Paper 2024/1983

UTRA: Universe Token Reusability Attack and Verifiable Delegatable Order-Revealing Encryption

Jaehwan Park, University of Tennessee, Knoxville
Hyeonbum Lee, Hanyang University
Junbeom Hur, Korea University
Jae Hong Seo, Hanyang University
Doowon Kim, University of Tennessee, Knoxville
Abstract

As datasets grow, users increasingly rely on cloud services for data storage and processing. Consequently, concerns regarding data protection and the practical use of encrypted data have emerged as significant challenges. One promising solution is order-revealing encryption (ORE), which enables efficient operations on encrypted numerical data. To support distributed environments with different users, delegatable ORE (DORE) extends this functionality to multi-client settings, enabling order comparisons between ciphertexts encrypted under different secret keys. However, Hahn et al. proposed a token forgery attack against DORE with a threat model and introduced the secure DORE (SEDORE) scheme as a countermeasure. Despite this enhancement, we claim that SEDORE remains vulnerable under the same threat model. In this paper, we present a novel Universal Token Reusability Attack, which exposes a critical vulnerability in SEDORE with the identical threat model. To mitigate this, we introduce the concept of verifiable delegatable order-revealing encryption (VDORE), along with a formal definition of token unforgeability. Building on this, we design a new scheme, Token Unforgeable DORE ($\mathsf{TUDORE}$), which ensures token unforgeability. Moreover, $\mathsf{TUDORE}$ achieves 1.5× faster token generation than SEDORE with enhanced security.

Note: Revise the abstract, add more explanation about security analysis

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
order-revealing encryptioncross-database systemtoken-based authentication
Contact author(s)
jpark127 @ utk edu
leehb3706 @ hanyang ac kr
jbhur @ isslab korea ac kr
jaehongseo @ hanyang ac kr
doowon @ utk edu
History
2025-04-25: last of 4 revisions
2024-12-08: received
See all versions
Short URL
https://ia.cr/2024/1983
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1983,
      author = {Jaehwan Park and Hyeonbum Lee and Junbeom Hur and Jae Hong Seo and Doowon Kim},
      title = {{UTRA}: Universe Token Reusability Attack and Verifiable Delegatable Order-Revealing Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1983},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1983}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.