by Seny Kamara and Tarik Moataz Over the last two years, we have been working on an open source encrypted search library called Clusion. We are using it in several ESL projects, including the Signal Search project we recently released. We are also excited that other groups are experimenting with it. In this post, we wanted to give an overview of Clusion and answer some of the most frequently asked questions we have received about it.

This is a guest post by Xianrui Meng from Boston University about a paper he presented at CCS 2015, written in collaboration with Kobbi Nissim, George Kollios and myself. Note that Xianrui is on the job market. Encrypted search has attracted a lot of attention from practitioners and researchers in academia and industry. In previous posts, Seny already described different ways one can search on encrypted data. Here, I would like to discuss search on encrypted graph databases which are gaining a lot of popularity.

Muhammad Naveed, Charles Wright and I recently posted a paper that describes inference attacks on encrypted database (EDB) systems like CryptDB, Cipherbase, Google's Encrypted BigQuery demo and Microsoft SQL Server 2016 Always Encrypted. These systems are based on property-preserving encryption (PPE) schemes which are a class of encryptions schemes that leak certain properties of their plaintexts. Examples include deterministic encryption (DTE) and order-preserving encryption (OPE). The paper is here and will be presented in October at the ACM Conference on Computer and Communication Security.

I just got back from the Workshop on Encryption for Secure Search and other Algorithms (ESSA) which was held in Bertinoro, Italy, and was organized by Sasha Boldyreva and Bogdan Warinschi. It was a great event and I'd like to thank the organizers for putting this together and doing such a great job. It was really nice to see all the excitement and enthusiasm behind this topic; both from the research community and from industry.

This is the second in a series of guest posts highlighting new research in applied cryptography. This post is written by Foteini Baldimtsi who is a postdoc at Boston University and Olya Ohrimenko who is a postdoc at Microsoft Research. Note that Olya is on the job market this year. Modern cloud services let their users outsource data as well as request computations on it. Due to potentially sensitive content of users' data and distrust in cloud services, it is natural for users to outsource their data encrypted.

This is the fifth part of a series on searching on encrypted data. 1, 2, 3, 4. In the previous post we covered the most secure way to search on encrypted data: oblivious RAMs (ORAM). I always recommend ORAM-based solutions for encrypted search whenever possible; namely, for small- to moderate-size data 1. Of course, the main limitation of ORAM is efficiency so this motivates us to keep looking for additional approaches.

I just got back from Barbados where I attended the Financial Cryptography and Data Security conference. It was a great event overall with many interesting talks and two great workshops. One workshop was on Bitcoin and was the most successful Financial Crypto workshop in history! Though I haven't personally worked on Bitcoin, one of the things I enjoyed most about the conference and workshops was the presence of the Bitcoin community.

This is the fourth part of a series on searching on encrypted data. See parts 1, 2, 3, 5. In the previous posts we covered two different ways to search on encrypted data. The first was based on property-preserving encryption (in particular, on deterministic encryption), achieved sub-linear search time but had weak security properties. The second was based on functional encryption, achieved linear search time but provided stronger security guarantees.

This is the third part of a series on searching on encrypted data. See parts 1, 2, 4, 5. Previously, we covered the simplest solution for encrypted search which consisted of using a deterministic encryption scheme (more generally, using a property-preserving encryption scheme) to encrypt keywords. This resulted in an encrypted search solution with sub-linear (in $$n$$) search time but that leaked quite a bit of information to the server.

This is the second part of a series on searching on encrypted data. See parts 1, 3, 4, 5. In this post we'll cover the simplest way to search on encrypted data. This is usually the solution people come up with when they first think of the problem of encrypted search and, as we'll see this, this approach has some nice properties but also some limitations. To make this work we' ll need a special type of encryption scheme called a property-preserving encryption (PPE) scheme.

This is the first part of a series on searching on encrypted data. See parts 2, 3, 4, 5. I recently finished giving a series of talks on one of my favorite topics: searching on encrypted data. My slides are available here, but given the current interest in this topic I thought it might be useful to turn the talk into a series of posts. Over the years, the problem of encrypted search has become an important problem in security and cryptography.

Chris Soghoian points to an interesting article in the Wall Street Journal. It describes mounting pressure on the NSA to re-design its phone-data program---the program under which it compels telecommunications companies (telcos) like Verizon to turn over their phone record data. In the article, Timothy Edgar, a former privacy lawyer who served in the Bush and Obama administrations is quoted as saying: Privacy technology under development would allow for anonymous searches of databases, keeping data out of government hands but also preventing phone companies from learning the purpose of NSA searches.