Ciphertext-Policy Delegatable Hidden Vector Encryption and Its Application to Searchable Encryption in Multi-user Setting

Abstract

We propose a new type of hidden vector encryption (HVE) schemes that we call a ciphertext-policy delegatable hidden vector encryption (CP-dHVE) scheme. Several HVE or delegatable HVE schemes have already been proposed and used for achieving searchable encryption which is capable of conjunctive, subset, and range queries on ciphertexts. Those schemes, however, could be categorized as key-policy HVEs because vectors corresponding to secret keys can contain arbitrary number of wildcards (which specify an access policy) whereas vectors corresponding to ciphertexts cannot contain any wildcards. Nonetheless, its dual concept, CP-dHVE, has not been formalized thus far, which leaves the theory of HVE incomplete and potential applications veiled. We therefore formalize CP-dHVE, clarify its security requirements, and propose a concrete scheme which satisfies our security requirements. Our scheme is based on an anonymous hierarchical identity-based encryption (AHIBE) scheme and a wildcard-applicable HIBE (or simply WIBE) scheme. We utilize our “half-baked” methodology to transform an AHIBE scheme into a WIBE scheme, and a well known linear-splitting methodology to make our scheme anonymous. Finally, we show as one of applications of our CP-dHVE scheme a public-key encryption with conjunctive keyword search scheme in the multi-user setting. The ciphertext size of our scheme grows logarithmically to the number of uses while that of a conventional scheme grows linearly, which makes our scheme attractive.