SLS-INDEX-based Range Queries (SLRQ)

• The paper introduces SLRQ, a cryptographic querying scheme that integrates a hierarchical SLS-INDEX with Paillier encryption to achieve privacy-preserving range queries.
• The methodology employs a multi-tiered predictor tree with noise injection and dummy padding, ensuring sub-linear query times and robust protection against access pattern leakage.
• SLRQ outperforms previous methods by delivering efficient bucket prediction, reduced query latency, and scalability across diverse datasets.

SLS-INDEX-based Range Queries (SLRQ) define a cryptographic querying scheme that achieves privacy-preserving range queries over encrypted datasets. The core innovation integrates a secure learned spatial index (SLS-INDEX)—a hierarchical, data-aware structure leveraging Paillier homomorphic encryption and noise-injected buckets—with permutation-based bucket prediction and secure point extraction protocols. This construction attains sub-linear query times and provable security against inference from access patterns, search paths, and result volumes, outperforming prior cryptographic methods on both synthetic and real datasets (Wang et al., 3 Dec 2025).

1. Architectural Foundations and Data Flow

SLS-INDEX structures the encrypted database according to a Z-curve (space-filling curve) mapping, enabling dimensionality reduction and data locality preservation. The index employs a multi-tiered predictor tree, each node realized as a secure multi-layer perceptron (MLP) with encrypted parameters:

• Head Predictor $\widetilde{\mathcal M}^e_{(0,0)}$: Coarsely partitions the space into grid cells, driven by encrypted SMLP$_p$.
• Intermediate Predictors $\{\widetilde{\mathcal M}^e_{(i,j)}\}_{i=1..h-1}$: Recursively refine partitioning down to thresholds $m$, balancing cryptographic cost and MLP prediction accuracy.
• Leaf Predictors $\{{\mathcal M}^e_{(i,j)}\}_{i=h}$: Predict the exact encrypted bucket ID for each partition using SMLP$_c$-encrypted weights and biases.

Query execution follows a four-step data flow:

1. Preprocessing: Each plaintext point $p\in \mathbb{R}^d$ is mapped to Z-curve rank $p.\mathit{cur}$, sorted, bucketed, and the MLPs for all predictors are trained and encrypted. Leaf buckets are padded with dummy points to capacity $b$ for noise injection.
2. Query Trapdoor: Each query bound is encrypted via Paillier.
3. Secure Bucket Prediction (SBP): The prediction tree is traversed using homomorphic MLP evaluation on encrypted queries to produce an encrypted bucket ID. To obscure which bucket is relevant, a random scalar multiplication and dummy selection are applied, and only the relevant bucket is reconstructed after a permutation-based shuffle.
4. Secure Point Extraction (SPE): Secure extraction of candidate points and corresponding minimum bounding rectangles (MBRs), including homomorphic obfuscation and permutation before joint decryption and filtering.
5. Secure Range Check & Filtering: Range predicates are homomorphically evaluated on candidate points, followed by additional obfuscation, permutation, and selection, resulting in the output of the final encrypted result set.

2. Cryptographic Primitives and Secure Protocols

The SLRQ framework is grounded on the semantic security of the Paillier cryptosystem. Relevant primitives and protocols include:

• Paillier Key Generation and Homomorphic Properties: Keypair $(pk, sk)\leftarrow\mathrm{Setup}(1^\lambda)$; encryption is $E_{pk}(m)=g^m r^N\pmod{N^2}$; supports $E(m_1)E(m_2)=E(m_1+m_2)$ and $E(m)^k=E(km)$.
• Notation: Buckets $B_i$ of capacity $b$, leaf threshold $m$, number of predictor children $\eta$, and error tolerance $\mathit{err}_{max}=\max_p|\mathcal M(p)-p.bkt|$.
• Randomness and Obfuscation: All noise terms $r_1$, $r_2$, $r_{i,j}$ sampled from $\mathbb{Z}_N$ via PRFs. Buckets, queries, and permutations are masked accordingly for semantic security.
• Protocols:
  • Secure Bucket Prediction (SBP): At each predictor level, DSP sends a vector containing both the actual and dummy bucket IDs multiplied by a random scalar to DAP, which shuffles and returns the decoded values. This process provides $O(h)$ encrypted MLP inferences, $O(h\cdot\|\mathbb N\|)$ communication, and 2 rounds per level.
  • Secure Point Extraction (SPE): SBP is used on query bounds to get encrypted bucket range; bucket contents and MBRs are obfuscated and permuted before DAP intersection and filtering; only candidate results are transferred for final filtering.

3. Noise Injection and Access-Pattern Protection

To hide access patterns and bucket sizes, SLRQ incorporates several noise and obfuscation techniques:

• Dummy Padding: Each leaf bucket is padded to the fixed capacity $b$ using dummy points ($\llbracket 0\rrbracket$), eliminating size leakage.
• Prediction Error Calibration: The error tolerance $\mathit{err}_{max}$ is set so that $$\Pr[\mathcal M(p)\notin[p.bkt-\mathit{err}_{max},\,p.bkt+\mathit{err}_{max}]]=0$$.
• Random Scalars and Fuzzy Labels: Random scalars $r_1$, $r_2$ guarantee semantic hiding, and additional dummy child predictors introduce ambiguity at each intermediate node.
• Permutation and Obfuscation: Buckets, MBRs, and query representations are permuted using PRPs, making execution and access patterns indistinguishable under the leakage profile.

4. Formal Security Analysis

The security guarantees of SLRQ are defined in terms of leakage functions:

• Leakage Functions:
  • $\mathcal L_{\mathrm{Build}}(P)=(n,d,\Psi)$, where $\Psi$ is the Z-order permutation;
  • $$\mathcal L_{\mathrm{Update}}=(\mathit{pos},\mathit{bid},\varpi)$$, indexing updates;
  • $$\mathcal L_{\mathrm{Query}}=(\beta_{\min},\beta_{\max}, |R^e|)$$, encoding only bucket range and result set size.
• Simulation Argument: Security in the simulation paradigm is established by constructing a simulator $\mathcal S$ that, given only the leakage, can produce indistinguishable transcripts (random $P^*$, encrypted dummy index $I^{e*}$, encrypted trapdoors, and result ciphers). The semantic security of Paillier and randomness from $r_1$, $r_2$, and permutations $\pi_2$ render adversarial views indistinguishable from real execution, protecting dataset values, queries, results, and access patterns (Wang et al., 3 Dec 2025).

5. Performance Characteristics

Empirical evaluation of SLRQ demonstrates significant efficiency improvements and scalability:

Dataset (n=20,000)	Index Construction (s)	Storage (MB)
UNI	27.7	21.4
NOR	11.9	15.3
SKE	25.2	22.5
CAR	38.2	16.5
GOW	38.8	18.2

For $n=100{,}000$, index construction grows roughly linearly (UNI: 125.6 s; GOW: 186.8 s). Query latency on UNI increases from 0.55 s (20k) to $\sim$0.8 s (100k), and on GOW from 1.38 s to 1.9 s; recall remains approximately 100%. Bucket capacity $b=8$ provides optimal tradeoff, improving query speed by $\sim$37% compared to $b=4$. Paillier key size $K$ significantly impacts query time, rising from $\sim$0.3 s (1024 bits) to $\sim$1.8 s (4096 bits).

In comparative experiments, SLRQ outperforms TRQED$^+$ (1.8 s/query) and SRQ$_b$ (2.3 s/query) on UNI (SLRQ: $\sim$0.6 s) and exhibits similar advantages on GOW (SLRQ: $\sim$1.3 s vs. 3.4 s and 3.8 s). Communication constitutes 40–50% of query time, scaling as $O(d\log n\cdot\|N\|)$ bits per query (Wang et al., 3 Dec 2025).

6. Methodological and Practical Implications

SLRQ enables secure and accelerated range queries on encrypted spatial data, retaining provable privacy against inference from operational leakage. The protocol is modular, supporting sub-linear scans and efficient filtering by leveraging secure learned predictions over encrypted domains. Bucket permutation, noisy padding, and secure MLP inference collectively ensure both query efficiency and robust privacy.

A plausible implication is that further extensions to the SLS-INDEX architecture or adaptations to alternative cryptographic primitives could generalize the SLRQ approach to a broader spectrum of spatial and multidimensional analytics in cloud-centric, privacy-sensitive infrastructures. This suggests a foundation for scalable privacy-preserving data services in distributed, untrusted settings.