Searchable Encryption
In this information age, we deal with a vast amount of data every day, for personal or business use. Cloud technologies appear promising in streamlining information processing --- Users do not need to store all their data and install all related software in their local machine, or take care of issues like backup and versioning. A crucial feature of cloud computing is security. Traditional encryption provides confidentiality, but disallows useful operations like indexing.

Searchable encryption (SE) aims to provide confidentiality and searchability simultaneously. The data owner can delegate a token for a specific query, which allows the server to perform the query over encrypted data.

Motivated by the wide applicability, a flurry of new SE schemes appeared. However, many of them follow an ad-hoc design of translating particular queries to its encrypted version, and might not have undergone rigorous analysis according to the cryptographers' standard. Also, designing SE schemes which achieve multiple features simultaneously is a non-trivial task, due to the difficulty in striking a balance in security, functionality, and efficiency. This project aims to push the frontier of this vibrant field. Firstly, we propose a design framework of SE, which shed light on what are the essential designs for each feature. In particular, it provides a foundation for our goal of proposing the following new symmetric-key SE (SSE) schemes with interesting properties.

We aim to propose an SSE for similarity search. The novelty here is that unforeseen query can be supported, as long a similarity measure is defined. Then we address how to achieve (almost)-optimal efficiency (O(r/p + log(r))) for performing parallel search over dynamic data while the state-of-the-art is O(r/p log(n)), where p, r, n are the numbers of processors, query results, and records in the whole database respectively. Finally, SSE received more attention than public-key SE due to its high efficiency. We will investigate the possibility of a general framework of extending SSE to the public-key setting, such that everyone can create ciphertext for a recipient to decrypt or generate search token.

Two closely related primitives of SE are order-preserving encryption and deterministic encryption. Our final foci include investigating the security of SE schemes based on these primitives, and propose chosen-ciphertext-secure public-key deterministic encryption schemes under a broader class of assumptions.

Completion of this project will result in new SE schemes for practical scenarios and unlock the potential of cloud computing, and make a broad impact on cryptography, network, systems, and database communities.

List of Research Output (2015-)