Overview of MONOMI

Processing Analytical Queries
over Encrypted Data
Stephen Tu, M. Frank Kaashoek,
Samuel Madden, and Nickolai Zeldovich
39th International Conference on Very Large Data Bases
Riva del Garda, Trento, Italy, August 2013
SWIM Seminar
May 19th, 2015
Mateus Cruz

Introduction Split Execution Optimization Techniques Designer and Planner Experiments Conclusion
OUTLINE
1 Introduction
2 Split Execution
3 Optimization Techniques
4 Designer and Planner
5 Experiments
6 Conclusion
2 / 31

OUTLINE
1 Introduction
2 Split Execution
5 Experiments
6 Conclusion
3 / 31

OVERVIEW
System called MONOMI
Extension of CryptDB
Analytical queries over encrypted data
Data protected against server compromises
Modest overhead
Slowdown of 1.03 to 2.33×
4 / 31

MAIN IDEAS
Split client/server execution
Optimization techniques
Per-row precomputation
Space-efficient encryption
Grouped homomorphic addition
Pre-filtering
Designer
Physical data layout
Planner
Efficient execution plan for queries
5 / 31

USED ENCRYPTION SCHEMES
6 / 31

ARCHITECTURE
7 / 31

OUTLINE
1 Introduction
2 Split Execution
5 Experiments
6 Conclusion
8 / 31

INTUITION
The server cannot execute all queries
Limitations of cryptosystems
Cannot transfer all data to the client
Large amount of data
Divide execution
Execute as much as possible on server
Transfer data to the client when it is not
possible to execute on the server
9 / 31

LIMITATIONS OF SERVER EXECUTION
Example (TPC-H Q11)
SELECT ps partkey,
SUM (ps supplycost * ps availqty) AS value
FROM partsupp JOIN supplier JOIN nation
WHERE n name = :1
GROUP BY ps partkey
HAVING SUM (ps supplycost * ps availqty) > (
SELECT SUM (ps supplycost * ps availqty) * 0.0001
WHERE n name = :1 )
ORDER BY value DESC;
10 / 31

Example (TPC-H Q11)
SELECT ps partkey,
WHERE n name = :1
GROUP BY ps partkey
HAVING SUM
Addition and comparison in-
volve incompatible encryption
schemes
(ps supplycost * ps availqty) > (
SELECT SUM (ps supplycost * ps availqty) * 0.0001
WHERE n name = :1 )
10 / 31

Example (TPC-H Q11)
SELECT ps partkey,
WHERE n name = :1
GROUP BY ps partkey
SELECT SUM (ps supplycost * ps availqty)
No efﬁcient encryption
scheme allows multiplica-
tion of two encrypted values
* 0.0001
WHERE n name = :1 )
10 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
SUM (ps supplycost * ps availqty)
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
exprs: [$0, sum($1)]
LocalGroupFilter
ﬁlter: sum($1) > subquery0()
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
n name DET = 0xabcdef
GROUP BY ps partkey DET
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET
Precomputed
multiplication
)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1
Reference to
the columns
of the child
operator
]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
Deterministic
encryption of the
value :1
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP
Concatenation of all values
from each GROUP BY group
(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
Outmost SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
Innermost SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
Decrypts the data
at the client
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs:
Multiplication
by constant
[sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
LocalGroupFilter
ﬁlter:
Filter referring to
the HAVING clause
sum($1) > subquery0()
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
key:[$1]
LocalProjection
Selection of ps partkey and
of the summation of the pre-
computed expression
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

SPLIT QUERY PLAN
Example (TPC-H Q11)
SELECT ps partkey,
AS VALUE
WHERE n name = :1
GROUP BY ps partkey
* 0.0001
WHERE n name = :1 )
LocalSort
Sorting referring to the
ORDER BY clause
key:[$1]
LocalProjection
LocalGroupFilter
LocalDecrypt
pos: [$0, $1]
LocalProjection
exprs: [sum($0) * 0.0001]
RemoteSQL
SELECT
ps parkey DET,
GROUP(precomp DET)
FROM ... WHERE
LocalDecrypt
pos: [$0]
RemoteSQL
SELECT
GROUP(precomp DET)
FROM ... WHERE
11 / 31

OUTLINE
1 Introduction
2 Split Execution
5 Experiments
6 Conclusion
12 / 31

PER-ROW PRECOMPUTATION
Prior computation of certain expressions
Materialized using additional columns
Decision made by the designer module
Example
13 / 31

SPACE-EFFICIENT ENCRYPTION
Minimize ciphertext expansion
FFX mode of operation: n bits to n bits
Pack multiple columns in a row
Pack multiple rows into a single Paillier
Packed ciphertexts are kept in separate ﬁles
on the local ﬁle system
14 / 31

GROUPED HOMOMORPHIC ADDITION
Packed aggregates computed with a single
modular multiplication
(a1||...||an) + (b1||...||bn) = (a1 + b1)||...||(an + bn)
E(a1||...||an)×E(b1||...||bn) = E((a1+b1)||...||(an+bn))
15 / 31

PRE-FILTERING
Minimize data sent to the client
Apply ﬁltering to encrypted data
Example
SELECT l orderkey FROM lineitem
GROUP BY l orderkey
HAVING SUM(l quantity) > :1
16 / 31

PRE-FILTERING
Example
SELECT l orderkey FROM lineitem
GROUP BY l orderkey
HAVING SUM(l quantity) > :1
Incompatible schemes for SUM
and comparison (>)
16 / 31

PRE-FILTERING
Example
SELECT l orderkey det,
PAILLIER SUM(l quantity paillier)
FROM lineitem
GROUP BY l orderkey det
HAVING MAX(l quantity ope) > encrypt ope(m)
OR COUNT(*) > (:1 / m)
16 / 31

PRE-FILTERING
Example
SELECT l orderkey det,
PAILLIER SUM(l quantity paillier)
FROM lineitem
GROUP BY l orderkey det
HAVING MAX(l quantity ope) > encrypt ope(m
Maximum value
of the column
l quantity
)
OR COUNT(*) > (:1 / m)
16 / 31

OUTLINE
1 Introduction
2 Split Execution
5 Experiments
6 Conclusion
17 / 31

INTUITION
Optimizations are not always better
Designer
Best physical design
– Encryption schemes
– Precomputed expressions
Planner
Best query plan at runtime
18 / 31

DESIGNER: INPUT AND OUTPUT
Input
Representative query workload
– Q0, Q1, ..., Qn
– Chosen by the administrator
Sample data
Space constraint factor (optional)
Output
Physical design of the server
– Set of encrypted columns to materialize
19 / 31

DESIGNER: ALGORITHM
1 Consider all operations in query Qi
Check what expression would allow execution
on the server
EncSeti
– Set of value, scheme pairs for Qi
Example
WHERE x = :1 generates a x, DET pair,
referring to the x column
ORDER BY x + y generates a x + y, OPE
pair, referring to a precomputed x + y value
20 / 31

DESIGNER: ALGORITHM
2 The designer invokes the planner to
determine the best way to execute Qi
The planner computes PowSeti
– Contains the subsets of EncSeti
The planner constructs an execution plan for Qi
for each element of the power set
3 The planner uses a cost model to estimate
the fastest execution plan
20 / 31

COST MODEL
Sum of three components
Execution time on the server
Data transfer time
Post-processing on client (decryption)
Constraints are considered using an Integer
Linear Programming (ILP) formulation
21 / 31

OUTLINE
1 Introduction
2 Split Execution
5 Experiments
6 Conclusion
22 / 31

IMPLEMENTATION
8.000 lines of Scala for designer/planner
4.000 lines of C++ for client library
OpenSSL for cryptography
Each table is mapped to an encrypted table
Copies of columns (different cryptosystems)
Do not support
Views
Pattern matching with two or more patterns
Example
LIKE ’%foo%bar%’
23 / 31

ENVIRONMENT
Client
Four 4-core 2.2GHz Intel Xeon E5520
24GB RAM
Server
Four 4-core 2.4GHz Intel Xeon E5530
24GB RAM
Multiple cores used for decryption
Postgres 8.4
Memory limit: 8GB
TPC-H scale 10 dataset
24 / 31

OVERALL EFFICIENCY
Median overhead of 1.24×
25 / 31

TECHNIQUE PERFORMANCE
Cumulative use of optimization techniques
26 / 31

SPACE OVERHEAD
27 / 31

SENSITIVITY TO DESIGNER INPUT
Choosing representative queries
Aggregation over expressions
Expressions requiring precomputation
Very selective WHERE on large relations
28 / 31

SECURITY
Plaintext is never revealed
OPE is used infrequently
Leaks order
29 / 31

OUTLINE
1 Introduction
2 Split Execution
5 Experiments
6 Conclusion
30 / 31

CONCLUSION
Novel system: MONOMI
Analytic queries over conﬁdential data
New optimization techniques
Use of designer and planner
Modest overheads
Execution: 1.24×
Space: 1.72×
31 / 31

Overview of MONOMI

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (18)

Similar to Overview of MONOMI

Similar to Overview of MONOMI (20)

Recently uploaded

Recently uploaded (20)

Overview of MONOMI