Fast and private multi-dimensional range search over encrypted data

For businesses looking to outsource their data to remote servers, cloud-based data storage is a popular choice. It is popular due to its flexibility, cost-effectiveness, and widespread availability. However, ensuring the confidentiality of data is a critical challenge that must be addressed. As a response to this issue, searchable encryption techniques have been developed. These techniques enable search queries to be performed on encrypted data while still keeping the plaintext confidential. While most existing symmetric searchable encryption schemes are designed for one-dimensional data records or document-keyword inverted indices, this paper introduces MDRSSE, a novel symmetric searchable encryption scheme specifically tailored for multi-dimensional range search. MDRSSE stands out as one of the pioneering SSE schemes to support multi-dimensional range search efficiently, without incurring undetermined additional communication or computation costs. By employing a single round of communication between the client and server, MDRSSE enables an honest-but-curious server to respond to multi-dimensional range queries without gaining knowledge of the data records or revealing the search query. Notably, MDRSSE boasts the lowest overall search complexity compared to existing state-of -the-art symmetric searchable encryption schemes designed for multi-dimensional range search. Extensive experimental tests were conducted to validate the robustness and practicality of our proposed scheme. The results demonstrate that, for a dataset consisting of 100K records with 12 dimensions (with each leaf node holding 500 records), it takes only 2.2 seconds to generate the encrypted dataset, and the overall setup phase completes within 2.5 seconds. Furthermore, for a range query encompassing 50 nodes, the search time is less than 2 ms and 3 ms for the client and server, respectively. MDRSSE achieves semantic security under the IND-CPA assumption, all without requiring additional storage size at the server.