Verifiable, Efficient and Confidentiality-Preserving Graph Search with Transparency
Qiuhao Wang, Xu Yang, Yiwei Liu, Saiyu Qi, Hongguang Zhao, Ke Li, Yong Qi
TL;DR
This work tackles privacy-preserving graph search in outsourced graph databases by addressing transparency, dynamic updates, and verifiability. It introduces SecGraph, an SGX-based framework that offloads secret-key management to a trusted enclave, uses LDCF-encoded XSet and Twin-TSet to enable efficient, dynamic conjunctive searches with reduced leakage. Building on SecGraph, VSecGraph adds procedure-oriented verification to support verifiable conjunctive search without burdening the client, and VSecGraph-A leverages RSA accumulators to reduce enclave storage while preserving verifiability. Extensive experiments on real-world datasets demonstrate substantial gains in search and update performance and significant reductions in communication costs compared to state-of-the-art schemes such as PeGraph and Guo et al., with strong confidentiality and backward/forward privacy guarantees.
Abstract
Graph databases have garnered extensive attention and research due to their ability to manage relationships between entities efficiently. Today, many graph search services have been outsourced to a third-party server to facilitate storage and computational support. Nevertheless, the outsourcing paradigm may invade the privacy of graphs. PeGraph is the latest scheme achieving encrypted search over social graphs to address the privacy leakage, which maintains two data structures XSet and TSet motivated by the OXT technology to support encrypted conjunctive search. However, PeGraph still exhibits limitations inherent to the underlying OXT. It does not provide transparent search capabilities, suffers from expensive computation and result pattern leakages, and it fails to support search over dynamic encrypted graph database and results verification. In this paper, we propose SecGraph to address the first two limitations, which adopts a novel system architecture that leverages an SGX-enabled cloud server to provide users with secure and transparent search services since the secret key protection and computational overhead have been offloaded to the cloud server. Besides, we design an LDCF-encoded XSet based on the Logarithmic Dynamic Cuckoo Filter to facilitate efficient plaintext computation in trusted memory, effectively mitigating the risks of result pattern leakage and performance degradation due to exceeding the limited trusted memory capacity. Finally, we design a new dynamic version of TSet named Twin-TSet to enable conjunctive search over dynamic encrypted graph database. In order to support verifiable search, we further propose VSecGraph, which utilizes a procedure-oriented verification method to verify all data structures loaded into the trusted memory, thus bypassing the computational overhead associated with the client's local verification.