Security analysis for order preserving encryption schemes

The development of third-party hosting, IT out-sourcing, service clouds, etc. raises important security concerns. It is safer to encrypt critical data that is hosted by a third party. However, a database must be able to process queries on the encrypted data. Many algorithms have been developed to support search query processing on encrypted data, including order preserving encryption (OPE) schemes. Security analysis plays an important role in the design of secure algorithms. It aids in understanding the level of security assured by an algorithm. Currently, security analysis of OPE schemes is limited. In [3], the authors defined an ideal OPE object and constructed an OPE scheme SE_m,n that is computationally indistinguishable from the ideal object. Thus the security of the proposed OPE scheme is identical to that of the ideal OPE object. However, the security of the ideal object has not been analyzed. In this paper, we study the security of OPE schemes by analyzing the number of bits z_h of the plaintext that remain secret from the adversary against a known plaintext attack with h known plaintexts. Based on the security analyses, we conclude that the ideal OPE object achieves one-wayness security, i.e., the probability for the adversary to fully recover the plaintext encrypted by the ideal OPE object against an h known plaintext attack is a negligible function of the secure parameter log m if h = o(m^ϵ), 0 <; ϵ <; 1, and n = m³. The results presented in the paper not only help improve our understanding of the security of OPE schemes and guide its parameter selections, but also provide a general method for analyzing their security.