Security analysis of secure kNN and ranked keyword search over encrypted data

摘要

Wong et al. proposed a novel symmetric encryption scheme in which we can find thek-nearest neighbors from encrypted data and an encrypted query. Their scheme uses a pair of encryption functions that has an inner-product preserving property. Because of this property, the pair of encryption functions has been used in several encryption schemes involving ranked multi-keyword search as applications. On the other hand, Yao et al. pointed out that the pair of encryption functions is insecure when the attacker can get plaintext-ciphertext pairs. To prevent this attack, some countermeasures are given in the applications, e.g., randomizing plaintexts before encrypted. In this paper, we reanalyze the security of the inner-product preserving encryption functions. We first discuss the countermeasures against Yao et al.'s attack used in the applications. In particular, we show that one of them is ineffective. Next, we show that the first encryption function is breakable by the known plaintext attack by showing a concrete key-recovery procedure. Unlike Yao et al.'s attack, our attack does not use the second encryption function.