POPE: Partial Order Preserving Encoding
This addresses the need for secure and performant encrypted databases in big data applications, offering an incremental improvement over existing order-preserving encryption methods.
The paper tackles the problem of enabling efficient range queries over encrypted data for insert-heavy workloads, proposing a partial order preserving encoding (POPE) scheme that achieves ideal security with frequency hiding and provides extremely fast batch insertion in a single round and efficient search with O(1) amortized cost.
Recently there has been much interest in performing search queries over encrypted data to enable functionality while protecting sensitive data. One particularly efficient mechanism for executing such queries is order-preserving encryption/encoding (OPE) which results in ciphertexts that preserve the relative order of the underlying plaintexts thus allowing range and comparison queries to be performed directly on ciphertexts. In this paper, we propose an alternative approach to range queries over encrypted data that is optimized to support insert-heavy workloads as are common in "big data" applications while still maintaining search functionality and achieving stronger security. Specifically, we propose a new primitive called partial order preserving encoding (POPE) that achieves ideal OPE security with frequency hiding and also leaves a sizable fraction of the data pairwise incomparable. Using only O(1) persistent and $O(n^ε)$ non-persistent client storage for $0<ε<1$, our POPE scheme provides extremely fast batch insertion consisting of a single round, and efficient search with O(1) amortized cost for up to $O(n^{1-ε})$ search queries. This improved security and performance makes our scheme better suited for today's insert-heavy databases.