Hiding Access-pattern is Not Enough! Veil: A Storage and Communication Efficient Volume-Hiding Algorithm
Shanshan Han, Vishal Chakraborty, Michael Goodrich, Sharad Mehrotra, Shantanu Sharma
TL;DR
Veil introduces a tunable, bucket-based volume-hiding scheme for encrypted key-value stores that randomizes key-to-bucket mappings and pads to equal bucket sizes, preventing adversaries from inferring query volumes. A direct version (Veil) uses random bucketing with a stash to control leakage and overhead, while Veil-O leverages a $d$-regular graph to enable overlapping buckets and reduce storage amplification. The authors provide analytic and experimental evidence showing Veil achieves near-optimal query amplification and low stash sizes, with Veil-O offering further storage savings at modest stash trade-offs. Combined, these methods yield scalable, dynamic-friendly volume-hiding that outperforms state-of-the-art approaches across skewed and large datasets, with practical setup and query performance advantages.
Abstract
This paper addresses volume leakage (i.e., leakage of the number of records in the answer set) when processing keyword queries in encrypted key-value (KV) datasets. Volume leakage, coupled with prior knowledge about data distribution and/or previously executed queries, can reveal both ciphertexts and current user queries. We develop a solution to prevent volume leakage, entitled Veil, that partitions the dataset by randomly mapping keys to a set of equi-sized buckets. Veil provides a tunable mechanism for data owners to explore a trade-off between storage and communication overheads. To make buckets indistinguishable to the adversary, Veil uses a novel padding strategy that allow buckets to overlap, reducing the need to add fake records. Both theoretical and experimental results show Veil to significantly outperform existing state-of-the-art.