Delegatable Order-Revealing Encryption for Reliable Cross-Database Query

Changhee Hahn, Junbeom Hur

Research output: Contribution to journalArticlepeer-review


Cloud service providers adopt pay-per-query pricing models to charge data owners based on the amount of data scanned by each query. In such models, the trustworthiness of the underlying billing system is as important as the privacy preservation for the data and queries. In this paper, we revisit delegatable order-revealing encryption (DORE), a range query algorithm allowing authorized users to retrieve data of specific ranges across multiple databases encrypted under different secret keys. We first investigate which factor in the authorization mechanism of DORE can lead to overprivileged users and let them allow any unauthorized user to query over the database of the victim without risking their credits, such as leaking the secret keys. Unfortunately, such unauthorized queries would incur unexpected financial damage to the victim in practical pay-per-query models. We then propose SEDORE, a secure order-revealing encryption scheme with resilience to unauthorized queries across databases. SEDORE features a novel user authorization mechanism limiting user privileges carefully. Consequently, the authorized users cannot illegally invite any unauthorized user to query unless they entirely leak their credits. We demonstrate that the performance of SEDORE is comparable to that of DORE while achieving a higher security level.

Original languageEnglish
Pages (from-to)1-14
Number of pages14
JournalIEEE Transactions on Services Computing
Publication statusAccepted/In press - 2022


  • Authorization
  • cross-database query
  • Databases
  • delegation
  • Encapsulation
  • encrypted database
  • Encryption
  • Forgery
  • order-revealing encryption
  • Public key
  • Range query
  • Servers

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications
  • Information Systems and Management


Dive into the research topics of 'Delegatable Order-Revealing Encryption for Reliable Cross-Database Query'. Together they form a unique fingerprint.

Cite this