HOPE: Homomorphic Order-Preserving Encryption for Outsourced Databases -- A Stateless Approach

TL;DR

HOPE is a new homomorphic order-preserving encryption scheme that enables secure, efficient, and scalable range queries on encrypted outsourced data without client storage or interaction.

Contribution

HOPE introduces a stateless OPE scheme leveraging homomorphic encryption, eliminating client storage and interaction, with formal security proofs and practical efficiency.

Findings

HOPE achieves comparable query performance to existing schemes.

HOPE is secure under the IND-OCPA model against various attacks.

HOPE is scalable and practical for real-world outsourced databases.

Abstract

Order-preserving encryption (OPE) is a fundamental cryptographic tool for enabling efficient range queries on encrypted data in outsourced databases. Despite its importance, existing OPE schemes face critical limitations that hinder their practicality. Stateful designs require clients to maintain plaintext-to-ciphertext mappings, imposing significant storage and management overhead. Stateless designs often rely on interactive protocols between the client and server, leading to high communication latency and limited scalability. These limitations make existing schemes unsuitable for real-world applications that demand simplicity, efficiency, and scalability. In this work, we present Homomorphic OPE (HOPE), a new OPE scheme that eliminates client-side storage and avoids additional client-server interaction during query execution. HOPE leverages the additive property of homomorphic encryption to introduce a novel comparison key mechanism, which transforms ciphertext comparison into a randomized difference computation. This mechanism ensures that only the sign of the comparison is preserved while fully masking the underlying plaintext values, enabling secure and efficient range queries without leaking additional information about the data. We provide a formal cryptographic analysis of HOPE, proving its security under the widely accepted IND-OCPA model. Our proofs rigorously demonstrate that the comparison key mechanism reveals no information beyond the order of the plaintexts and ensures resistance to both chosen-plaintext attacks and frequency analysis. To validate the practicality of HOPE, we conduct extensive experiments comparing it with state-of-the-art OPE schemes. The results demonstrate that HOPE achieves competitive query performance while addressing the key limitations of existing designs, making it a scalable and secure solution for outsourced database systems.