Oblivious Key Homomorphic Encryption Retrieval

Updated 4 February 2026

OKHER is a protocol framework enabling secure, privacy-preserving key–value queries over homomorphically encrypted databases using full, leveled, and linearly homomorphic cryptosystems.
Its various implementations, including FHE, LHE, and HPRE-based schemes, achieve efficient retrieval with compressed encodings and batched PIR techniques, reducing computational and communication overhead.
The protocol guarantees confidentiality, correctness, and obliviousness, ensuring that only necessary ciphertexts are revealed while supporting applications such as fuzzy set operations and proxy re-encryption.

Oblivious Key Homomorphic Encryption Retrieval (OKHER) denotes a class of protocols facilitating privacy-preserving key–value queries on homomorphically encrypted databases. OKHER ensures that a sender can retrieve ciphertexts of values matching queried keys, without leaking additional information about the database or the query pattern beyond what is strictly necessary. The term encompasses instantiations on full, leveled, and linearly homomorphic cryptosystems, spanning applications from structured private set operations to proxy re-encryption for multi-key support.

1. Core Definition and Context

At its foundation, OKHER is an idealized two-party protocol, denoted $\mathcal{F}_\mathrm{OKHER}$ , where a Receiver $\mathcal{R}$ possesses a database $KV = \{(k_i,v_i)\}_{i=1}^N$ encrypted under a public key $pk$ , and a Sender $\mathcal{S}$ forms queries $Q = \{q_j\}_{j=1}^m$ against this store. Upon protocol execution, the sender learns (for each $q_j$ ) only the encryption $\mathsf{Enc}_{pk}(v_i)$ of the value matching $q_j=k_i$ , or a dummy ciphertext if no match exists. The receiver learns no additional information (Dumas et al., 28 Jan 2026).

This abstraction captures efficient retrieval on encrypted data in settings requiring minimal leakage—enabling, for example, Fuzzy Private Set Union protocols where elements are matched approximately rather than exactly (Dumas et al., 28 Jan 2026), as well as secure access in multi-user or multi-key environments (Bellafqira et al., 2017).

2. Cryptographic Frameworks and Implementations

OKHER’s realizations build on different homomorphic encryption paradigms:

Fully Homomorphic Encryption (FHE): Enables evaluation of arbitrary functions over encrypted records without decryption. Protocols such as BF-COIE and PS-COIE use leveled FHE (BFV in Microsoft SEAL), permitting parallel retrieval of multiple results, with encrypted databases and queries matched and encoded into compressed, sublinear-size objects using only homomorphic additions and scalar multiplications (Choi et al., 2021).
Linearly Homomorphic Encryption (LHE): Required for settings where only addition and plaintext–ciphertext multiplication are supported (e.g., Paillier, custom LHE variants). OKHER exploits IND-CPA security and batch PIR to realize functionality with efficient encodings and low communication overhead (Dumas et al., 28 Jan 2026).
Homomorphic Proxy Re-Encryption (HPRE): Extends retrievability to scenarios involving key switching without trusted third parties. The cloud, acting as proxy, never learns plaintexts or private keys and simply enables the transfer of encrypted content from one user’s key to another via a noise-blinding approach and homomorphic algebra (Bellafqira et al., 2017).

3. Protocol Structure

The OKHER protocol typically comprises four phases:

Setup: Receiver generates a homomorphic key pair and encodes the database using a Sparse Oblivious Key–Value Store (SOKVS). Batch PIR infrastructure is also established for efficient retrieval (Dumas et al., 28 Jan 2026).
Query: Sender forms queries by mapping keys to indices (via sparse selector maps), combining queries into a batched index set for PIR (Dumas et al., 28 Jan 2026).
Response: Receiver homomorphically encrypts matching values and PIR-serves the batched results, returning masked ciphertext vectors for decoding (Dumas et al., 28 Jan 2026). In the HPRE scenario, proxy computes blinded differences and re-encrypts under the delegate’s key (Bellafqira et al., 2017).
Decode: Sender locally assembles the results, decrypting matching ciphertexts to obtain the values for the queried keys, and dummy values otherwise (Dumas et al., 28 Jan 2026).

For secure FHE-based search, a bit-vector $b = (b_1, ..., b_n)$ encodes query matches. Compression into Bloom filter hierarchies or polynomial-encoded vectors drastically reduces overhead and enables retrieval of all matches in a single protocol execution (Choi et al., 2021).

4. Efficiency Considerations

OKHER protocols are engineered for asymptotic and empirical efficiency:

Computational Complexity: BF-COIE encodes match indices with $O(n \log(n/s))$ homomorphic additions and zero homomorphic multiplications; PS-COIE achieves retrieval with only scalar multiplications and additions (Choi et al., 2021). HPRE-based OKHER requires $O(N)$ Paillier exponentiations per re-encryption round (Bellafqira et al., 2017). SOKVS-based approaches scale as $\widetilde O(N)$ for receiver work and $O(m \log N)$ for sender work (Dumas et al., 28 Jan 2026).
Communication Volume: Compression yields $O(s^{1+1/\eta} \log(n/s))$ ciphertexts for $s$ matches in $n$ records, contrasting with prior approaches requiring $O(n)$ ciphertexts. Multi-round protocols are collapsed into a single round with substantial bandwidth reduction. For PIR-based variants, communication is bounded by $O(m \log N)$ , amortizing response vectors over batch queries (Dumas et al., 28 Jan 2026).
Empirical Benchmarks: BF-COIE achieves a 1800× speed-up for retrieval and 26× end-to-end acceleration for fetching multiple items compared to previous methods; communication can be packed to 1–2 ciphertexts plus PIR (Choi et al., 2021).

5. Security and Privacy Guarantees

Security analyses are rooted in the Random Oracle Model for FHE instantiations and the standard IND-CPA and PIR security models for LHE/SOKVS-based protocols:

Correctness: The client recovers a set $S'$ of size $\leq s + f_p$ containing all true matches, aborting if false positives or undercounts exceed bounds (Choi et al., 2021).
Confidentiality: The server (or proxy) only observes encrypted objects and compressed encodings, leaking at most the number of matches $s$ and false positives $f_p$ (Choi et al., 2021). In HPRE, neither user’s private key nor plaintexts are revealed (Bellafqira et al., 2017).
Indistinguishability: A semi-honest adversary cannot distinguish between equal-size query results across different databases or queries (Choi et al., 2021).
Obliviousness: Only the requisite ciphertexts are revealed to the sender, with dummy values served for non-matching queries; retrieval and encoding operations leak no key–value pair information aside from that dictated by the output (Dumas et al., 28 Jan 2026).

6. Applications and Comparative Analysis

OKHER instantiations find utility in privacy-preserving database querying, Private Set Union/Intersection, and key-rotatable encrypted sharing:

Fuzzy Private Set Union (FPSU): OKHER underpins union protocols where matches are defined by approximate ball membership for high-dimensional data, scaling communication as $O(dm\log(\delta n))$ to $O(d^2 m \log(\delta^2 n))$ depending on data structure (Dumas et al., 28 Jan 2026).
Proxy Re-Encryption: Enables secure multi-user data sharing over cloud platforms, with key migration unattainable for previous methods without trusted third parties or re-encryption key disclosure (Bellafqira et al., 2017).
Comparison with OKVR: OKHER leverages IND-CPA LHE for value-blindness without requiring Oblivious PRF rounds, streamlining instantiation and retaining retrieval efficiency (Dumas et al., 28 Jan 2026).

7. Practical Instantiations and Implementation Results

The BF-COIE protocol on Microsoft SEAL (BFV), instantiated with $N=16\,384$ and $t=65\,537$ , yields 128-bit quantum-safe security and ciphertexts $\approx 103$ KB (Choi et al., 2021). SealPIR-based retrievals can reduce fetch communication per match to $\approx 369$ KB (or $80$ KB in optimized variants). For $n=10\,000$ and $s=16$ , BF-COIE showed a $1800\times$ speed-up in retrieval time and major compression in bandwidth compared to LEAF+ (Choi et al., 2021).

Paillier-based HPRE instantiations require $O(3N)$ exponentiations for full key migration, with delegator and delegate performing only $O(1)$ cost offline for key generation and agreement, and the cloud never learning secret material or plaintexts (Bellafqira et al., 2017).

SOKVS-based OKHER achieves $O(m\log N)$ communication and sublinear PIR work, demonstrated on toy examples and scalable to large, structured databases (Dumas et al., 28 Jan 2026).

Summary Table: Protocol Parameters and Performance

Protocol	Setup/Encoding Cost	Communication	Retrieval Complexity
BF-COIE (Choi et al., 2021)	$O(n \log(n/s))$ additions, 0 multiplications	$O(s^{1+1/\eta}\log(n/s))$ ciphertexts	$O(s\log(n/s))$ checks
HPRE-based (Bellafqira et al., 2017)	$O(N)$ exponentiations, 2 offline encryptions	$O(N)$ ciphertexts (per round)	$O(N)$ exponentiations
SOKVS/PIR (Dumas et al., 28 Jan 2026)	$\widetilde O(N)$ (receiver), $O(m\log N)$ (sender)	$O(m\log N)$	$O(m)$ additions

All protocols support oblivious retrieval, IND-CPA security of output values, and operate robustly in the semi-honest adversarial model.

Oblivious Key Homomorphic Encryption Retrieval establishes a flexible and rigorously secure foundation for modern encrypted search, multi-party computation, and key-migratable encrypted data systems, as evidenced by empirical results and formal analyses in the referenced works.