This paper investigates the general problem of performing key-value search at untrusted servers without loss of user privacy. Specifically, given key-value pairs from multiple owners that are stored across untrusted servers, how can a client search these pairs such that no server, on its own, can reconstruct any of them? We propose a protocol, called Peekaboo, that is applicable to any type of key-value search while protecting both the data owner privacy and the client privacy. The main idea is to separate the key-value pairs and store them on different servers based on an important observation that key-value pairs release information only if they are together. Supported by access control and user authentication, Peekaboo allows search to be performed only by authorized clients without reducing the levels of user privacy.
Yinglian Xie, Michael K. Reiter, David R. O'Hallar