Paper 2024/1983
UTRA: Universe Token Reusability Attack and Verifiable Delegatable Order-Revealing Encryption
Abstract
As datasets grow, users increasingly rely on cloud services for data storage and processing. Consequently, concerns regarding data protection and the practical use of encrypted data have emerged as significant challenges. One promising solution is order-revealing encryption (ORE), which enables efficient operations on encrypted numerical data. To support distributed environments with different users, delegatable ORE (DORE) extends this functionality to multi-client settings, enabling order comparisons between ciphertexts encrypted under different secret keys. However, Hahn et al. proposed a token forgery attack against DORE with a threat model and introduced the secure DORE (SEDORE) scheme as a countermeasure. Despite this enhancement, we claim that SEDORE remains vulnerable under the same threat model. In this paper, we present a novel Universal Token Reusability Attack, which exposes a critical vulnerability in SEDORE with the identical threat model. To mitigate this, we introduce the concept of verifiable delegatable order-revealing encryption (VDORE), along with a formal definition of token unforgeability. Building on this, we design a new scheme, Token Unforgeable DORE ($\mathsf{TUDORE}$), which ensures token unforgeability. Moreover, $\mathsf{TUDORE}$ achieves 1.5× faster token generation than SEDORE with enhanced security.
Note: Revise the abstract, add more explanation about security analysis
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- order-revealing encryptioncross-database systemtoken-based authentication
- Contact author(s)
-
jpark127 @ utk edu
leehb3706 @ hanyang ac kr
jbhur @ isslab korea ac kr
jaehongseo @ hanyang ac kr
doowon @ utk edu - History
- 2025-04-25: last of 4 revisions
- 2024-12-08: received
- See all versions
- Short URL
- https://ia.cr/2024/1983
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1983, author = {Jaehwan Park and Hyeonbum Lee and Junbeom Hur and Jae Hong Seo and Doowon Kim}, title = {{UTRA}: Universe Token Reusability Attack and Verifiable Delegatable Order-Revealing Encryption}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1983}, year = {2024}, url = {https://eprint.iacr.org/2024/1983} }