Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

Abstract: According to some aspects, provided are systems and methods that implement end-to-end encryption, and provide implementation configured to secure information during execution of queries on an encrypted data source. Various embodiments include multiple encrypted multi-map data structures and associated encryption schemes configured to securely read, write, and delete information while supporting any one or more of the following features: snapshot security, multiple client support, efficient execution under concurrent operation, and resilience to client failures. In various embodiments, addressable multi-map data structures enable concurrent access, and allow correct operation under polynomial time constraints.

Abstract: A volume hiding structured encryption system and method is provided. According to some embodiments, the system leverages the principle that a STE scheme can leak cumulative information about the query volumes of the data stored in multi-map format, while still hiding the volumes of client queries at query time. According to various examples, the system implements encryption schemes that have smaller storage and better query complexity than the current state-of-the-art, for some input distributions. According to one example, the STE schemes are adapted to the input data structure in order to improve efficiency over known approaches. Further examples includes schemes that are configured to partition a multi-map into smaller multi-maps, and use different allocation functions for different efficiency trade-offs: (i) random allocation, (ii) cuckoo-hashing allocation, and (iii) Garbled Bloom Filter allocation. In one example, the GBF construct enables a stash-less encryption scheme that hides query volumes.

Abstract: Methods and system implement solutions for integrating encryption and emulation into native database formats and/or architectures. “Native” database is used to describe a database that has not been designed for end to end encryption, an off the shelf database deployment, and/or a commercially available database. According to some embodiments, various encryption systems and methods employ emulation operations to enable a native database and native database functions to leverage full encryption primitives. Various aspects integrate emulation operations into standard database implementations, where the emulation enables native database functions to operate on entirely encrypted data.

Abstract: Methods and system implement solutions for integrating encryption and emulation into native database formats and/or architectures. “Native” database is used to describe a database that has not been designed for end to end encryption, an off the shelf database deployment, and/or a commercially available database. According to some embodiments, various encryption systems and methods employ emulation operations to enable a native database and native database functions to leverage full encryption primitives. Various aspects integrate emulation operations into standard database implementations, where the emulation enables native database functions to operate on entirely encrypted data.

Abstract: A security controller controls secure processing of queries in an encrypted relational database. A query controller receives, from a client device, a secure query in a format of an encrypted token generated using a structured query language (SQL) query in a conjunctive query form, and sends an encrypted response to the secure query to the client device. A search engine generates the encrypted response to the secure query by initiating a search on the encrypted relational database, without decrypting the secure query and without decrypting the encrypted multi-maps. The encrypted relational database includes encrypted multi-maps corresponding to a relational database hosted at the client device, and an encrypted dictionary, based on structured encryption, using structured encryption, in lieu of using property-preserving encryption (PPE), and in lieu of using fully homomorphic encryption (FHE).

Abstract: A method to perform secure boolean search over encrypted documents is disclosed. Each document is characterized by a set of keywords, all the keywords characterizing all the documents forming an index, the index being translated in an orthonormal basis in which each keyword of the index corresponds to one and only one vector of the orthonormal basis, each document being associated with a resultant vector in the span of the orthonormal basis, the resultant vectors corresponding to all the documents being stored in an encrypted search server. The method includes steps of receiving a search query from a querier; transforming the search query in one query matrix; and determining a general result based on the result of the multiplication between the query matrix and the resultant vectors.

Abstract: A security controller controls secure processing of queries in an encrypted relational database. A query controller receives, from a client device, a secure query in a format of an encrypted token generated using a structured query language (SQL) query in a conjunctive query form, and sends an encrypted response to the secure query to the client device. A search engine generates the encrypted response to the secure query by initiating a search on the encrypted relational database, without decrypting the secure query and without decrypting the encrypted multi-maps. The encrypted relational database includes encrypted multi-maps corresponding to a relational database hosted at the client device, and an encrypted dictionary, based on structured encryption, using structured encryption, in lieu of using property-preserving encryption (PPE), and in lieu of using fully homomorphic encryption (FHE).

Abstract: A method to perform secure boolean search over encrypted documents is disclosed. Each document is characterized by a set of keywords, all the keywords characterizing all the documents forming an index, the index being translated in an orthonormal basis in which each keyword of the index corresponds to one and only one vector of the orthonormal basis, each document being associated with a resultant vector in the span of the orthonormal basis, the resultant vectors corresponding to all the documents being stored in an encrypted search server. The method includes steps of receiving a search query from a querier; transforming the search query in one query matrix; and determining a general result based on the result of the multiplication between the query matrix and the resultant vectors.