Abstract:
In the era of national big data strategies and burgeoning data markets, privacy-preserving databases play a crucial role in establishing an environment that is open, shared, and governed. Central to the construction of such databases is searchable encryption (SE), a fundamental cryptographic technology that enables efficient searching within encrypted data without the need for decryption. Among various SE schemes, attribute-based SE (ABSE) provides advantages in access control, data authenticity, and retrieval efficiency. However, a substantial limitation of most current ABSE implementations is their inability to support flexible SQL query methods in relational databases, as well as more granular query policies. Moreover, the reliance on traditional algebraic structures, such as bilinear pairing, renders these systems susceptible to quantum computing attacks. To address these challenges, this study presents a novel architecture for privacy-preserving databases that accommodates the SQL query language used in relational databases. This architecture is divided into two parts: clients and cloud outsourcing services. Within this framework, all data are in a ciphertext form outside of client access, and the data table in the cloud-based privacy-preserving database comprises four types of fields: public, encrypted index, encrypted data, and confidential fields. Upon receiving an SQL query from a user, the privacy-preserving SQL engine translates it into a private SQL language. This enables cryptographic retrieval of the encrypted index fields by converting the SQL query policy into several query credentials linked with the policy. These credentials facilitate the retrieval of encrypted data fields from the database, matching their index with the policy. The retrieved encrypted data fields can then be decrypted using the user’s private key at the client’s end for confirming the user’s identity. To provide cryptographic support for this privacy-preserving database architecture, we propose a retrieval-policy ABSE (RP-ABSE) scheme built upon a key-policy attribute-based encryption framework. The security of RP-ABSE is underpinned by a hard problem over an ideal lattice, particularly short integer solutions and learning with error problems. A notable advancement in this scheme is the binding of the secure query policy to the query credentials rather than the encrypted index fields. This binding ensures that encrypted data can be cryptographically retrieved by different query policies, eliminating the need for updating the encrypted data when query policies change. Simultaneously, we introduce a small policy matrix to optimize the generation of secure query policies and mitigate cumulative errors during the index matching process. Ultimately, this study proves that the query credential satisfies unforgeability under chosen policy attacks and that the RP-ABSE scheme achieves semantic security under chosen plaintext attacks involving policy and identity queries. Therefore, the proposed privacy-preserving database architecture offers crucial technique support for the development of data market mechanisms and data governance systems.