Themis: Robust and Light-Client Dynamic Searchable Symmetric Encryption

Dynamic searchable symmetric encryption (DSSE), as one of the promising cryptographic tools in cloud-based services, faces two crying needs at the age of multi-device. One is a lightweight client, and the other is robustness. A lightweight client facilitates seamless synchronization among multiple devices allowing users to feel as if they are operating on a single device, even on resource-constrained devices. Robustness ensures a reliable system that can tolerate misoperations. DSSE requires both of them to achieve a leap in practicability. However, to our best knowledge, lightweight client and robustness have not been effectively combined thus far. Most existing DSSE schemes maintain a substantial amount of state information on the client for sub-linear search efficiency, but they fail to guarantee security even correctness, after executing the client’s misoperations (e.g., duplicate addition or deletion operation and deleting non-existent targets). The seminal work on robustness, ROSE (TIFS’22), leverages a heavy primitive to preserve security and correctness during post-processing and requires a heavy client storage burden. To guarantee robustness and constant client storage simultaneously, we devise a novel method to preserve robustness timely in the process of misoperations. Specifically, we introduce an alarm mechanism to promptly eliminate the effects of misoperations. Based on the misoperation alarm mechanism and the vORAM+HIRB oblivious map (S&P’16), we propose a new DSSE scheme Themis . In addition to satisfying robustness and constant client storage, it has competitive search and update performance compared to prior representative DSSE schemes. Moreover, it is superior to existing robust schemes in search.