公开(公告)号：US20210182261A1

公开(公告)日：2021-06-17

申请号：US16712151

申请日：2019-12-12

Applicant: Google LLC

Inventor： Kevin Yeo ,  Ahmet Erhan Nergiz ,  Nicolas Lidzborski ,  Laetitia Estelle Baudoin ,  Sarvar Patel

IPC: G06F16/22 ,  G06F16/2455 ,  G06F16/242 ,  H04L9/06 ,  H04L9/08

Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.

公开(公告)号：US20200342118A1

公开(公告)日：2020-10-29

申请号：US16715994

申请日：2019-12-16

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel ,  Giuseppe Persiano

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08

Abstract: A method for providing response-hiding searchable encryption includes receiving a search query for a keyword from a user device associated with a user. The keyword appears in one or more encrypted documents within a corpus of encrypted documents stored on an untrusted storage device. The method also includes accessing a document oblivious key-value storage (OKVS) to obtain a list of document identifiers associated with the keyword. Each document identifier in the list of document identifiers associated with a respective keyword identifier is concatenated with the keyword and uniquely identifies a respective one of the one or more encrypted documents that the keyword appears in. The method also includes returning the list of document identifiers obtained from the document OKVS to the user device.

公开(公告)号：US10592685B2

公开(公告)日：2020-03-17

申请号：US15878871

申请日：2018-01-24

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel ,  Giuseppe Persiano

IPC: H04L29/06 ,  G06F21/62 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06

Abstract: A method for sharing read access to a document stored on memory hardware. The method includes receiving a shared read access command from a sharor sharing read access to a sharee for a document stored on memory hardware in communication with the data processing hardware, and receiving a shared read access request from the sharee. The shared read access command includes an encrypted value and a first cryptographic share value based on a write key, a read key, a document identifier, and a sharee identifier. The method also includes multiplying the first and second cryptographic share values to determine a cryptographic read access value. The cryptographic read access value authorizes read access to the sharee for the document. The method also includes storing a read access token for the sharee including the cryptographic read access value and the encrypted value in a user read set of the memory hardware.

公开(公告)号：US12299142B2

公开(公告)日：2025-05-13

申请号：US18312556

申请日：2023-05-04

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel ,  Giuseppe Persiano

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  G06F21/10

Abstract: A method for providing response-hiding searchable encryption includes receiving a search query for a keyword from a user device associated with a user. The keyword appears in one or more encrypted documents within a corpus of encrypted documents stored on an untrusted storage device. The method also includes accessing a document oblivious key-value storage (OKVS) to obtain a list of document identifiers associated with the keyword. Each document identifier in the list of document identifiers associated with a respective keyword identifier is concatenated with the keyword and uniquely identifies a respective one of the one or more encrypted documents that the keyword appears in. The method also includes returning the list of document identifiers obtained from the document OKVS to the user device.

公开(公告)号：US12147571B2

公开(公告)日：2024-11-19

申请号：US18167490

申请日：2023-02-10

Applicant: Google LLC

Inventor： Sarvar Patel ,  Kevin Yeo ,  Giuseppe Persiano

IPC: G06F21/62 ,  G06F17/16 ,  G06F21/60 ,  H04L9/00

Abstract: A method includes initializing a client state on a client device be executing a private batched sum retrieval instruction to compute c sums O of data blocks from an untrusted storage device. Each computed sum O stored on memory hardware of the client device and including a sum of a corresponding subset S of exactly k data blocks. The method also includes a query instruction to retrieve a query block Bq stored on the untrusted storage device by iterating through each of the c sums O of data blocks to identify one of the c sums O that does not include the query block Bq, instructing a service to pseudorandomly partition the untrusted storage device into partitions and sum the data blocks in each partition to determine a corresponding encrypted data block sum.

公开(公告)号：US20240104234A1

公开(公告)日：2024-03-28

申请号：US18008554

申请日：2022-06-14

Applicant: Google LLC

Inventor： Eli Simon Fox-Epstein ,  Kevin Wei Li Yeo ,  Sarvar Patel ,  Raimundo Mirisola ,  Craig William Wright

IPC: G06F21/62

CPC classification number: G06F21/6218

Abstract: Encrypted information retrieval can include generating a database that is partitioned into shards each having a shard identifier, and database entries in each shard that are partitioned into buckets having a bucket identifier. A batch of client-encrypted queries are received. The batch of client-encrypted queries are processed using a set of server-encrypted data stored in a database. The processing includes grouping the client-encrypted queries according to shard identifiers of the client-encrypted queries, executing multiple queries in the group of client-encrypted queries for the shard together in a batch execution process, and generating multiple server-encrypted results to the multiple queries in the group of client-encrypted queries. The multiple server-encrypted results for each shard are transmitted to the client device.

公开(公告)号：US11909861B2

公开(公告)日：2024-02-20

申请号：US18189187

申请日：2023-03-23

Applicant: Google LLC

Inventor： Kevin Yeo ,  Joon Young Seo ,  Sarvar Patel

IPC: H04L29/06 ,  H04L9/06 ,  G06F21/62

CPC classification number: H04L9/0662 ,  G06F21/6227

Abstract: A method includes obtaining, from a server, a filter including a set of encrypted identifiers each encrypted with a server key controlled by the server. The method includes obtaining a request that requests determination of whether a query identifier is a member of a set of identifiers corresponding to the set of encrypted identifiers. The method also includes transmitting an encryption request to the server that requests the server to encrypt the query identifier. The method includes receiving, from the server, an encrypted query identifier including the query identifier encrypted by the server key and determining, using the filter, whether the encrypted query identifier is not a member of the set of encrypted identifiers. When the encrypted query identifier is not a member of the set of encrypted identifiers, the method includes reporting that the query identifier is not a member of the set of identifiers.

公开(公告)号：US20230254126A1

公开(公告)日：2023-08-10

申请号：US18302108

申请日：2023-04-18

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel

IPC: H04L9/08 ,  G06F16/9032 ,  G06F16/93 ,  G06F16/903 ,  H04L9/06

CPC classification number: H04L9/0825 ,  G06F16/9032 ,  G06F16/93 ,  G06F16/90335 ,  H04L9/0631 ,  H04L9/0637 ,  H04L9/0866 ,  H04L9/0869

Abstract: A method for searchable encryption with a public key includes receiving an operation request from a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.

公开(公告)号：US20230137882A1

公开(公告)日：2023-05-04

申请号：US18149085

申请日：2022-12-31

Applicant: Google LLC

Inventor： Kevin Yeo ,  Sarvar Patel ,  Giuseppe Persiano ,  Mariana Raykova

IPC: G06F21/10 ,  G06F3/06 ,  G06F16/22 ,  G06F21/78 ,  H04L67/10

Abstract: A method includes executing an instruction to execute a query for a data block, the data block associated with a corresponding memory level of a logarithmic number of memory levels (li) of memory, each memory level (li) including physical memory (RAMi) residing on memory hardware of a distributed system. The method also includes retrieving a value associated with the data block from an oblivious hash table using a corresponding key, and extracting un-queried key value pairs from the oblivious hash table associated with un-queried data blocks after executing a threshold number of queries for data blocks. The method also includes a multi-array shuffle routine on the extracted key value pairs from the oblivious hash table to generate an output array containing the un-queried key value pairs.

公开(公告)号：US11593516B2

公开(公告)日：2023-02-28

申请号：US17053648

申请日：2018-05-07

Applicant: Google LLC

Inventor： Sarvar Patel ,  Kevin Yeo ,  Giuseppe Persiano

IPC: G06F21/62 ,  G06F17/16 ,  G06F21/60 ,  H04L9/00

Abstract: A method (500) includes initializing a client state (250) on a client device (120) be executing a private batched sum retrieval instruction (200) to compute c sums O of data blocks (102) from an untrusted storage device (150). Each computed sum O stored on memory hardware (122) of the client device and including a sum of a corresponding subset S of exactly k data blocks. The method also includes a query instruction (300) to retrieve a query block Bq stored on the untrusted storage device by iterating through each of the c sums O of data blocks to identify one of the c sums O that does not include the query block Bq, instructing a service to pseudorandomly partition the untrusted storage device into partitions and sum the data blocks in each partition to determine a corresponding encrypted data block sum (302).