Omnes pro uno: Practical Multi-Writer Encrypted Database

Multi-writer encrypted databases allow a reader to search over data contributed by multiple writers securely. Public-key searchable encryption (PKSE) appears to be the right primitive. However, its search latency is not welcomed in practice for requiring public-key operations linear in the database size. In contrast, symmetric searchable encryption (SSE) realizes sublinear search, but it is inherently not multi-writer. This paper aims for the best of both SSE and PKSE, i.e., sublinear search and multiple writers, by formalizing hybrid searchable encryption (HSE), with some seemingly conflicting yet desirable features, requiring new insights to achieve. HSE, built on top of dynamic SSE (DSSE), should satisfy the de facto standard of forward privacy. Its multi-writer support makes the known approach (of secret state maintenance) fail. HSE should also feature confined search, ideally with search tokens of size independent of the writer subset size for each search. For these, we devise a partial rebuild technique and two building blocks (of independent interests) - identity-coupling key-aggregate encryption and epoch-based forward-private DSSE. Our evaluation over real-world datasets shows that HSE surpasses prior arts by orders of magnitude.