zl/FBw627EVJD389u8+McujgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZPHcniklQCGXOiKFZyosxMZiqQcR7uLC6U814h/uf1UhVeBmNk1SRGE8XhSmDisMiJRhQbBiY0QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXADkED2OActMANaAMHYPAEXsAbeDejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit>1 ā exp ā ā 2 Ā· #L Ā· log2(#L) ā
<latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">ACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGaKfNolW1UsBVYmekCDI0+a7M+A48kmgMENSdm0rVL0YCUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit> Pseudo-Random Transform (PRT)
Densest Subgraph Transform
[K.-Moataz19]
Densest Subgraph Transform
[K.-Moataz19]
MM ā1 v1 ā2 v3 ā3 v2 v2 v4 v4 Client state v1 v3 v4 ā1 B1 B3 B4 ā1 v3 ā2 B2 B3 B4 v2 v4 ā3 B1 B2 B3 ā2 ā3
B1 B2 B3 B4
Size of client state ā size of MM
Densest Subgraph Transform
[K.-Moataz19]
45Client state ā1 rand1 ā2 rand2 ā3 rand3
Client state ā1 B1 B3 B4 ā2 B2 B3 B4 ā3 B1 B2 B3
vs.
O(#L Ā· max
`āL #MM[`])
<latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="5ednwCn8nVnJcDhKfBDYlLR0jE=">ACKHicbVDLSsNAFJ34rPVdelmsAh1UxIR1F3RjQuLFawtJKFMpN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAb0wcOac7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGUk7aipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCoqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit>O(#L)
<latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyura+uVjerm1vZOzdzde5BJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bu236M1DAM85vJc+0nYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit>Some PRF seeds can lead to collisions so just pick again until no collisions
Densest Subgraph Transform
[K.-Moataz19]
46v1 v3 v4 ā1 v3 v2 v4 ā2 ā3
B1 B2 B3 B4
DX B1 v1 B2 v3 B3 v3 v2 B4 v4 v4 EDX B1 v1 B2 v3 B3 v3 v2 B4 v4 v4 EMM.Setup
Densest Subgraph Transform
[K.-Moataz19]
State DX ā1 rand1 ā2 rand2 ā3 rand3 B2 B3 B4 EDX B1 v1 B2 v3 B3 v3 v2 B4 v4 v4 v3 v3 v4 v4
Densest Subgraph Transform
[K.-Moataz19]
48Thm: The load of a bin is at most
with probability at least 1 - Īµ, where N n + ln(1/Īµ) 3 ā 1 + s 1 + 18N n Ā· ln(1/Īµ) ā
N = X
`āLMM#MM[`]
Densest Subgraph Transform
[K.-Moataz19]
MM ā1 v1 ā2 v3 ā3 v2 v2 v4 v4 ā1 ā2 ā3 v1 v3 v2 v4
Densest Subgraph Transform
[K.-Moataz19]
50Thm: The load of a bin is at most
with probability at least 1 - Īµ, where NDS is the size of concentrated part
NāNDS n + ln(1/Īµ) 3 ā 1 + s 1 + 18(NāNDS) n Ā· ln(1/Īµ) ā
Densest Subgraph Assumption
[Applebaum-Barak-Wigderson10]
51Erdƶs-RƩnyi graph
Erdƶs-RĆ©nyi graph withāØ planted dense subgraph
Densest Subgraph Assumption
[Applebaum-Barak-Wigderson10]
Conclusions
53 Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Encrypted Search: 2000-2019
Thanks toā¦
59Tarik Moataz Ghous Amjad Olya Ohrimenko Laura Blackstone Archita Agarwal Sam Zhao Marilyn George Hajar Alturki
The End
60