Does asymmetric order-preserving encryption exist?

Mahsa Bastankhah

11/24/22, 3:37 PM

As I understand from this post, mapping from plaintext space to ciphertext space is the fundamental point of all order-preserving encryption. So the only way that we let someone encrypt an arbitrary plaintext is to give him/her this mapping. But, on the other hand, if we give someone this mapping, the encryption breaks because anyone who has access to it can easily decrypt any ciphertext since this mapping is usually reversible.

I am not sure at all that I have understood this correctly. Hence this post. To sum up, my question is: Is there any order-preserving encryption that gives everyone the possibility to encrypt an arbitrary message?

125

1 + 3

encryption

homomorphic-encryption

order-preserving

Meir Maor

11/24/22, 4:03 PM

You are looking for something asymmetric with public encryption key and private decryption? Do you expect everyone to be able to compare order of ciphertexts?

Mahsa Bastankhah

11/24/22, 4:13 PM

Yes. I need it to be asymmetric and the encryption key can be published publicly.

Maeher

11/24/22, 6:53 PM

If the comparison on the ciphertexts is a public operation, you can recover the plaintext using a simple binary search.

Score:6

Crypto

Maeher

11/25/22, 2:05 PM

No, an order preserving public key encryption scheme cannot be secure.

Consider any PKE scheme for plaintext space $\mathbb{Z}_n$ for which there exists a public operation that given two ciphertexts (and possibly the public key) allows to test the relative order of the corresponding plaintexts.

Given a ciphertext $c$, and the public key we can then recover the plaintext using simple binary search over $\mathbb{Z}_n$ in $O(\log n)$ steps.

0 + 2

Mahsa Bastankhah

11/26/22, 8:54 AM

you are right. So how can I solve this problem: I have a directed graph of nodes that can be malicious and all of them have a private value. I want every node in this graph to be able to compare his private value with the private value of his ancestor and send the minimum of these two values to his descendants. But notice that these values are private i.e. I want this comparison between private value can happen with the least leakage of information that is fundamentally possible.

Maeher

11/26/22, 9:09 AM

Is interaction allowed between nodes? Non-interactively you can probably do it using FHE. Otherwise some kind of 2PC protocol should work. This sounds a lot like Yao's Millionaires' problem.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Does asymmetric order-preserving encryption exist?

TH: มีการเข้ารหัสเพื่อรักษาคำสั่งแบบอสมมาตรหรือไม่?

RO: Există criptare asimetrică pentru păstrarea ordinii?

RU: Существует ли асимметричное шифрование с сохранением порядка?

VI: Mã hóa bảo toàn thứ tự bất đối xứng có tồn tại không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.