Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

Abstract: A volume hiding structured encryption system and method is provided. According to some embodiments, the system leverages the principle that a STE scheme can leak cumulative information about the query volumes of the data stored in multi-map format, while still hiding the volumes of client queries at query time. According to various examples, the system implements encryption schemes that have smaller storage and better query complexity than the current state-of-the-art, for some input distributions. According to one example, the STE schemes are adapted to the input data structure in order to improve efficiency over known approaches. Further examples includes schemes that are configured to partition a multi-map into smaller multi-maps, and use different allocation functions for different efficiency trade-offs: (i) random allocation, (ii) cuckoo-hashing allocation, and (iii) Garbled Bloom Filter allocation. In one example, the GBF construct enables a stash-less encryption scheme that hides query volumes.

Abstract: A security controller controls secure processing of queries in an encrypted relational database. A query controller receives, from a client device, a secure query in a format of an encrypted token generated using a structured query language (SQL) query in a conjunctive query form, and sends an encrypted response to the secure query to the client device. A search engine generates the encrypted response to the secure query by initiating a search on the encrypted relational database, without decrypting the secure query and without decrypting the encrypted multi-maps. The encrypted relational database includes encrypted multi-maps corresponding to a relational database hosted at the client device, and an encrypted dictionary, based on structured encryption, using structured encryption, in lieu of using property-preserving encryption (PPE), and in lieu of using fully homomorphic encryption (FHE).

Abstract: A security controller controls secure processing of queries in an encrypted relational database. A query controller receives, from a client device, a secure query in a format of an encrypted token generated using a structured query language (SQL) query in a conjunctive query form, and sends an encrypted response to the secure query to the client device. A search engine generates the encrypted response to the secure query by initiating a search on the encrypted relational database, without decrypting the secure query and without decrypting the encrypted multi-maps. The encrypted relational database includes encrypted multi-maps corresponding to a relational database hosted at the client device, and an encrypted dictionary, based on structured encryption, using structured encryption, in lieu of using property-preserving encryption (PPE), and in lieu of using fully homomorphic encryption (FHE).

Abstract: Existing private set intersection (PSI) protocol allows two parties to find intersection of their sets, but restricts learning any other information about each other's set except for its size. In general, the server-aided private set intersection with data transfer technique described herein provides a server-aided private set intersection (PSI) protocol that supports data transfers. The technique pertains to a method for providing a server-aided private set intersection protocol which allows two parties to transfer some of the information about their elements via an untrusted third party. The protocol involves (a) parties applying a shared pseudo-random permutation to each of their sets to create labels of the elements of the set, (b) sending the labels to the third party and (c) the third party performing data transfer between the two parties along with computation of intersection of sets received using a multi-share key.

Abstract: Existing private set intersection (PSI) protocol allows two parties to find intersection of their sets, but restricts learning any other information about each other's set except for its size. In general, the server-aided private set intersection with data transfer technique described herein provides a server-aided private set intersection (PSI) protocol that supports data transfers. The technique pertains to a method for providing a server-aided private set intersection protocol which allows two parties to transfer some of the information about their elements via an untrusted third party. The protocol involves (a) parties applying a shared pseudo-random permutation to each of their sets to create labels of the elements of the set, (b) sending the labels to the third party and (c) the third party performing data transfer between the two parties along with computation of intersection of sets received using a multi-share key.