Gyokuro: Source-assisted Private Membership Testing using Trusted Execution Environments

TL;DR

Gyokuro introduces a privacy-preserving, efficient private membership testing method leveraging Trusted Execution Environments, enabling scalable verification in large databases with minimal latency and high throughput.

Contribution

This work presents Gyokuro, a novel approach using TEEs for source-assisted private membership testing that improves efficiency and scalability over traditional methods.

Findings

Achieves 7 ms latency per query.

Supports around 1400 requests/sec per core.

Ensures strong privacy guarantees.

Abstract

Private Membership Testing (PMT) protocols enable clients to verify whether a certain data item is included in a database without revealing the item to the database operator or other external parties. This paper examines Source-assisted PMT (SPMT), in which clients leverage compact data source-provided information issued when the data item is first submitted to the database. SPMT is relevant in applications such as certificate transparency and supply-chain auditing; yet, designing an approach that is efficient, scalable, and privacy-preserving remains a challenge. This work presents Gyokuro, which takes a different approach to conventional membership testing schemes. Instead of requesting the server to produce a proof attesting that a certain data item exists in the database, we leverage Trusted Execution Environments (TEEs) to produce proofs demonstrating that the server has made enough progress to add the data item to the database. With the help of existing monitoring services, clients can infer that no items have been removed from the database. This allows Gyokuro to provide strong privacy guaranties and achieve high efficiency, as a client's membership testing query does not include any information regarding their interests, and eliminates the need for complex and inefficient protection mechanisms. Additionally, this approach enables membership testing on large-scale databases, since the communication and computation required are independent of the database size. Our evaluations show practical feasibility, achieving 7 ms membership testing latency and throughput of around 1400 requests/sec/core.