Implementation of SSE schemes. For now, the repo includes a C++ implementation of the following schemes:
| Name | Comments | Authors | Reference |
|---|---|---|---|
| Σoφoς (Sophos) | First forward-private SSE scheme. Optimal asymptotic performance, but slow in practice because of its use of RSA. | Bost | [1] |
| Diana | Very fast (practical) forward-private scheme, using only symetric cryptography. | Bost, Minaud and Ohrimenko | [2] |
| Janus | First 'practical' backward-private scheme, based on puncturable encryption. In practice, very slow when the number of deletions grows. | Bost, Minaud and Ohrimenko | [2] |
| Tethys | Static scheme designed for flash storage. Best in class throughput (as of 2021) and small ciphertext expansion, but with building time that can become prohibitively high. | Bossuat, Bost, Fouque, Minaud, Reichle | [3] |
| Pluto | Practical improvement over Tethys for the setup time, but at the cost of an increased ciphertext expansion. | Bossuat, Bost, Fouque, Minaud, Reichle | [3] |
| Article | Authors |
|---|---|
| [1] Σoφoς – Forward Secure Searchable Encryption | Bost |
| [2] Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives | Bost, Minaud and Ohrimenko |
| [3] SSE and SSD: Page-Efficient Searchable Symmetric Encryption | Bossuat, Bost, Fouque, Minaud, Reichle |
OpenSSE's schemes implementation dependencies need a compiler supporting C++14 (although the core codebase doesn't). It has been successfully built and tested on Ubuntu 16.04 LTS using both clang 10 and gcc 5.4.0 and on Mac OS X.10 using clang 12.
This repository uses a cryptographic toolkit specially designed for searchable encryption applications: crypto-tk.
This toolkit is integrated as a git submodule, and will be automatically compiled when building the schemes.
However, it has its own set of dependencies, and you should make sure they are available on your computer.
Take a look at the build instructions for detailed information.
[sudo] apt-get install build-essential autoconf libtool yasm openssl cmake libaio-devThe libaio-dev dependency is optional. However, if you are willing to use the Tethys and/or the Pluto schemes, we strongly advise you to install it, for performance's sake.
OpenSSE uses Google's gRPC as its RPC machinery. On Linux, there is, for now, no other way than installing gRPC from source. The procedure is described here. Note that OpenSSE has been tested with gRPC v1.34.
OpenSSE uses Facebook's RocksDB as its storage engine. See the installation guide.
Note that the build system currently used by this project does not support static builds of RocksDB. If you see linker errors involving compression libraries (libzstd, libz4, libsnappy, ...), it probably comes from OpenSSE linking against RocksDB's static library.
[sudo] xcode-select --installIf you still haven't, you should get Homebrew. You can then directly install all the dependencies using Homebrew:
brew install automake autoconf yasm openssl cmake grpc rocksdbThe code is available via git:
git clone https://github.com/OpenSSE/opensse-schemes.gitYou will also need to fetch the submodules (this might take a while):
git submodule update --init --recursiveBuilding is done using CMake. The minimum required version is CMake 3.1.
Then, to build the code itself, just enter in your terminal
mkdir build && cd build
cmake ..
makeAs the library builds using CMake, the configuration is highly configurable.
Like other CMake-based projects, options are set by passing -DOPTION_NAME=value to the cmake command.
For example, for a debug build, use -DCMAKE_BUILD_TYPE=Debug.
Also, you can change the compiler used for the project by setting the CC and CXX environment variables.
For example, if you wish to use Clang, you can set the project up with the following command
CC=clang CXX=clang++ cmake ...
ENABLE_COVERAGE=On|Off: Respectively enables and disables the code coverage functionalities. Disabled by default.SANITIZE_ADDRESS=On|Off: Compiles the library with AddressSanitizer (ASan) when set toOn. Great to check for stack/heap buffer overflows, memory leaks, ... Disabled by default.SANITIZE_UNDEFINED=On|Off: When set toOn, compiles the library with UndefinedBehaviorSanitizer (UBSan). UBSan detects undefined behavior at runtime in your code. Disabled by default.opensse_ENABLE_WALL=On|Off: Toggles the-Wallcompiler option. On by defaultopensse_ENABLE_WEXTRA=On|Off: Toggles the-Wextracompiler option. On by defaultopensse_ENABLE_WERROR=On|Off: Toggles the-Werrorcompiler option to turn all warnings into errors. On by defaultCMAKE_BUILD_TYPE: Sets the build type. See CMake's documentation for more details. TheDebugbuild type is used by default. UseReleasefor an optimized build.
To see all the available options, and interactively edit them, you can also use the ccmake tool.
For more information about how to use CMake, take a look at CMake's FAQ, or at the documentation.
In this project, CMake can also be used to configure the cryptographic toolkit. See crypto-tk's documentation for details and configuration points.
This repository provides implementations of SSE as a proof of concept, and cannot really be used for real sensitive applications. In particular, the cryptographic toolkit most probably has many implementation flaws.
The building script builds basic test programs for Sophos, Diana and Janus (respectively sophos_debug, diana_debug, and janus_debug), that are of no use per se, and two pairs of client/server programs for Sophos and Diana (sophos_server and sophos_client for Sophos, and diana_server and diana_client for Diana). These are the ones you are looking for.
The clients usage is as follows
sophos_client [-b client.db] [-l inverted_index.json] [-p] [-r count] [-q] [keyword1 [... keywordn]]
-b client.db: use file as the client database (test.csdb by default)-l file.json: load the reversed index file.json and add it to the database. file.json is a JSON file with the following structure :
{
"keyword1" : [1,2,3,4],
"keyword2": [11,22,33,44,55]
}In the repo, inverted_index.json is an example of such file.
-p: print stats about the loaded database (number of keywords)-r count: generate a database with count entries. Look at the aux/db_generator.* files to see how such databases are generatedkeyword1 … keywordn: search queries with keyword1 … keywordn.
The servers usage is as follows
sophos_server [-b server.db] [-s]
-b server.db: use file as the server database (test.ssdb by default)-s: use synchronous searches (when searching, the server retrieves all the results before sending them to the client. By default, results are sent once retrieved). In the papers, this option was used for the benchmarks without RPC.
Unless otherwise stated, the code has been written by Raphael Bost.
OpenSSE Schemes is licensed under the GNU Affero General Public License v3.
