encrypted search: leakage suppression - brown university · 2019. 10. 4. · how should we handle...
TRANSCRIPT
Encrypted Search: Leakage Suppression
Seny Kamara
SAC Summer School 2019
How Should we Handle Leakage?• Approach #1: ORAM simulation • Store and simulate data structure with ORAM • General-purpose • Zero-leakage (if data is transformed appropriately) • polylog overhead per read/write on top of simulation
• Approach #2: Custom oblivious structures
2
How Should we Handle Leakage?• Approach #3: Rebuild [K.14] • Rebuild encrypted structure after t queries • Set t using cryptanalysis • Open question: can you rebuild encrypted structures?
• Approach #4: Leakage suppression • Suppression compilers • Suppression transforms
3
Q: can we reduce leakage?
4
Leakage Suppression via ORAM• Common answer is “use ORAM!” • usually without any details • or experiments
• How exactly do we use ORAM to search?
5
ORAM
6
Setup time
Query time
ORAM.Setup
Read(i)ORAM.Read(i)
Write(i,v)ORAM.Write(i,v)
Leakage Suppression via ORAM• ORAM supports read & write operations to an array • with polylog(n) cost • and leakage profile 𝚲ORAM = (ℒS, ℒQ) = (dsize, ⟘)
• ORAM is a “low-level” primitive • designed for read/write operations to an array • what if we want to query a more complex structure?
• Need to use ORAM simulation
7
ORAM Simulation• Represent DS as an array and store in ORAM • Client simulates Query(DS,q) algorithm • replaces each Read(i) with ORAM.Read(i) • replaces each Write(i,v) with ORAM.Write(i,v)
8
ORAM Simulation
9
Setup time
Query time
ORAM.Setup
Read(3) ORAM.Read(3)
Write(1,v) ORAM.Write(1,v)
DS Represent
Query(DS,q)
Read(10) ORAM.Read(10)
ORAM Simulation• Costs O(T·polylog(|DS|)) • where T is runtime of Query(DS,q)
• Leakage profile • 𝚲 = (dsize, (runtime, vol)) • vol: size of response (can be suppressed with padding)
• Can we do better?
10
Q: can we do better than ORAM simulation?
11
Suppression Compiler
12
CompilerSTE
𝚲 = (ℒS, ℒQ)
= (★, (patt1, patt2))
STE
𝚲 = (ℒS, ℒQ)
= (★, patt2)
Suppression Compiler for Query Equality
13
CompilerSTE STE
𝚲 = (ℒS, ℒQ)
= (★, qeq)
𝚲 = (ℒS, ℒQ)
= (★, ⟘)
Q: Can we build such a thing?
14
Suppression Compiler for Query Equality
15
Cache-based Compiler
STE STE
𝚲 = (ℒS, ℒQ)
= (★, (qeq, patt))
𝚲 = (ℒS, ℒQ)
= (★, nrp)
nrp is the non-repeating sub-pattern of patt
Non-Repeating Sub-Patterns• Leakage patterns can be decomposed into sub-patterns:
• Non-repeating sub-patterns ≈ leakage on non-repeating queries
16
patt =
(patt1 if “condition” is true
patt2 otherwise.<latexit sha1_base64="i8p2FJOCQJSTi+CPAB+1LYAOq5E=">AAACh3icbVHRbtMwFHUCg64DVuCRl6tOQ0iTqqQaMB6QCrzscUiUTWqqznFuWmuOHdk3QBXlW7Zv4o2/wWm3CbodydLRuffcax+npZKOouhPED54uPXocWe7u/Pk6bPd3vMX352prMCxMMrYs5Q7VFLjmCQpPCst8iJVeJpefGnrpz/QOmn0N1qWOC34XMtcCk5emvUuoU5cDiUnauBjFzySFOdS18JPdc1KaXHbNosbeA0J4S/SxhZc1TKH83NhdCbbmX2QDshW2ECSwD3+4abf0ALtT+mwGawvgDq7WT/r7UWDaAW4S+JrsjfqJwdXjLGTWe93khlRFahJKO7cJI5KmtbckhQKm25SOSy5uOBznHiqeYFuWq+CbGDfKxnkxvqjCVbqv46aF84ti9R3FpwWbrPWivfVJhXlR9Na6rIi1GK9KK8UkIH2VyCTFgWppSdcWJ+jALHglgvyf9eGEG8++S4ZDwcfBvFXH8ZntkaHvWJ99obF7D0bsWN2wsZMBFvBQXAYvA27YRS+C4/WrWFw7XnJ/kP46S8xy7+r</latexit><latexit sha1_base64="3uvXwExZBiIh72RmQD/YX1ApuK0=">AAACh3icbVFNT9tAEF0baCH9SttjL6OgVpWQIhvRlh4qBXrhCFIDSHEU1utxsmK9a+2O20aW/wV3/lNv/BvWCa1o4EkrPb2ZN7P7Ni2VdBRFN0G4tr7x5OnmVufZ8xcvX3Vfvzl1prICh8IoY89T7lBJjUOSpPC8tMiLVOFZevm9rZ/9ROuk0T9oXuK44FMtcyk4eWnSvYY6cTmUnKiBbx3wSFKcSl0LP9U1C6XFv7ZJ3MAHSAh/kza24KqWOVxcCKMz2c7sgXRAtsIGkgQe8e+u+g3N0P6SDpv+8gKos7/rJ93tqB8tAA9JfEe2B71k5+pmMD+edP8kmRFVgZqE4s6N4qikcc0tSaGw6SSVw5KLSz7FkaeaF+jG9SLIBt57JYPcWH80wUK976h54dy8SH1nwWnmVmut+FhtVFG+P66lLitCLZaL8koBGWh/BTJpUZCae8KF9TkKEDNuuSD/d20I8eqTH5Lhbv9rPz7xYRyyJTbZO9ZjH1nMvrABO2LHbMhEsBHsBHvBp7ATRuHncH/ZGgZ3nrfsP4QHtzmvwTE=</latexit><latexit sha1_base64="3uvXwExZBiIh72RmQD/YX1ApuK0=">AAACh3icbVFNT9tAEF0baCH9SttjL6OgVpWQIhvRlh4qBXrhCFIDSHEU1utxsmK9a+2O20aW/wV3/lNv/BvWCa1o4EkrPb2ZN7P7Ni2VdBRFN0G4tr7x5OnmVufZ8xcvX3Vfvzl1prICh8IoY89T7lBJjUOSpPC8tMiLVOFZevm9rZ/9ROuk0T9oXuK44FMtcyk4eWnSvYY6cTmUnKiBbx3wSFKcSl0LP9U1C6XFv7ZJ3MAHSAh/kza24KqWOVxcCKMz2c7sgXRAtsIGkgQe8e+u+g3N0P6SDpv+8gKos7/rJ93tqB8tAA9JfEe2B71k5+pmMD+edP8kmRFVgZqE4s6N4qikcc0tSaGw6SSVw5KLSz7FkaeaF+jG9SLIBt57JYPcWH80wUK976h54dy8SH1nwWnmVmut+FhtVFG+P66lLitCLZaL8koBGWh/BTJpUZCae8KF9TkKEDNuuSD/d20I8eqTH5Lhbv9rPz7xYRyyJTbZO9ZjH1nMvrABO2LHbMhEsBHsBHvBp7ATRuHncH/ZGgZ3nrfsP4QHtzmvwTE=</latexit><latexit sha1_base64="Mr1Pcb3zvdwH+T3mZsNla8gg3ts=">AAACh3icbVFdb9MwFHXCvigwOnjk5WoVCAmpSipg4wFpwMseh7SySU3VOc5Na82xI/tmUEX5LftPe+Pf4LTdNLodydLRuffcax+npZKOouhvED7Z2Nza3nnaefb8xe7L7t6rX85UVuBQGGXsecodKqlxSJIUnpcWeZEqPEsvf7T1syu0Thp9SvMSxwWfaplLwclLk+411InLoeREDXztgEeS4lTqWviprlkoLe7aJnED7yAh/EPa2IKrWuZwcSGMzmQ7cx+kA7IVNpAk8Ih/sO43NEP7Wzps+ssLoM5u10+6vagfLQAPSbwiPbbCyaR7k2RGVAVqEoo7N4qjksY1tySFwqaTVA5LLi75FEeeal6gG9eLIBt465UMcmP90QQL9b6j5oVz8yL1nQWnmVuvteJjtVFF+eG4lrqsCLVYLsorBWSg/RXIpEVBau4JF9bnKEDMuOWC/N+1IcTrT35IhoP+l378M+odfV+lscPesH32nsXsgB2xY3bChkwEm8GH4GPwKeyEUfg5PFy2hsHK85r9h/DbPyDVviI=</latexit>
patt =
(nrp if queries are unique
misc otherwise.<latexit sha1_base64="RPjjgyIct3h/2rqBbwTZzVSotFU=">AAACgHicbVFNb9NAEF27hbYpHwGOvYxaikAIY3PhQ0Kq6IVjKxFaKY6i9WacrLof7u4YiCz/D478pt76Z1A3Tg405UkrvX0zb2Z3pqiU9JSm11G8sXnv/tb2Tm/3wcNHj/tPnn73tnYCB8Iq684L7lFJgwOSpPC8csh1ofCsuDhexM9+oPPSmm80r3Ck+dTIUgpOQRr3fwM0uS+h4kQtfO5BQF7gVJpGhLK+7ZQFujTjqhZeQE74i4x1mqtGlnBZo5PogTuE2shwbSHP4bZVSy/WvZZm6H5Kj22y7Ixmsuo77h+kSdoB7pJsRQ6O9vPXfxhjJ+P+VT6xotZoSCju/TBLKxo13JEUCtteXnusuLjgUxwGarhGP2q6CbZwGJQJlNaFYwg69V9Hw7X3c12ETM1p5tdjC/F/sWFN5YdRI01VExqxbFTWCsjCYh0wkQ4FqXkgXDgZ3gpixh0XFJbWC0PI1r98lwzeJR+T7DQM4wtbYpvtsX32kmXsPTtiX9kJGzDB/kbPozdREm/Er+K3cbZMjaOV5xm7hfjTDes2vms=</latexit><latexit sha1_base64="uyiZCzrLxl+0jsE3W4sWpZAAXVk=">AAACgHicbVFNb9NAEF27BdrwFeixl1ELCIRwbS58SJUiuPTYSoRWiqNovRknq+6H2R0DkeV/wYHfxa1/BrFxcmhTnrTS2zfzZnZnikpJT2l6FcVb23fu3tvZ7d1/8PDR4/6Tp1+9rZ3AobDKuouCe1TS4JAkKbyoHHJdKDwvLj8v4+ff0XlpzRdaVDjWfGZkKQWnIE36vwGa3JdQcaIWjnsQkBc4k6YRoaxvO2WJLs24qoUXkBP+JGOd5qqRJXyr0Un0wB1CbWS4tpDncNOqpRebXktzdD+kxzZZdUYzXfed9A/TJO0At0m2JoeDg/z1r6vB4nTS/5NPrag1GhKKez/K0orGDXckhcK2l9ceKy4u+QxHgRqu0Y+bboItPA/KFErrwjEEnXrd0XDt/UIXIVNzmvvN2FL8X2xUU/l+3EhT1YRGrBqVtQKysFwHTKVDQWoRCBdOhreCmHPHBYWl9cIQss0v3ybDt8mHJDsLw/jEVthh++yAvWQZe8cG7ISdsiET7G/0LHoTJfFW/Co+irNVahytPXvsBuKP/wDzGr/x</latexit><latexit sha1_base64="uyiZCzrLxl+0jsE3W4sWpZAAXVk=">AAACgHicbVFNb9NAEF27BdrwFeixl1ELCIRwbS58SJUiuPTYSoRWiqNovRknq+6H2R0DkeV/wYHfxa1/BrFxcmhTnrTS2zfzZnZnikpJT2l6FcVb23fu3tvZ7d1/8PDR4/6Tp1+9rZ3AobDKuouCe1TS4JAkKbyoHHJdKDwvLj8v4+ff0XlpzRdaVDjWfGZkKQWnIE36vwGa3JdQcaIWjnsQkBc4k6YRoaxvO2WJLs24qoUXkBP+JGOd5qqRJXyr0Un0wB1CbWS4tpDncNOqpRebXktzdD+kxzZZdUYzXfed9A/TJO0At0m2JoeDg/z1r6vB4nTS/5NPrag1GhKKez/K0orGDXckhcK2l9ceKy4u+QxHgRqu0Y+bboItPA/KFErrwjEEnXrd0XDt/UIXIVNzmvvN2FL8X2xUU/l+3EhT1YRGrBqVtQKysFwHTKVDQWoRCBdOhreCmHPHBYWl9cIQss0v3ybDt8mHJDsLw/jEVthh++yAvWQZe8cG7ISdsiET7G/0LHoTJfFW/Co+irNVahytPXvsBuKP/wDzGr/x</latexit><latexit sha1_base64="B+ZBEFD1rsp5mydZgBDIZdjAOcs=">AAACgHicbVFLb9NAEF67PEp4pfTIZUQAwQHX5sJDQqrohWORCK0UR9F6M05W3YfZHRciy/+jv6u3/hnUjeMDTfmklb79Zr6Z3ZmiUtJTml5F8c6du/fu7z4YPHz0+MnT4d6zn97WTuBYWGXdacE9KmlwTJIUnlYOuS4UnhRnR+v4yTk6L635QasKp5ovjCyl4BSk2fACoMl9CRUnauHLAALyAhfSNCKU9W2nrNGlGVe18Bpywj9krNNcNbKEXzU6iR64Q6iNDNcW8hxuWrX0YttraYnut/TYJpvOaOZ939lwlCZpB7hNsp6MWI/j2fAyn1tRazQkFPd+kqUVTRvuSAqF7SCvPVZcnPEFTgI1XKOfNt0EW3gVlDmU1oVjCDr1X0fDtfcrXYRMzWnpt2Nr8X+xSU3lx2kjTVUTGrFpVNYKyMJ6HTCXDgWpVSBcOBneCmLJHRcUljYIQ8i2v3ybjN8nn5Lsezo6/NpPY5c9Zy/YG5axD+yQfWPHbMwE+xu9jN5FSbwTv40P4myTGke9Z5/dQPz5GtpAvOI=</latexit>
Suppression Compiler for Query Equality
17
Cache-based Compiler
STE STE
𝚲 = (ℒS, ℒQ)
= (★, (qeq, patt))
𝚲 = (ℒS, ℒQ)
= (★, nrp)
patt =
(nrp if queries are unique
misc otherwise.<latexit sha1_base64="RPjjgyIct3h/2rqBbwTZzVSotFU=">AAACgHicbVFNb9NAEF27hbYpHwGOvYxaikAIY3PhQ0Kq6IVjKxFaKY6i9WacrLof7u4YiCz/D478pt76Z1A3Tg405UkrvX0zb2Z3pqiU9JSm11G8sXnv/tb2Tm/3wcNHj/tPnn73tnYCB8Iq684L7lFJgwOSpPC8csh1ofCsuDhexM9+oPPSmm80r3Ck+dTIUgpOQRr3fwM0uS+h4kQtfO5BQF7gVJpGhLK+7ZQFujTjqhZeQE74i4x1mqtGlnBZo5PogTuE2shwbSHP4bZVSy/WvZZm6H5Kj22y7Ixmsuo77h+kSdoB7pJsRQ6O9vPXfxhjJ+P+VT6xotZoSCju/TBLKxo13JEUCtteXnusuLjgUxwGarhGP2q6CbZwGJQJlNaFYwg69V9Hw7X3c12ETM1p5tdjC/F/sWFN5YdRI01VExqxbFTWCsjCYh0wkQ4FqXkgXDgZ3gpixh0XFJbWC0PI1r98lwzeJR+T7DQM4wtbYpvtsX32kmXsPTtiX9kJGzDB/kbPozdREm/Er+K3cbZMjaOV5xm7hfjTDes2vms=</latexit><latexit sha1_base64="uyiZCzrLxl+0jsE3W4sWpZAAXVk=">AAACgHicbVFNb9NAEF27BdrwFeixl1ELCIRwbS58SJUiuPTYSoRWiqNovRknq+6H2R0DkeV/wYHfxa1/BrFxcmhTnrTS2zfzZnZnikpJT2l6FcVb23fu3tvZ7d1/8PDR4/6Tp1+9rZ3AobDKuouCe1TS4JAkKbyoHHJdKDwvLj8v4+ff0XlpzRdaVDjWfGZkKQWnIE36vwGa3JdQcaIWjnsQkBc4k6YRoaxvO2WJLs24qoUXkBP+JGOd5qqRJXyr0Un0wB1CbWS4tpDncNOqpRebXktzdD+kxzZZdUYzXfed9A/TJO0At0m2JoeDg/z1r6vB4nTS/5NPrag1GhKKez/K0orGDXckhcK2l9ceKy4u+QxHgRqu0Y+bboItPA/KFErrwjEEnXrd0XDt/UIXIVNzmvvN2FL8X2xUU/l+3EhT1YRGrBqVtQKysFwHTKVDQWoRCBdOhreCmHPHBYWl9cIQss0v3ybDt8mHJDsLw/jEVthh++yAvWQZe8cG7ISdsiET7G/0LHoTJfFW/Co+irNVahytPXvsBuKP/wDzGr/x</latexit><latexit sha1_base64="uyiZCzrLxl+0jsE3W4sWpZAAXVk=">AAACgHicbVFNb9NAEF27BdrwFeixl1ELCIRwbS58SJUiuPTYSoRWiqNovRknq+6H2R0DkeV/wYHfxa1/BrFxcmhTnrTS2zfzZnZnikpJT2l6FcVb23fu3tvZ7d1/8PDR4/6Tp1+9rZ3AobDKuouCe1TS4JAkKbyoHHJdKDwvLj8v4+ff0XlpzRdaVDjWfGZkKQWnIE36vwGa3JdQcaIWjnsQkBc4k6YRoaxvO2WJLs24qoUXkBP+JGOd5qqRJXyr0Un0wB1CbWS4tpDncNOqpRebXktzdD+kxzZZdUYzXfed9A/TJO0At0m2JoeDg/z1r6vB4nTS/5NPrag1GhKKez/K0orGDXckhcK2l9ceKy4u+QxHgRqu0Y+bboItPA/KFErrwjEEnXrd0XDt/UIXIVNzmvvN2FL8X2xUU/l+3EhT1YRGrBqVtQKysFwHTKVDQWoRCBdOhreCmHPHBYWl9cIQss0v3ybDt8mHJDsLw/jEVthh++yAvWQZe8cG7ISdsiET7G/0LHoTJfFW/Co+irNVahytPXvsBuKP/wDzGr/x</latexit><latexit sha1_base64="B+ZBEFD1rsp5mydZgBDIZdjAOcs=">AAACgHicbVFLb9NAEF67PEp4pfTIZUQAwQHX5sJDQqrohWORCK0UR9F6M05W3YfZHRciy/+jv6u3/hnUjeMDTfmklb79Zr6Z3ZmiUtJTml5F8c6du/fu7z4YPHz0+MnT4d6zn97WTuBYWGXdacE9KmlwTJIUnlYOuS4UnhRnR+v4yTk6L635QasKp5ovjCyl4BSk2fACoMl9CRUnauHLAALyAhfSNCKU9W2nrNGlGVe18Bpywj9krNNcNbKEXzU6iR64Q6iNDNcW8hxuWrX0YttraYnut/TYJpvOaOZ939lwlCZpB7hNsp6MWI/j2fAyn1tRazQkFPd+kqUVTRvuSAqF7SCvPVZcnPEFTgI1XKOfNt0EW3gVlDmU1oVjCDr1X0fDtfcrXYRMzWnpt2Nr8X+xSU3lx2kjTVUTGrFpVNYKyMJ6HTCXDgWpVSBcOBneCmLJHRcUljYIQ8i2v3ybjN8nn5Lsezo6/NpPY5c9Zy/YG5axD+yQfWPHbMwE+xu9jN5FSbwTv40P4myTGke9Z5/dQPz5GtpAvOI=</latexit>
Cache-based Compiler and Rebuilding• Cache-based Compiler • needs to rebuild encrypted structure from time to time
• So base STE scheme has to have a Rebuild protocol • Rebuild protocol must • be efficient for server • have O(1) client storage • be zero-leakage
18
Our Suppression Pipeline [K.-Moataz-Ohrimenko18]
19
Cache-based Compiler
Rebuild Compiler PBS
𝚲 = (ℒS, ℒQ,ℒA)
= (★, (qeq, patt), pattA)
RPBS
𝚲 = (ℒS, ℒQ,ℒA)
= (★, (qeq, patt), pattRb)
AZL
𝚲 = (ℒS, ℒQ)
= (★, srlen)
FZL
𝚲 = (ℒS, ℒQ)
= (★, ⟘)patt =
(srlen if queries are unique
misc otherwise.<latexit sha1_base64="gGTE4g3/iKpZgrTWXsLU4SqMX+w=">AAACgnicbVFNSxxBEO0ZNZrN18YcvRRKJCBsZpKDCSQg8eLRgKvCzrL09NbsNvbHpLsmyTLMH/Hkb8ot/8aeWQNx9UHD61f1qrqr8lJJT0nyN4rX1jeebG497T17/uLlq/7r7XNvKydwKKyy7jLnHpU0OCRJCi9Lh1znCi/yq+M2fvETnZfWnNGixLHmMyMLKTgFadK/hjrzBZScqIGvPQjIcpxJU4tQ1Ted0qJL806haWAfMsLfZKzTXNWygB8VOokeuEOojAzXBrIM7pu19GLVa2mO7pf02AyWvdFM/3We9PeSQdIBHpL0juwd7WYHN4yx00n/Tza1otJoSCju/ShNShrX3JEUCpteVnksubjiMxwFarhGP667GTbwNihTKKwLxxB06v+OmmvvFzoPmZrT3K/GWvGx2Kii4tO4lqasCI1YNioqBWShXQhMpUNBahEIF06Gt4KYc8cFhbW1Q0hXv/yQDD8MPg/S72EY39gSW2yH7bJ3LGWH7IidsFM2ZCJi0X70PkrijfggTuOPy9Q4uvO8YfcQf7kFu16+Pg==</latexit><latexit sha1_base64="58vNqlQPd4PlVXyB8U2ItZSMHGg=">AAACgnicbVFNb9NAEF2blpbw0UCPXEatqJAqBbs9UCSQonLhWKSmrRRH0XozTlbdD7M7BiLL/4ITP4tb/w1rp0g07ZNWevtm3szuTF4q6SlJbqL40cbm463tJ72nz56/2Om/fHXhbeUEjoRV1l3l3KOSBkckSeFV6ZDrXOFlfv25jV9+R+elNee0LHGi+dzIQgpOQZr2f0Od+QJKTtTApx4EZDnOpalFqOqbTmnRpXmn0DRwABnhTzLWaa5qWcC3Cp1ED9whVEaGawNZBnfNWnqx7rW0QPdDemwGq95oZv86T/v7ySDpAPdJekv2h3vZ4a+b4fJs2v+TzayoNBoSins/TpOSJjV3JIXCppdVHksurvkcx4EartFP6m6GDbwJygwK68IxBJ36v6Pm2vulzkOm5rTw67FWfCg2rqg4mdTSlBWhEatGRaWALLQLgZl0KEgtA+HCyfBWEAvuuKCwtnYI6fqX75PR0eDDIP0ahnHKVthmr9kee8tS9p4N2Rd2xkZMRCw6iN5FSbwZH8ZpfLxKjaNbzy67g/jjX8NCv8Q=</latexit><latexit sha1_base64="58vNqlQPd4PlVXyB8U2ItZSMHGg=">AAACgnicbVFNb9NAEF2blpbw0UCPXEatqJAqBbs9UCSQonLhWKSmrRRH0XozTlbdD7M7BiLL/4ITP4tb/w1rp0g07ZNWevtm3szuTF4q6SlJbqL40cbm463tJ72nz56/2Om/fHXhbeUEjoRV1l3l3KOSBkckSeFV6ZDrXOFlfv25jV9+R+elNee0LHGi+dzIQgpOQZr2f0Od+QJKTtTApx4EZDnOpalFqOqbTmnRpXmn0DRwABnhTzLWaa5qWcC3Cp1ED9whVEaGawNZBnfNWnqx7rW0QPdDemwGq95oZv86T/v7ySDpAPdJekv2h3vZ4a+b4fJs2v+TzayoNBoSins/TpOSJjV3JIXCppdVHksurvkcx4EartFP6m6GDbwJygwK68IxBJ36v6Pm2vulzkOm5rTw67FWfCg2rqg4mdTSlBWhEatGRaWALLQLgZl0KEgtA+HCyfBWEAvuuKCwtnYI6fqX75PR0eDDIP0ahnHKVthmr9kee8tS9p4N2Rd2xkZMRCw6iN5FSbwZH8ZpfLxKjaNbzy67g/jjX8NCv8Q=</latexit><latexit sha1_base64="VpjY4gzIU4pyJ5pGzF19lYuVy2E=">AAACgnicbVFNb9NAEF0bCiV8NJQjl1EjKiSkYLcHqNRKFVw4FonQSnEUrTfjZNX9MLvj0sjyH+Fn9dZ/w9oJEk37pJXevpk3szuTl0p6SpLbKH70eOvJ0+1nvecvXr7a6b/e/elt5QSOhFXWXeTco5IGRyRJ4UXpkOtc4Xl++bWNn1+h89KaH7QscaL53MhCCk5Bmvb/QJ35AkpO1MBJDwKyHOfS1CJU9U2ntOjSvFNoGtiHjPCajHWaq1oW8KtCJ9EDdwiVkeHaQJbBXbOWXmx6LS3Q/ZYem+GqN5rZv87T/iAZJh3gPknXZMDWOJv2b7KZFZVGQ0Jx78dpUtKk5o6kUNj0sspjycUln+M4UMM1+kndzbCBd0GZQWFdOIagU/931Fx7v9R5yNScFn4z1ooPxcYVFZ8ntTRlRWjEqlFRKSAL7UJgJh0KUstAuHAyvBXEgjsuKKytHUK6+eX7ZHQwPBqm35PB6Zf1NLbZW7bH3rOUfWKn7Bs7YyMmIhbtRx+jJN6KP8RpfLhKjaO15w27g/j4L6povLU=</latexit>
Q: How does the CBC work?
20
Square Root ORAM [Goldreigh-Ostrovsky92]
21
Setup timeCacheMain Memory + Dummies
CacheMain Memory + Dummies
ORAM.Setup
if item in cache get dummy
else get item
Query time
Zero-leakageLeaks qeq but query never repeated
Reinterpreting Square Root ORAM [K.-Moataz-Ohrimenko18]
22
Setup timeORAM.Setup
if item in cache get dummy
else get item
Query time Cache
EDX 𝚲EDX = (ℒS, ℒQ)
= (★, ⟘)
Main Memory + Dummies
ERAM 𝚲ERAM = (ℒS, ℒQ) = (★, qeq)
Main Memory + Dummies
ERAM 𝚲ERAM = (ℒS, ℒQ) = (★, qeq)
Cache
EDX 𝚲EDX = (ℒS, ℒQ) = (★, ⟘)
Reinterpreting Square Root ORAM• Square root ORAM ≈ • “uses a ZL encrypted dictionary… • …to suppress the qeq leakage of an encrypted RAM”
•Q: Can we replace the ERAM with another encrypted structure? • if yes then no multiplicative polylog overhead due to simulation
23
The Cache-Based Compiler
24
Setup timeORAM.Setup
if item in cache get dummy
else get item
Query time Cache
EDX 𝚲EDX = (ℒS, ℒQ)
= (★, ⟘)
Main Memory + Dummies
EDS 𝚲EDS = (ℒS, ℒQ) = (★, qeq)
Main Memory + Dummies
EDS 𝚲EDS = (ℒS, ℒQ) = (★, qeq)
Cache
EDX 𝚲EDX = (ℒS, ℒQ) = (★, ⟘)
The Cache-Based Compiler• EDS has to satisfy certain properties • has to be rebuildable • has to be “extendable” ≈ can store dummies
• has to be “safe” ≈ handles dummies securely
• has to have “small” non-repeating sub-pattern25
DS DSλ-extension
ℒS( ) ≤ ℒS(DS) DS ℒQ( ,q) ≤ ℒS(DS,q) DS
The Piggy Back Scheme (PBS) [K.-Moataz-Ohrimenko18]
26
MM
ℓ1
ℓ2
ℓ3
ℓ1
ℓ2
ℓ3
DX
ℓ1|1
ℓ2|1
ℓ3|1
ℓ1|2
• Data structure transformation • pad tuples to multiple of 𝝰 (e.g., 𝝰 = 3)
• PBS.Setup(1k, EMM = DX) • creates client state that maps labels to number of blocks • sends encrypted dictionary EDX to server
The Piggy Back Scheme (PBS)
27
State DX
ℓ1 2
ℓ2 1
ℓ3 1
EDX
ℓ1|1
ℓ2|1
ℓ3|1
ℓ1|2
• Consider sequence (ℓ1, ℓ3, ℓ2, …) • PBS.Get(K, state, Q, ℓ1) • 2 := DX[ℓ1] • Enqueue ℓ1|1 and ℓ1|2 on Q • query := Q.dequeue() • send EDX.Token(K, query) • client only gets back
• PBS.Get(K, state, Q, ℓ3) • … • client gets back
The Piggy Back Scheme (PBS)
28
EDX
ℓ1|1
ℓ2|1
ℓ3|1
ℓ1|2
State DX
ℓ1 2
ℓ2 1
ℓ3 1
The Piggy Back Scheme (PBS)• PBS leverages a new tradeoff • security vs. latency • hides response length (volume) but response not immediate
• PBS has leakage profile • 𝚲 = (ℒS, ℒQ) = (★, rqeq, ★) • where rqeq has non-repeating sub-pattern • ⟘ on all but the last query • srlen on the last query
29
Latency Analysis of PBS
30
Thm: If queries and responses are Zipf distributed then under the inverted query hypothesis, latency is t + ε·t with probability at least
1� exp
✓� 2t
✓" · ↵
µ
◆2◆
<latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">AAACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW9941ni++WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqttJ3OxR9DtoQWW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwggvYp/5XIMMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">AAACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW9941ni++WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqttJ3OxR9DtoQWW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwggvYp/5XIMMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">AAACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW9941ni++WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqttJ3OxR9DtoQWW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwggvYp/5XIMMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit><latexit sha1_base64="FfTsSGIsqkzAdfwx8GbkizFnHvo=">AAACNHicbZBNbxMxEIa9hX4QSknLsReLCKk9EO1GlWhvVXvhwKGVGlopTqNZZzax6rUte7ZqtMqf4sL/4AQHDoC48hvqfByg5ZUsPX5nRva8udMqUJp+S1aePF1dW9941ni++WLrZXN752OwlZfYlVZbf5VDQK0MdkmRxivnEcpc42V+czqrX96iD8qaC5o47JcwMqpQEihag+aHjL/lAu+cyNVotBcvHVqguAWPLihtDRdyaImLwoOsBWg3hmktymo679y/7vAFDJqttJ3OxR9DtoQWW+ps0PwihlZWJRqSGkLoZamjfg2elNQ4bYgqoAN5AyPsRTRQYujX862n/E10hrywPh5DfO7+PVFDGcKkzGNnCTQOD2sz83+1XkXFYb9WxlWERi4eKirNyfJZhHyoPErSkwggvYp/5XIMMRuKQTdiCNnDlR9Dt9M+amfnB63jk2UaG2yXvWZ7LGPv2DF7z85Yl0n2iX1lP9jP5HPyPfmV/F60riTLmVfsHyV/7gGHjapk</latexit>
Our Suppression Pipeline [K.-Moataz-Ohrimenko18]
31
Cache-based Compiler
Rebuild Compiler PBS
𝚲 = (ℒS, ℒQ,ℒA)
= (★, (qeq, patt), pattA)
RPBS
𝚲 = (ℒS, ℒQ,ℒA)
= (★, (qeq, patt), pattRb)
AZL
𝚲 = (ℒS, ℒQ)
= (★, srlen)
FZL
𝚲 = (ℒS, ℒQ)
= (★, ⟘)patt =
(srlen if queries are unique
misc otherwise.<latexit sha1_base64="gGTE4g3/iKpZgrTWXsLU4SqMX+w=">AAACgnicbVFNSxxBEO0ZNZrN18YcvRRKJCBsZpKDCSQg8eLRgKvCzrL09NbsNvbHpLsmyTLMH/Hkb8ot/8aeWQNx9UHD61f1qrqr8lJJT0nyN4rX1jeebG497T17/uLlq/7r7XNvKydwKKyy7jLnHpU0OCRJCi9Lh1znCi/yq+M2fvETnZfWnNGixLHmMyMLKTgFadK/hjrzBZScqIGvPQjIcpxJU4tQ1Ted0qJL806haWAfMsLfZKzTXNWygB8VOokeuEOojAzXBrIM7pu19GLVa2mO7pf02AyWvdFM/3We9PeSQdIBHpL0juwd7WYHN4yx00n/Tza1otJoSCju/ShNShrX3JEUCpteVnksubjiMxwFarhGP667GTbwNihTKKwLxxB06v+OmmvvFzoPmZrT3K/GWvGx2Kii4tO4lqasCI1YNioqBWShXQhMpUNBahEIF06Gt4KYc8cFhbW1Q0hXv/yQDD8MPg/S72EY39gSW2yH7bJ3LGWH7IidsFM2ZCJi0X70PkrijfggTuOPy9Q4uvO8YfcQf7kFu16+Pg==</latexit><latexit sha1_base64="58vNqlQPd4PlVXyB8U2ItZSMHGg=">AAACgnicbVFNb9NAEF2blpbw0UCPXEatqJAqBbs9UCSQonLhWKSmrRRH0XozTlbdD7M7BiLL/4ITP4tb/w1rp0g07ZNWevtm3szuTF4q6SlJbqL40cbm463tJ72nz56/2Om/fHXhbeUEjoRV1l3l3KOSBkckSeFV6ZDrXOFlfv25jV9+R+elNee0LHGi+dzIQgpOQZr2f0Od+QJKTtTApx4EZDnOpalFqOqbTmnRpXmn0DRwABnhTzLWaa5qWcC3Cp1ED9whVEaGawNZBnfNWnqx7rW0QPdDemwGq95oZv86T/v7ySDpAPdJekv2h3vZ4a+b4fJs2v+TzayoNBoSins/TpOSJjV3JIXCppdVHksurvkcx4EartFP6m6GDbwJygwK68IxBJ36v6Pm2vulzkOm5rTw67FWfCg2rqg4mdTSlBWhEatGRaWALLQLgZl0KEgtA+HCyfBWEAvuuKCwtnYI6fqX75PR0eDDIP0ahnHKVthmr9kee8tS9p4N2Rd2xkZMRCw6iN5FSbwZH8ZpfLxKjaNbzy67g/jjX8NCv8Q=</latexit><latexit sha1_base64="58vNqlQPd4PlVXyB8U2ItZSMHGg=">AAACgnicbVFNb9NAEF2blpbw0UCPXEatqJAqBbs9UCSQonLhWKSmrRRH0XozTlbdD7M7BiLL/4ITP4tb/w1rp0g07ZNWevtm3szuTF4q6SlJbqL40cbm463tJ72nz56/2Om/fHXhbeUEjoRV1l3l3KOSBkckSeFV6ZDrXOFlfv25jV9+R+elNee0LHGi+dzIQgpOQZr2f0Od+QJKTtTApx4EZDnOpalFqOqbTmnRpXmn0DRwABnhTzLWaa5qWcC3Cp1ED9whVEaGawNZBnfNWnqx7rW0QPdDemwGq95oZv86T/v7ySDpAPdJekv2h3vZ4a+b4fJs2v+TzayoNBoSins/TpOSJjV3JIXCppdVHksurvkcx4EartFP6m6GDbwJygwK68IxBJ36v6Pm2vulzkOm5rTw67FWfCg2rqg4mdTSlBWhEatGRaWALLQLgZl0KEgtA+HCyfBWEAvuuKCwtnYI6fqX75PR0eDDIP0ahnHKVthmr9kee8tS9p4N2Rd2xkZMRCw6iN5FSbwZH8ZpfLxKjaNbzy67g/jjX8NCv8Q=</latexit><latexit sha1_base64="VpjY4gzIU4pyJ5pGzF19lYuVy2E=">AAACgnicbVFNb9NAEF0bCiV8NJQjl1EjKiSkYLcHqNRKFVw4FonQSnEUrTfjZNX9MLvj0sjyH+Fn9dZ/w9oJEk37pJXevpk3szuTl0p6SpLbKH70eOvJ0+1nvecvXr7a6b/e/elt5QSOhFXWXeTco5IGRyRJ4UXpkOtc4Xl++bWNn1+h89KaH7QscaL53MhCCk5Bmvb/QJ35AkpO1MBJDwKyHOfS1CJU9U2ntOjSvFNoGtiHjPCajHWaq1oW8KtCJ9EDdwiVkeHaQJbBXbOWXmx6LS3Q/ZYem+GqN5rZv87T/iAZJh3gPknXZMDWOJv2b7KZFZVGQ0Jx78dpUtKk5o6kUNj0sspjycUln+M4UMM1+kndzbCBd0GZQWFdOIagU/931Fx7v9R5yNScFn4z1ooPxcYVFZ8ntTRlRWjEqlFRKSAL7UJgJh0KUstAuHAyvBXEgjsuKKytHUK6+eX7ZHQwPBqm35PB6Zf1NLbZW7bH3rOUfWKn7Bs7YyMmIhbtRx+jJN6KP8RpfLhKjaO15w27g/j4L6povLU=</latexit>
Q: Can we suppress other patterns besides the query equality?
32
The Volume Pattern• Volume pattern is the size of a response • very common leakage pattern (even ORAM leaks it) • hard to suppress without blowup in storage
• [Kellaris-Kollios-Nissim-O’Neill16,…] • series of attacks vs. volume pattern of range queries
33
Suppressing Volume with Naive Padding
34
MM
ℓ1
ℓ2
ℓ3
MM
ℓ1
ℓ2
ℓ3
EMM.Setup
EMM
ℓ1
ℓ2
ℓ3
• Query complexity
• Storage complexity
O( max`2LMM
#MM[`])
O(#LMM · max`2LMM
#MM[`])Can we do better?
Computationally-Secure Leakage
35
Unbounded Adversary Bounded Adversary
vs.
Pseudo-Random Transform (PRT)
36
• Let F:{0,1}kx{0,1}*⟶{0,1}log µ be a PRF • Let λ ≥ 0 be a parameter (min. response length) • For each label ℓ in MM • compute len(ℓ) = λ + FK(ℓ | #MM[ℓ]) • if len(ℓ) < #MM[ℓ] truncate ℓ’s tuple to length len(ℓ) • if len(ℓ) > #MM[ℓ] pad ℓ’s tuple to length len(ℓ)
Pseudo-Random Transform (PRT)
37
MM
ℓ1
ℓ2
ℓ3
MM
ℓ1
ℓ2
ℓ3
λ+FK(ℓ1|4) = 1+ 0 = 1
λ+FK(ℓ2|2) = 1+ 2 = 3
λ+FK(ℓ3|3) = 1+ 1 = 1
• Example with λ = 1 and µ = 3
EMM
ℓ1
ℓ2
ℓ3
EMM.Setup
Pseudo-Random Transform (PRT)• PRT is a “lossy” transformation • PRT exploits a new tradeoff • lossiness vs. security
• Volume hiding relies on pseudo-randomness of F • Need to analyze • Number of truncations • Storage overhead
38
Zipf-Distributed Multi-Maps• A MM is Zipf-distributed if the rth tuple has length
39
1
r ·H#LMM,1·X
`2LMM
#MM[`]
rth
Response length
Number of labels
0
0.05
0.1
0.15
0.2
0 200 400 600 800 1000Fr
eque
ncy
Keywords rank
SU datasetM-MU datasetL-MU dataset
Enron dataset
Pseudo-Random Transform (PRT)
40
Thm: Let 1/2 < 𝝰 < 1. If MM is Zipf-distributed, then MM’ has size at most
with probability at least .
Furthermore, it incurs at most
truncations with probability at least .
↵ ·#L ·max`2L
#MM[`]<latexit sha1_base64="vvLBhXoVHV/CK8ghePFeLWlAlgY=">AAACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCuub2xubZd2du9UlEhCGyTikWz5oChngjY005y2Ykkh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QQLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKKB9dICOkINOURVdoTpqIIIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vvLBhXoVHV/CK8ghePFeLWlAlgY=">AAACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCuub2xubZd2du9UlEhCGyTikWz5oChngjY005y2Ykkh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QQLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKKB9dICOkINOURVdoTpqIIIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vvLBhXoVHV/CK8ghePFeLWlAlgY=">AAACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCuub2xubZd2du9UlEhCGyTikWz5oChngjY005y2Ykkh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QQLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKKB9dICOkINOURVdoTpqIIIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit><latexit sha1_base64="vvLBhXoVHV/CK8ghePFeLWlAlgY=">AAACNXicbVBNS8NAFNz4WetX1aOXxSJ4KokI6q3oxYOFCtYWmlBetpt26WYTdjdiCflVXvwd3nrxoOLVv+C2jaitAwvDzDz2vfFjzpS27ZG1sLi0vLJaWCuub2xubZd2du9UlEhCGyTikWz5oChngjY005y2Ykkh9Dlt+oPLsd+8p1KxSNzqYUy9EHqCBYyANlKnVHOBx31wSTfS2C27Iei+76fXGc6lEB46qUs5xy4T+MfPvtMqSGu1rD2OeJ1S2a7YE+B54uSkjHLUO6VntxuRJKRCEw5KtR071l4KUjPCaVZ0E0VjIAPo0bahAkKqvHRydoYPjdLFQSTNExpP1N8TKYRKDUPfJCeLznpj8T+vnejgzEuZiBNNBZl+FCQc6wiPO8RdJinRfGgIEMnMrpj0QQLRpumiKcGZPXmeNI4r5xXn5qRcvcjbKKB9dICOkINOURVdoTpqIIIe0Qi9ojfryXqx3q2PaXTBymf20B9Yn1/3+axQ</latexit>
1� exp
✓�#L · (2↵� 1)2/8
◆
<latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">AAACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXllfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFFWMtCJBUOAz0vSHF6nfvCdCUh7eqFFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJbblTNK2KNQGcJ3ZGTJCh0Sl+uF2O44CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSSyY1jeKCVLuxxoV+o4ET93ZGgQMpR4OvKdH0566Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnAABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">AAACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXllfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFFWMtCJBUOAz0vSHF6nfvCdCUh7eqFFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJbblTNK2KNQGcJ3ZGTJCh0Sl+uF2O44CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSSyY1jeKCVLuxxoV+o4ET93ZGgQMpR4OvKdH0566Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnAABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">AAACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXllfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFFWMtCJBUOAz0vSHF6nfvCdCUh7eqFFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJbblTNK2KNQGcJ3ZGTJCh0Sl+uF2O44CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSSyY1jeKCVLuxxoV+o4ET93ZGgQMpR4OvKdH0566Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnAABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit><latexit sha1_base64="KhUV5kmhcdYVPK2FwAarzbqAl2g=">AAACInicbVC7TsMwFHXKq5RXgZHFIkJqB0pSIVGYKlgYGIpEaKUmVI7rtladOLIdRBX1X1j4FRYGXhMSH4PTZoCWI1k6Pude3XuPHzEqlWV9GbmFxaXllfxqYW19Y3OruL1zK3ksMHEwZ1y0fCQJoyFxFFWMtCJBUOAz0vSHF6nfvCdCUh7eqFFEvAD1Q9qjGCktdYpnNjyELnmIXJ/2+6X0Y7oBUgPfT67GLu5yVaq6iEUDpD27fFc9qsFJbblTNK2KNQGcJ3ZGTJCh0Sl+uF2O44CECjMkZdu2IuUlSCiKGRkX3FiSCOEh6pO2piEKiPSSyY1jeKCVLuxxoV+o4ET93ZGgQMpR4OvKdH0566Xif147Vr2al9AwihUJ8XRQL2ZQcZgGBrtUEKzYSBOEBdW7QjxAAmGlYy3oEOzZk+eJU62cVuzrY7N+nqWRB3tgH5SADU5AHVyCBnAABo/gGbyCN+PJeDHejc9pac7IenbBHxjfP8pPoN8=</latexit>
1
log(#L) ·#L<latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">AAACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRddH0nCaEwcRRUj3UQQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnnihgLhzM4zl/FBw627EVJD389u8+McujjgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZZPHcniklQCGXOiKFZyosxMZiqQcR77uLC6U814h/uf1UhVeeBmNk1SRGE8XhSmDisMiJRhQQbBiY00QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXAADkED2OActMANaAMHYPAEXsAbeDeejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">AAACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRddH0nCaEwcRRUj3UQQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnnihgLhzM4zl/FBw627EVJD389u8+McujjgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZZPHcniklQCGXOiKFZyosxMZiqQcR77uLC6U814h/uf1UhVeeBmNk1SRGE8XhSmDisMiJRhQQbBiY00QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXAADkED2OActMANaAMHYPAEXsAbeDeejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">AAACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRddH0nCaEwcRRUj3UQQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnnihgLhzM4zl/FBw627EVJD389u8+McujjgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZZPHcniklQCGXOiKFZyosxMZiqQcR77uLC6U814h/uf1UhVeeBmNk1SRGE8XhSmDisMiJRhQQbBiY00QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXAADkED2OActMANaAMHYPAEXsAbeDeejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit><latexit sha1_base64="rsB98eGlCq0cXpnWoMx9ArcfnrE=">AAACF3icbVBNS8NAEN3Ur1q/oh69LBahXmoignorevHgoYKxhSaUzWbTLt1kw+5GKCE/w4t/xYsHFa9689+4aXOorQ8GHu/NMDPPTxiVyrJ+jMrS8srqWnW9trG5tb1j7u49SJ4KTBzMGRddH0nCaEwcRRUj3UQQFPmMdPzRdeF3HomQlMf3apwQL0KDmIYUI6WlvnnihgLhzM4zl/FBw627EVJD389u8+McujjgCs6KfbNuNa0J4CKxS1IHJdp989sNOE4jEivMkJQ920qUlyGhKGYkr7mpJAnCIzQgPU1jFBHpZZPHcniklQCGXOiKFZyosxMZiqQcR77uLC6U814h/uf1UhVeeBmNk1SRGE8XhSmDisMiJRhQQbBiY00QFlTfCvEQ6aSUzrKmQ7DnX14kzmnzsmnfndVbV2UaVXAADkED2OActMANaAMHYPAEXsAbeDeejVfjw/ictlaMcmYf/IHx9QuoBZ+9</latexit>
1� exp
✓� 2 ·#L · log2(#L)
◆
<latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">AAACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOsslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGGaKffNolW1UsBVYmekCDI0++a7M+A48kmgMENSdm0rVL0YCUUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">AAACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOsslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGGaKffNolW1UsBVYmekCDI0++a7M+A48kmgMENSdm0rVL0YCUUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">AAACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOsslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGGaKffNolW1UsBVYmekCDI0++a7M+A48kmgMENSdm0rVL0YCUUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit><latexit sha1_base64="UybYZ3OhzrMhHo0Jqr5xs6TW5W4=">AAACKnicbVDNTsJAGNziH+Jf1aOXjcQEDpCWmKg3ghcPHjARIaFItstSNmy7ze7WSBrex4uv4kEPSrz6IG5LDwhOsslk5pvs940bMiqVZc2M3Nr6xuZWfruws7u3f2AeHj1IHglMWpgzLjoukoTRgLQUVYx0QkGQ7zLSdsfXid9+IkJSHtyrSUh6PvICOqQYKS31zYYNK9Ahz6HjUs8rVWoOHnDlFB0fqZHrxrfTVIAO495jrbRolGGaKffNolW1UsBVYmekCDI0++a7M+A48kmgMENSdm0rVL0YCUUxI9OCE0kSIjxGHulqGiCfyF6c3jqFZ1oZwCEX+gUKpupiIka+lBPf1ZPJpnLZS8T/vG6khpe9mAZhpEiA5x8NIwYVh0lxcEAFwYpNNEFYUL0rxCMkEFa63oIuwV4+eZW0atWrqn13Xqw3sjby4AScghKwwQWogxvQBC2AwQt4A5/gy3g1PoyZ8T0fzRlZ5hj8gfHzC9GLpdk=</latexit>
Pseudo-Random Transform (PRT)• PRT has many advantages • easy to use and implement 😀 • doesn’t impact query and storage complexity too much 😀
• But it is is lossy 😞 • for keyword search one can rank results • so only low-ranked results are lost
41
Q: Can we design a non-lossy transformation?
42
Densest Subgraph Transform [K.-Moataz19]
• Data structure transformation • hides volume 😀 • query complexity ≈ query complexity of naive padding ☹ • storage complexity ≤ storage complexity of naive padding 😀 • non-lossy 😀
• How is this possible? • New EMM design framework • Computational assumptions from average-case complexity
43
Densest Subgraph Transform [K.-Moataz19]
• For each label pick µ=maxℓ#MM[ℓ] bins at random • store values in bins • if #MM[ℓ] < µ don’t store anything in remaining bins
• Pad all bins
MM
ℓ1 v1
ℓ2 v3
ℓ3 v2
v2 v4
v4
Client state
v1 v3 v4
ℓ1 B1 B3 B4
ℓ1
v3
ℓ2 B2 B3 B4
v2 v4ℓ3 B1 B2 B3
ℓ2 ℓ3
B1 B2 B3 B4
Size of client state ≈
size of MM
Densest Subgraph Transform [K.-Moataz19]
45
Client state
ℓ1 rand1
ℓ2 rand2
ℓ3 rand3
• Compressing the state • instead of choosing edges/bins uniformly at random • use a PRF and store key/rand value in state
Client state
ℓ1 B1 B3 B4
ℓ2 B2 B3 B4
ℓ3 B1 B2 B3
vs.
O(#L ·max`2L
#MM[`])<latexit sha1_base64="55ednwCn8nVnJcDhKfBDYlLR0jE=">AAACKHicbVDLSsNAFJ34rPVVdelmsAh1UxIR1F3RjQuLFawtJKFMppN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAbb0wcOacc7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGGUk7aiipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIaapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCooqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="55ednwCn8nVnJcDhKfBDYlLR0jE=">AAACKHicbVDLSsNAFJ34rPVVdelmsAh1UxIR1F3RjQuLFawtJKFMppN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAbb0wcOacc7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGGUk7aiipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIaapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCooqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="55ednwCn8nVnJcDhKfBDYlLR0jE=">AAACKHicbVDLSsNAFJ34rPVVdelmsAh1UxIR1F3RjQuLFawtJKFMppN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAbb0wcOacc7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGGUk7aiipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIaapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCooqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit><latexit sha1_base64="55ednwCn8nVnJcDhKfBDYlLR0jE=">AAACKHicbVDLSsNAFJ34rPVVdelmsAh1UxIR1F3RjQuLFawtJKFMppN26GQSZiZiCfkdN/6KGwWVbv0SJ2lAbb0wcOacc7n3Hi9iVCrTnBgLi0vLK6ultfL6xubWdmVn916GscCkjUMWiq6HJGGUk7aiipFuJAgKPEY63ugy0zsPREga8js1jogboAGnPsVIaapXadzUnKoTIDX0vOQ6dXA/VPr72EscwphD+Y+WwsIp/aTZTO3M4B71KlWzbuYF54FVgCooqtWrvDn9EMcB4QozJKVtmZFyEyQUxYykZSeWJEJ4hAbE1pCjgEg3yS9N4aFm+tAPhX5cwZz93ZGgQMpx4GlnvumslpH/aXas/DM3oTyKFeF4OsiPGVQhzGKDfSoIVmysAcKC6l0hHiKBsNLhlnUI1uzJ86B9XD+vW7cn1cZFkUYJ7IMDUAMWOAUNcAVaoA0weAIv4B18GM/Gq/FpTKbWBaPo2QN/yvj6BiRdp2Y=</latexit>
O(#L)<latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AAAB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyyura+uVjerm1vZOzdzde5BJJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bbu236M1DAM85vJcc+0nYYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AAAB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyyura+uVjerm1vZOzdzde5BJJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bbu236M1DAM85vJcc+0nYYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AAAB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyyura+uVjerm1vZOzdzde5BJJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bbu236M1DAM85vJcc+0nYYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit><latexit sha1_base64="ViGYl7alHyVSx3qrb+XPeCqUXsc=">AAAB93icbVBNS8NAFHzxs9aPRj16CQahXkoignorevEgWMHYQhPKZrtpl242YXcj1NBf4sWDilf/ijf/jZs2B20dWBhm3uPNTpgyKpXjfBtLyyura+uVjerm1vZOzdzde5BJJjDxcMIS0QmRJIxy4imqGOmkgqA4ZKQdjq4Kv/1IhKQJv1fjlAQxGnAaUYyUlnpm7bbu236M1DAM85vJcc+0nYYzhbVI3JLYUKLVM7/8foKzmHCFGZKy6zqpCnIkFMWMTKp+JkmK8AgNSFdTjmIig3wafGIdaaVvRYnQjytrqv7eyFEs5TgO9WQRUc57hfif181UdB7klKeZIhzPDkUZs1RiFS1YfSoIVmysCcKC6qwWHiKBsNJdVXUJ7vyXF4l30rhouHendvOybKMCB3AIdXDhDJpwDS3wAEMGz/AKb8aT8WK8Gx+z0SWj3NmHPzA+fwARvpJC</latexit>
Some PRF seeds can lead to collisions
so just pick again until no collisions
Densest Subgraph Transform [K.-Moataz19]
46
v1 v3 v4
ℓ1
v3
v2 v4
ℓ2 ℓ3
B1 B2 B3 B4
DX
B1 v1
B2 v3
B3 v3
v2
B4 v4
v4
EDX
B1 v1
B2 v3
B3 v3
v2
B4 v4
v4EMM.Setup
• Store bins in a dictionary DX and encrypt DX
Densest Subgraph Transform [K.-Moataz19]
• To get ℓ2, • retrieve rand2 from state • compute bin identifiers
• 2:= F(rand2, 1), • 3:= F(rand2, 2), • 4:= F(rand3, 3)
• retrieve binsState DX
ℓ1 rand1
ℓ2 rand2
ℓ3 rand3
B2 B3 B4
EDX
B1 v1
B2 v3
B3 v3
v2
B4 v4
v4
v3 v3 v4v4
Densest Subgraph Transform [K.-Moataz19]
48
Thm: The load of a bin is at most
with probability at least 1 - ε, where
N
n+
ln(1/")
3
✓1 +
s
1 +18N
n · ln(1/")
◆
N =X
`2LMM
#MM[`]
• Alternative construction for concentrated MMs • v2 and v4 are duplicated so store them only once • Pick bi-partite clique at random
• store duplicated items in clique • Pick remaining edges at random
Densest Subgraph Transform [K.-Moataz19]
MM
ℓ1 v1
ℓ2 v3
ℓ3 v2
v2 v4
v4
ℓ1 ℓ2 ℓ3
v1 v3v2 v4
Densest Subgraph Transform [K.-Moataz19]
50
Thm: The load of a bin is at most
with probability at least 1 - ε, where NDS is the size of concentrated part
N�NDS
n+
ln(1/")
3
✓1 +
s
1 +18(N�NDS)
n · ln(1/")
◆
Densest Subgraph Assumption [Applebaum-Barak-Wigderson10]
51
≃Erdös-Rényi graph Erdös-Rényi graph with
planted dense subgraph
Densest Subgraph Assumption [Applebaum-Barak-Wigderson10]
• Variant of the planted clique problem • central problem in average-case hardness
• Evidence for hardness • studied since the mid-70’s in CS & statistical physics • failure of powerful algorithmic techniques • restricted lower bounds • Sum-of-squares • Statistical query
52
Conclusions
53
Encrypted Search: 2000-2019• A large and vibrant area of research • Many interesting and hard problems • Many fundamental questions • how do we model leakage? • how do we quantify leakage? • how do we suppress leakage? • are the tradeoffs we observe inherent? (i..e, lower bounds)
54
Encrypted Search: 2000-2019• Many connections • algorithms & data structures • database theory & systems • statistical learning theory • optimization • graph theory • distributed systems
55
Encrypted Search: 2000-2019• Many interesting leakage attacks to study • But many new techniques to bypass leakage attacks • padding & clustering techniques [Bost-Fouque17] • response-hiding schemes [Blackstone-K.-Moataz19] • suppression compilers [K.-Moataz-Ohrimenko18] • suppression transforms [K.-Moataz19] • worst-case vs. average-case leakage [Agarwal-K.19] • distributing data [Agarwal-K.19]
56
Encrypted Search: 2000-2019• New tradeoffs to explore • leakage vs. correctness [K.-Moataz19] • leakage vs. latency [K.-Moataz-Ohrimenko18]
57
Encrypted Search: 2000-2019• Real-world impact • Microsoft SQL Server • MongoDB Field Level Encryption • Cisco WebEx • Ionic • more coming…
58
Thanks to…
59Tarik Moataz
Ghous Amjad
Olya Ohrimenko
Laura BlackstoneArchita Agarwal
Sam ZhaoMarilyn George
Hajar Alturki
The End
60