Implementation of "Partial Order Preserving Encryption" by Roche, Apon, Choi, and Yerukhimovich (2016) from ACM CCS 2016; preprint available at https://arxiv.org/abs/1610.04025 or https://eprint.iacr.org/2015/1106.
This is currently a proof-of-concept implementation in Python that is mostly meant to measure, validate, and test the communication costs.
Tested using Python 3.2.3 and later. It's possible that earlier versions of Python 3 will work as well, but not tested.
Requires the pycrypto library, available from https://github.com/dlitz/pycrypto.
-
ope
: Contains our implementations of client/server based order-preserving encoding schemes, including the POPE scheme itself.-
opec.py
: An OPE client, which glues together the server back-end (mOPE or POPE, for example) with the comparison oracle, and provides a convenient front-end interface for insertions and range queries.Note: This is just for testing purposes, as everything is running in memory within the same Python instance, not actually over a network link.
-
nwopec.py
: An OPE client that can access a POPE server over the network. Similar functionality to theopec
module in giving a convenient client front-end to a POPE back-end, but actually uses sockets to communicate (potentially) over the network. -
oracle.py
: A comparison oracle for order-preserving encoding. The role of the oracle is basically to receive ciphertexts and return their plaintext order (and nothing more).Note: This version is for testing purposes only, and does not work over a network.
-
nworacle.py
: Similar functionality to theoracle
module, but in a client/server setup to use socket-based network communication. -
pope.py
: The server-side implementation of the POPE scheme, including the buffer-tree-like data structure. Supports insertion and range queries, using a given comparison oracle to do the ordering. The comparison oracle can beoracle.Oracle
if running locally, ornworacle.OracleClient
over a network socket. -
mope.py
: Our implementation of the mOPE scheme of Popa, Li, and Zeldovich from https://eprint.iacr.org/2013/129. The implementation is not highly-tuned, but is comparable to our POPE implementation, and in the same model, in order to attempt a fair comparison. -
cheater.py
: A "fake" OPE implementation that cheats by simply retrieving the decryption key from the comparison oracle and does everything in plaintext. Used for testing and debugging purposes only, of course. -
ciphers.py
: Common wrapper classes for symmetric ciphers. Included are a dummy cipher used for debugging, and a wrapper of PyCrypto's AES128 implementation.
-
-
servers
: Servers to host OPE backends and comparison oracles over a network socket-
orac_serv.py
: Hosts a comparison oracle server on a desired port. This comparison oracle needs to know the client's decryption key, and listens for comparison requests from a connecting POPE or MOPE instance. -
pope_serv.py
: Hosts a POPE server on a desired port. This server does not have the client's decryption key, but needs to know how to access a comparison oracle. -
mope_serv.py
: Similar to thepope_serv
module, but wraps our implementation of the mutable OPE scheme from Popa, Li, and Zeldovich (IEEE S&P 2013).
-
-
test
: Some programs to check the various OPE implementations.-
demo.py
: Inserts a few strings and performs a few range queries, in order to demonstrate how to use an OPE implementation. -
check.py
: Inserts 1000 or so random entries into all available OPE implementations and performs random range queries, checking all of the results for correctness. -
incomparable.py
: Experimentally measures the number of incomparable elements after inserting California salary database entries and performing random range queries.Note: requires Python Imaging Library
-
nwbench.py
: Test code to benchmark the networked POPE implementation using California salary data -
nwrun.sh
: Script to start up the servers and run thenwbench
test. -
nwbench-or.py
: Similar tonwbench
, but only runs the comparison oracle over the network and not the POPE server. -
nwrun-or.sh
: Script to start up the servers and run thenwbench-or
test. -
nwspeed.sh
: Used by thenwrun.sh
andnwrun-or.sh
scripts to throttle network speed using iptables, and Linux traffic control. -
progbar.py
: Displays a nice Unicode-based progress bar.
-