2 research outputs found
Leakage-Abuse Attacks against Order-Revealing Encryption
Order-preserving encryption and its generalization
order-revealing encryption (OPE/ORE) are used in a variety
of settings in practice in order to allow sorting, performing
range queries, and filtering data — all while only having access
to ciphertexts. But OPE and ORE ciphertexts necessarily leak
information about plaintexts, and what level of security they
provide has been unclear.
In this work, we introduce new leakage-abuse attacks that show
how to recover plaintexts from OPE/ORE-encrypted databases.
Underlying our new attacks against practically-used schemes is a
framework in which we cast the adversary’s challenge as a non-
crossing bipartite matching problem. This allows easy tailoring
of attacks to a specific scheme’s leakage profile. In a case study
of customer records, we show attacks that recover 99% of first
names, 97% of last names, and 90% of birthdates held in a
database, despite all values being encrypted with the OPE scheme
most widely used in practice.
We also show the first attack against the recent frequency-
hiding Kerschbaum scheme, to which no prior attacks have
been demonstrated. Our attack recovers frequently occurring
plaintexts most of the time