Semi-order preserving encryption

Abstract

Order preserving encryption (OPE) is a kind of encryption designed to support searches on ciphertexts. OPE encrypts plaintexts to ciphertexts with the same order, making it possible to efficiently compare ciphertexts without decryption. Because of its efficiency, OPE has been used in systems aimed at practical use. However, even though many OPE schemes have been proposed, all suffer from security and ciphertext expansion problems.This paper proposes the notation of semi-order preserving encryption (SOPE) as a substitute for OPE. SOPE uses a semi-order preserving condition instead of strict order preserving condition to support a range query on ciphertexts. By this means, SOPE can enhance security and reduce storage cost with some sacrifice of precision. The loss of precision can be eliminated with the cost of extra communication and computation, because it is easy to generate a query on ciphertexts including all required plaintexts.To study the relationship among precision, security and ciphertext expansion, we introduce semi-order preserving degree d, which measures the difference between SOPE and OPE. The theoretical derivation shows that security will increase with d, while precision and ciphertext expansion will decrease with d. Thus SOPE can balance precision, security and ciphertext expansion by adjusting semi-order preserving degree d according to a concrete condition. Finally, we present an implementation of SOPE.