On the Average Cost of Order-Preserving Encryption Based on Hypergeometric Distribution

Order-preserving encryption (OPE) is a deterministic encryption scheme whose encryption function preserves numerical ordering of the plaintexts. The first provably-secure OPE scheme was constructed by Boldyreva, Chenette, Lee, and O'Neill. The BCLO scheme is based on a sampling algorithm for the hypergeometric distribution and is known to call the sampling algorithm at most 5 log M + 12 times on average where M is the size of the plaintext-space. We show that the BCLO scheme actually calls the sampling algorithm less than log M + 3 times on average. (C) 2011 Elsevier B.V. All rights reserved.X1122sciescopu