Designated-ciphertext searchable encryption

Abstract

Public-key encryption with keyword search (PEKS), proposed by Boneh et al. (2004), allows users to search encrypted keywords without losing data privacy. Although extensive studies have been conducted on this topic, only a few have focused on insider-keyword-guessing attacks (IKGA) that can reveal a user’s sensitive information. In particular, after receiving a trapdoor used to search ciphertext from a user, a malicious insider (e.g., a server) can randomly encrypt possible keywords using the user’s public key, and then test whether the trapdoor corresponds to the selected keyword. This paper introduces a new concept called designated-ciphertext searchable encryption (DCSE), which provides the same desired functionality as a PEKS scheme and prevents IKGA. Each trapdoor in DCSE is designated to a specific ciphertext, and thus malicious insiders cannot perform IKGA. We further propose a generic DCSE construction that employs identity-based encryption and a key encapsulation mechanism. We provide formal proofs to demonstrate that the generic construction satisfies the security requirements. Moreover, we provide a lattice-based instantiation whose security is based on NTRU and ring-learning with errors assumptions; the proposed scheme is thus considered to be resistant to the quantum-computing attacks.