Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE)

Jiaming YUAN; Yingjiu LI; Jun LI; Daoyuan WU; Jianting NING; Yangguang TIAN; Robert H. DENG

doi:10.1145/3734436.3734445

Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE)

Jiaming YUAN, Yingjiu LI, Jun LI, Daoyuan WU, Jianting NING^*, Yangguang TIAN, Robert H. DENG

^*Corresponding author for this work

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

Abstract

Easily Deployable and Efficiently Searchable Encryption (EDESE) is a cryptographic primitive designed for practical searchable applications, offering efficient search and easy deployment. However, it remains vulnerable to Leakage-Abuse attacks, allowing adversaries to exploit keyword-matching processes to extract sensitive information. To address these vulnerabilities, we introduce Leakage-Resilient EDESE (LR-EDESE) with k-indistinguishability and controlled leakage functions. We then propose Volume Leakage-Resilient EDESE (VLR-EDESE), a new scheme to protect against both query and document volume leakage. Our experimental results demonstrate that at k = 5000 (maximum security setting), VLR-EDESE incurs an overhead of 63× compared to the baseline EDESE without leakage protection, outperforming state-of-the-art methods with 320× and 97× overhead, respectively. For smaller k values (10, 20, 50, 100), storage and communication overhead remain within 2× and 2.5× of the baseline EDESE, highlighting VLR-EDESE's flexibility. Finally, we present CloudSec, an implementation of VLR-EDESE that seamlessly integrates with cloud storage platforms, using OneDrive as an example.

Original language	English
Title of host publication	SACMAT '25: Proceedings of the 30th ACM Symposium on Access Control Models and Technologies
Editors	Scott D. STOLLER, Omar CHOWDHURY, Adam J. LEE, Amir MASOUMZADEH
Publisher	Association for Computing Machinery
Pages	133-144
Number of pages	12
ISBN (Print)	9798400715037
DOIs	https://doi.org/10.1145/3734436.3734445
Publication status	Published - 7 Jul 2025
Externally published	Yes
Event	30th ACM Symposium on Access Control Models and Technologies - Stony Brook, United States Duration: 8 Jul 2025 → 10 Jul 2025

Symposium

Symposium	30th ACM Symposium on Access Control Models and Technologies
Abbreviated title	SACMAT '25
Country/Territory	United States
City	Stony Brook
Period	8/07/25 → 10/07/25

Bibliographical note

Acknowledgments:
We thank anonymous reviewers for helpful comments.

Funding

Jianting Ning was supported in part by the National Natural Science Foundation of China (Grant No. 12441101, 62372108, 62425205). Yingjiu Li was supported in part by the Ripple University Blockchain Research Initiative.

Keywords

Symmetric Searchable Encryption
Leakage-Abuse Attack Defense
Leakage-Resilient
EDESE

Access to Document

10.1145/3734436.3734445Licence: CC BY

Cite this

YUAN, J., LI, Y., LI, J., WU, D., NING, J., TIAN, Y., & DENG, R. H. (2025). Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE). In S. D. STOLLER, O. CHOWDHURY, A. J. LEE, & A. MASOUMZADEH (Eds.), SACMAT '25: Proceedings of the 30th ACM Symposium on Access Control Models and Technologies (pp. 133-144). Association for Computing Machinery. https://doi.org/10.1145/3734436.3734445

@inproceedings{5ef6839e3da54d90875afdbb76783219,

title = "Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE)",

abstract = "Easily Deployable and Efficiently Searchable Encryption (EDESE) is a cryptographic primitive designed for practical searchable applications, offering efficient search and easy deployment. However, it remains vulnerable to Leakage-Abuse attacks, allowing adversaries to exploit keyword-matching processes to extract sensitive information. To address these vulnerabilities, we introduce Leakage-Resilient EDESE (LR-EDESE) with k-indistinguishability and controlled leakage functions. We then propose Volume Leakage-Resilient EDESE (VLR-EDESE), a new scheme to protect against both query and document volume leakage. Our experimental results demonstrate that at k = 5000 (maximum security setting), VLR-EDESE incurs an overhead of 63× compared to the baseline EDESE without leakage protection, outperforming state-of-the-art methods with 320× and 97× overhead, respectively. For smaller k values (10, 20, 50, 100), storage and communication overhead remain within 2× and 2.5× of the baseline EDESE, highlighting VLR-EDESE's flexibility. Finally, we present CloudSec, an implementation of VLR-EDESE that seamlessly integrates with cloud storage platforms, using OneDrive as an example.",

keywords = "Symmetric Searchable Encryption, Leakage-Abuse Attack Defense, Leakage-Resilient, EDESE",

author = "Jiaming YUAN and Yingjiu LI and Jun LI and Daoyuan WU and Jianting NING and Yangguang TIAN and DENG, \{Robert H.\}",

note = "Acknowledgments: We thank anonymous reviewers for helpful comments.; 30th ACM Symposium on Access Control Models and Technologies, SACMAT '25 ; Conference date: 08-07-2025 Through 10-07-2025",

year = "2025",

month = jul,

day = "7",

doi = "10.1145/3734436.3734445",

language = "English",

isbn = "9798400715037",

pages = "133--144",

editor = "STOLLER, \{Scott D.\} and Omar CHOWDHURY and LEE, \{Adam J.\} and Amir MASOUMZADEH",

booktitle = "SACMAT '25: Proceedings of the 30th ACM Symposium on Access Control Models and Technologies",

publisher = "Association for Computing Machinery",

address = "United States",

}

YUAN, J, LI, Y, LI, J, WU, D, NING, J, TIAN, Y & DENG, RH 2025, Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE). in SD STOLLER, O CHOWDHURY, AJ LEE & A MASOUMZADEH (eds), SACMAT '25: Proceedings of the 30th ACM Symposium on Access Control Models and Technologies. Association for Computing Machinery, pp. 133-144, 30th ACM Symposium on Access Control Models and Technologies, Stony Brook, New York, United States, 8/07/25. https://doi.org/10.1145/3734436.3734445

Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE). / YUAN, Jiaming; LI, Yingjiu; LI, Jun et al.
SACMAT '25: Proceedings of the 30th ACM Symposium on Access Control Models and Technologies. ed. / Scott D. STOLLER; Omar CHOWDHURY; Adam J. LEE; Amir MASOUMZADEH. Association for Computing Machinery, 2025. p. 133-144.

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

TY - GEN

T1 - Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE)

AU - YUAN, Jiaming

AU - LI, Yingjiu

AU - LI, Jun

AU - WU, Daoyuan

AU - NING, Jianting

AU - TIAN, Yangguang

AU - DENG, Robert H.

N1 - Acknowledgments: We thank anonymous reviewers for helpful comments.

PY - 2025/7/7

Y1 - 2025/7/7

N2 - Easily Deployable and Efficiently Searchable Encryption (EDESE) is a cryptographic primitive designed for practical searchable applications, offering efficient search and easy deployment. However, it remains vulnerable to Leakage-Abuse attacks, allowing adversaries to exploit keyword-matching processes to extract sensitive information. To address these vulnerabilities, we introduce Leakage-Resilient EDESE (LR-EDESE) with k-indistinguishability and controlled leakage functions. We then propose Volume Leakage-Resilient EDESE (VLR-EDESE), a new scheme to protect against both query and document volume leakage. Our experimental results demonstrate that at k = 5000 (maximum security setting), VLR-EDESE incurs an overhead of 63× compared to the baseline EDESE without leakage protection, outperforming state-of-the-art methods with 320× and 97× overhead, respectively. For smaller k values (10, 20, 50, 100), storage and communication overhead remain within 2× and 2.5× of the baseline EDESE, highlighting VLR-EDESE's flexibility. Finally, we present CloudSec, an implementation of VLR-EDESE that seamlessly integrates with cloud storage platforms, using OneDrive as an example.

AB - Easily Deployable and Efficiently Searchable Encryption (EDESE) is a cryptographic primitive designed for practical searchable applications, offering efficient search and easy deployment. However, it remains vulnerable to Leakage-Abuse attacks, allowing adversaries to exploit keyword-matching processes to extract sensitive information. To address these vulnerabilities, we introduce Leakage-Resilient EDESE (LR-EDESE) with k-indistinguishability and controlled leakage functions. We then propose Volume Leakage-Resilient EDESE (VLR-EDESE), a new scheme to protect against both query and document volume leakage. Our experimental results demonstrate that at k = 5000 (maximum security setting), VLR-EDESE incurs an overhead of 63× compared to the baseline EDESE without leakage protection, outperforming state-of-the-art methods with 320× and 97× overhead, respectively. For smaller k values (10, 20, 50, 100), storage and communication overhead remain within 2× and 2.5× of the baseline EDESE, highlighting VLR-EDESE's flexibility. Finally, we present CloudSec, an implementation of VLR-EDESE that seamlessly integrates with cloud storage platforms, using OneDrive as an example.

KW - Symmetric Searchable Encryption

KW - Leakage-Abuse Attack Defense

KW - Leakage-Resilient

KW - EDESE

U2 - 10.1145/3734436.3734445

DO - 10.1145/3734436.3734445

M3 - Conference paper (refereed)

SN - 9798400715037

SP - 133

EP - 144

BT - SACMAT '25: Proceedings of the 30th ACM Symposium on Access Control Models and Technologies

A2 - STOLLER, Scott D.

A2 - CHOWDHURY, Omar

A2 - LEE, Adam J.

A2 - MASOUMZADEH, Amir

PB - Association for Computing Machinery

T2 - 30th ACM Symposium on Access Control Models and Technologies

Y2 - 8 July 2025 through 10 July 2025

ER -

Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE)

Abstract

Symposium

Bibliographical note

Funding

Keywords

Access to Document

Fingerprint

Cite this