Real-time Private Membership Test using Homomorphic Encryption

Eduardo Chielle1, Homer Gamil2 and Michail Maniatakos2
Center for Cyber Security New York University Abu Dhabi
aeduardo.chielle@nyu.edu
bhomer.g@nyu.edu
cmichail.maniatakos@nyu.edu

ABSTRACT


With the ever increasing volume of private data residing on the cloud, privacy is becoming a major concern. Often times, sensitive information is leaked during a querying process between a client and an online server hosting a database; The query may leak information about the element the client is looking up, while sensitive details about the contents of its database can leak on the server side. The ability to check if an element is included in a database while maintaining both the client’s and the server’s privacy is known as the Private Membership Test. In this context, we propose a method to privately query a database with computational complexity O(1) using Bloom filters and Homomorphic Encryption. The proposed methodology also enables post-encryption insertions and deletions without requiring a new setup. Experimental results show that our proposed solution has practical setup, insertion and deletion times for databases of up to a few million entries, with constant query time less than 0:3s, considering a false positive rate lower than 10-3. We instantiate our methodology for a URL denylisting service, and demonstrate that it can provide solid security guarantees without affecting the user experience.



Full Text (PDF)