Multi-Keyword Searchable and Data Verifiable Attribute-Based Encryption Scheme for Cloud Storage

Abstract

In a data sharing system, it is a basic requirement for a user, who has an appropriate privilege to perform keyword retrieval for encrypted documents stored in the cloud. Although traditional searchable encryption technology can provide data protection and retrieval characteristic, there are some main issues should also be considered. First, most existing attribute-based searchable encryption schemes only support single-keyword search, which may return abundant irrelevant search results, resulting in a waste of computational and broadband resources. Second, the user often needs to seek some data related to some particular keywords but his attributes may be altered frequently. Third, the cloud server is not completely loyal which sometimes returns a fraction of erroneous search results. Focus on these issues, a practical multi-keyword searchable encryption scheme is proposed for data integrity verification and attribute revocation by combining the ciphertext policy attribute-based encryption (CP-ABE) and auditing ideas. The scheme on one hand supports multi-keyword search which avoids the cloud server yield ample irrelevant documents by narrowing the search scope, and the other hand can implement effectively attribute revocation by entrusting ciphertext updates to the powerful cloud server, thereby preventing access by illegal users. Furthermore, third-party audits use verification algorithms to ensure the correctness of search results and reduce the amount of computing by end users. The most critically, the scheme proved to be resistant to selective plaintext attacks and selective keyword attacks under the general group model. The extensive experimental results demonstrate that the scheme is more expressive, efficient, and feasible in the practical applications.