Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leakages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of fine-tuned privacy-efficiency trade-offs. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate SWAT, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. SWATis about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of SWATremains highly competitive compared to other designs that mitigate specific types of leakage.

翻译：大量研究已强调了加密数据存储中各类泄漏模式所伴随的重大隐私风险。尽管已有诸多方案被提出以缓解这些泄漏，但它们要么（1）带来显著开销，（2）仅关注特定子集的泄漏模式，要么（3）对不同工作负载应用相同的安全概念，从而阻碍了精细隐私-效率权衡的达成。针对多种有害泄漏模式，本文首先探究了在键值、范围查询与动态工作负载下分别需要重点关注哪些具体泄漏模式。随后，我们引入了适配这些工作负载特定隐私需求的新型安全概念。据此，我们提出并实例化了SWAT，这是一种高效的构造方案，能逐步支持上述工作负载，同时通过一组具备可调隐私-效率权衡的算法，在系统级可证明地缓解泄漏。我们开展了大量实验并进行了详尽的结果分析，展示了我们方案的效率。SWAT相比暴露各类泄漏模式的仅加密数据存储慢约一个数量级，而相比零泄漏的朴素方案则快约两个数量级。同时，相较于其他针对特定类型泄漏的缓解设计，SWAT的性能仍保持高度竞争力。