- The paper introduces ESPRESSO, a framework that scales keyword search on decentralized SOLID data while enforcing granular visibility constraints.
- It employs per-WebID indexing and probabilistic metadata obfuscation to ensure privacy and prevent unauthorized statistical inference.
- The frameworkâs design and threat analysis validate strong privacy guarantees and efficient federated query processing for applications like clinical trial recruitment.
Scalable Privacy-Preserving Keyword Search on Solid-Based Decentralized Data: The ESPRESSO Framework
Introduction
The proliferation of decentralized personal data ecosystems, exemplified by platforms such as Solid, challenges traditional paradigms of information retrieval. The stringent requirements of user sovereignty, fine-grained access control, and non-centralization impede the operation of standard keyword search mechanisms. "Implementation and Privacy Guarantees for Scalable Keyword Search on SOLID-based Decentralized Data with Granular Visibility Constraints" (2604.22100) systematically addresses these technical challenges. The ESPRESSO framework is introduced as a robust solution for secure, decentralized keyword search that scales efficiently across distributed Solid pods while enforcing user-defined visibility and privacy boundaries.
Motivating Scenario and Design Rationale
The core motivation is framed through a concrete healthcare use case involving the search of distributed patient-held data for clinical trial recruitment.
Figure 1: An NHS-inspired decentralized search scenario where medical researchers discover clinical trial participants by searching Solid pods with fine-grained consent.
This scenario encapsulates the requirements for:
- Maintaining stringent access controls linked to user authentication (WebID),
- Enabling keyword-based search without disclosing underlying data or metadata to unauthorized entities,
- Scaling search efficiency as the number of data pods increases,
- Preventing privacy leakage through both direct results and indirect inference on metadata.
These requirements motivate ESPRESSO's architectural emphasis on index isolation, source selection metadata compartmentalization, and privacy-aware federated query processing.
ESPRESSO: System Architecture and Data Model
The ESPRESSO architecture is specifically tailored for decentralized information retrieval within the Solid ecosystem.
Figure 2: High-level system architecture highlighting decentralized indexing, the overlay network, and the partitioned metadata flow.
Data Stores and Visibility Constraints
Every Solid pod is associated with a data owner and contains resources protected by Web Access Control (WAC), mapping explicit read rights to authenticated WebIDs. The set of resources visible to a search party is defined by the intersection of pod-specific access policies and the party's WebID, forming a strict visibility boundary.
A distinguishing design aspect is the construction of per-search-party, per-pod inverted indexes. No global index is maintained; instead, indexes are strictly scoped both in storage and accessâevery WebID gains access only to indexes of resources it is authorized to see.
The server and overlay levels are augmented with metadata structures to accelerate source selection and distributed ranking:
Figure 3: Partitioned, WebID-scoped metadata at the server and overlay layers supporting efficient source selection.
These metadata structures are:
- System-Level Metadata: Maps keywords and WebIDs to Solid servers and aggregate statistics,
- Server-Level Metadata: Maps keywords and WebIDs to authorized pod URLs and intra-server statistics.
To further obfuscate index mappings, ESPRESSO optionally supports the deployment of probabilistic data structures (e.g., Bloom filters) scoped by WebID, making reverse engineering of keyword-to-pod mappings intractable for unauthorized parties.
Operational Workflow
Indexing and Registration
Pod owners deploy the Indexing App to create and maintain the index and metadata profile for their pods.
Figure 4: Sequence diagram for initial pod data indexing and metadata profile creation within the decentralized architecture.
Participants register their pods via a controlled flow, ensuring only explicitly authorized metadata participates in network searches.
Figure 5: Secure registration flow for integrating a pod into the ESPRESSO search federation.
Decentralized Search Execution
The search pipeline is initiated by a search party authenticated via their WebID:
- The Overlay Network (e.g., via GaianDB) returns either relevant pod locations or pre-aggregated results based on federated metadata.
- The Search App navigates the metadata hierarchy, contacting only servers and pods strictly within the search party's authorization envelope.
Figure 6: Path of a search request through the ESPRESSO overlay when returning relevant pod candidates.
Figure 7: Alternative search flow where the overlay network directly aggregates and returns final results.
This architectural design ensures both horizontal scalability (as pod and server numbers increase) and strict privacy enforcement, with decentralized query evaluation and no raw data egress beyond explicit consent boundaries.
Threat Model and Privacy Guarantees
Central to the paper is the comprehensive adversarial and privacy analysis leveraging a subset of the STRIDE modelâspecifically, Information Disclosure and Spoofing.
Adversarial Profiles and Attack Surface
- Malicious adversaries are modeled primarily for Spoofing threats (WebID impersonation).
- Honest-but-curious adversaries are modeled for Information Disclosure, focusing on inferential attacks through metadata inspection, result analysis, and correlation.
Attack scenarios include direct membership inference, access pattern inference, keyword frequency estimation, index reconstruction, and re-identification via auxiliary data.
The ESPRESSO privacy analysis formalizes four privacy guarantees (PG1âPG4):
- Visibility/Access Scope Isolation: Search result sets and exposed metadata are strictly limited to the querying party's authorized scope.
- WebID-Scoped Decentralized Indexing: Indexes are partitioned per WebID, effectively compartmentalizing resource visibility and precluding cross-user statistical inference.
- Probabilistic Source Selection Metadata: Bloom filter application further obfuscates the presence or absence of keywords and resources, introducing controlled false positives.
- Source-Selection Metadata Conservativity and Separability: All metadata structures are conservative (no additional information beyond authorized query results) and separable (partitioned by WebID), preventing cross-user amplification of information.
The efficacy of these mechanisms in blocking the enumerated adversarial goals is methodically summarized, with explicit mapping between attack classes and mitigations provided.
Limitations and Future Directions
Several non-goals and open problems are highlighted:
- No differential privacy or cryptographic query processing (e.g., secure multiparty computation) is incorporated; metadata and indexes are plaintext.
- Correctness is predicated on partially trusted servers and the non-collusion of adversaries; comprehensively malicious or colluding environments are out of scope.
- No mechanisms are provided for traffic analysis resistance or query obfuscation beyond structural index partitioning.
- Authentication attack surfaces (e.g., delegated agent misuse, session replay) are delegated to Solid's underlying trust infrastructure.
Potential future extensions include deployment of differential privacy, cryptographic protocols for oblivious search, and deeper integration of automated agent authentication analysis.
Conclusion
This work provides a formalized, scalable approach to privacy-preserving search in Solid-based decentralized environments. By combining per-WebID index isolation, conservative source selection metadata, and probabilistic obfuscation, ESPRESSO enforces strict access boundaries while enabling practical keyword search across a federated data ecosystem. The formal threat-model analysis clarifies the spectrum of risks and mitigation strategies, balancing realistic deployability concerns with strong privacy guarantees. The architectural decisions and analytical rigor set a foundation for future enhancements pursuing cryptographic privacy and robust resilience under more aggressive adversarial models.