A Note for Order-preserving Encryption Based on Negative
Hypergeometric Distribution
Dongping Hu
1,a
, Yuanping Zhu
2,b
Aihua Yin
1,c
1
School of Software and Communication Engineering, Jiangxi University of Finance and
Economics, Nanchang, Jiangxi, China
2
School of Information Engineering
,
Nanchang Institute of Technology
,
Nanchang
,
Jiangxi, China
a
hdp337@126.com,
b
zyuanping78@163.com,
c
aihuayin@jxufe.edu.cn
Keywords: Cryptography,
Order-preserving Encryption, Negative Hypergeometric Distribution
Abstract. Order-preserving encryption (OPE) scheme is a deterministic symmetric encryption
scheme whose encryption algorithm produces ciphertexts that preserves numerical ordering of the
plaintexts. The cryptographic study of OPE was initiated by Boldyreva, Chenette, Lee, and O’Neill
[1]. They proposed an OPE scheme based on a sampling algorithm for the negative hypergeometric
distribution (NHGD). In this paper, we present the security analysis of NHGD-based OPE and the
proof procedure of efficiency.
Introduction
OPE was first proposed in the database community by Agrawal et al. that allows comparison
operations to be directly applied on encrypted data [2]. When OPE is used in database systems,
equality and range queries as well as the MAX, MIN, and COUNT queries can be directly processed
over encrypted data. In addition to the database systems, OPE has also been used for concealed data
aggregation in sensor networks [3] and signal processing on encrypted multimedia content [4].
The first provably-secure OPE scheme was constructed by Boldyreva, Chenette, Lee, and O’Neill.
They proved that a straightforward relaxation of standard security notions for encryption,
indistinguishability under ordered chosen-plaintext attack (IND-OCPA), was unachievable by
practical OPE scheme. They instead introduced a security notion pseudorandom order-preserving
function advantage under chosen-ciphertext attack (POPF-CCA), which is weaker than IND-OCPA.
The security notion is defined to require that an OPE scheme look“as-random-as-possible” subject to
the order-preserving constraint. To meet the proposed security notion, they then proposed an OPE
scheme based on sampling algorithm for the negative hypergeometric distribution behaves similarly
to an algorithm that samples a random order-preserving function from a specified domain and range
on-the-fly.
Preliminaries
The negative hypergeometric distribution is a discrete probability distribution that describes the
number of total balls in a sequence of draws from a finite population without replacement. Consider
the following balls-and-bins model. Suppose there are
balls in a bin, out of which
are black
and
are white. At each step, we draw a ball at random without replacement. Consider the
random variable
describing the total number of balls in our sample after we collect
the black
ball. This random variable follows the so-called negative hypergeometric distribution (NHGD),
denoted by
. Its probability function can be expressed as
( )
{ }
; , ,
1
1
, , 1,..., , , , 1, 2,...
NHGD x r N M
x N x
r M r
N
M
− −
− −
= = + − + ∈ ∈
(1)
Advanced Materials Research Vols. 926-930 (2014) pp 2478-2481
© (2014) Trans Tech Publications, Switzerland
doi:10.4028/www.scientific.net/AMR.926-930.2478
All rights reserved. No part of contents of this paper may be reproduced or transmitted in any form or by any means without the written permission of TTP,
www.ttp.net. (ID: 211.69.192.107-09/05/14,11:53:16)