Multi-Client Searchable Encryption over Distributed Key-Value Stores

Abstract

Distributed key-value stores are rapidly evolving to serve the needs of high-performance web services and large-scale cloud computing applications. It is desirable to search directly over an encrypted key value (KV) store, as data is increasingly stored in the cloud. Encrypted, distributed and searchable key- value stores have been the focus of research, where a data owner outsources his key-value store to a remote server in the cloud in the encrypted form, yet still keeping it searchable. In this paper, we explore the encrypted KV store with the secure multi-client query support. In particular, the data owner can authorize multiple trustable clients (third parties) and allow them to search its encrypted database over KV store. The design goal is to ensure the data confidentiality and query privacy. From the data owner's perspective, the authorized query should not leak too much information thus causing threats to its private database. From clients' perspective, they have the explicit requirement that the query values should not be exposed to the data owner. We design two encryption schemes and token generation methods to satisfy different requirements. To validate the effciency of our protocols, we implement the system prototype to evaluate their performance.