ACE: A Consent-Embedded privacy-preserving search on genomic database

TL;DR

ACE is a privacy-preserving searchable encryption scheme for genomic databases that supports dynamic consent management, allowing instant data deletion upon consent revocation while ensuring security under non-adaptive attacks.

Contribution

The paper introduces ACE, a novel consent-embedded searchable encryption scheme with formal security proofs and efficient implementation for genomic data privacy.

Findings

ACE enables instant deletion of genomic data upon consent revocation.

ACE is secure under non-adaptive attacks with formal privacy definitions.

Implementation results show ACE's practical efficiency in genomic databases.

Abstract

In this paper, we introduce ACE, a consent-embedded searchable encryption scheme. ACE enables dynamic consent management by supporting the physical deletion of associated data at the time of consent revocation. This ensures instant real deletion of data, aligning with privacy regulations and preserving individuals' rights. We evaluate ACE in the context of genomic databases, demonstrating its ability to perform the addition and deletion of genomic records and related information based on ID, which especially complies with the requirements of deleting information of a particular data owner. To formally prove that ACE is secure under non-adaptive attacks, we present two new definitions of forward and backward privacy. We also define a new hard problem, which we call D-ACE, that facilitates the proof of our theorem (we formally prove its hardness by a security reduction from DDH to D-ACE). We finally present implementation results to evaluate the performance of ACE.