Public Key Encryption With Keyword Search Schemes Research Articles

Pairing-free public-key authenticated encryption with keyword search

With the growth of third-party cloud storage services, people often store a large amount of data on the cloud servers. However, to ensure the privacy, the sensitive data need to be encrypted before being uploaded to the cloud. Public-key encryption with keyword search (PEKS) is a promising technique that enables users to search target encrypted data by keywords. Unfortunately, most PEKS schemes are vulnerable to inside keyword guessing attacks (KGA). To solve this issue, Huang and Li introduced the concept of public-key authenticated encryption with keyword search (PAEKS), where the sender not only encrypts a keyword, but also authenticates it. However, our cryptanalysis indicated that the efficiency of most existing PAEKS schemes could be improved. Then, we present a novel pairing-free PAEKS scheme based on elliptic curves in this paper. The security proofs show that our scheme can achieve higher computational efficiency and enhanced security models, namely the multi-ciphertext indistinguishability (MCI) and trapdoor privacy (TP). Furthermore, the comparative results demonstrate the efficiency of our proposed scheme is three to thirteen times higher than that of other PAEKS schemes.

Secure channel free public key authenticated encryption with multi-keyword search on healthcare systems

A significant amount of electronic health records (EHRs) have been kept in the cloud due to the quick development of healthcare information systems. However, storing EHRs in the cloud may raise security and data privacy issues. Because of the privacy of a patient’s medical data, storing it on a cloud server requires encryption. Public-key encryption with keyword search (PEKS) solves the problem of retrieval on ciphertext, thus avoiding the problem of plaintext information leakage. However, most PEKS schemes are susceptible to inside keyword guessing attacks (KGA). Besides, transmitting the trapdoor to the cloud server requires a secure channel, which is impractical in healthcare information systems. Roughly speaking, PEKS does not protect the privacy of trapdoor and it is expensive to establish secure channels. In this paper, we propose a secure-channel free public key authenticated encryption with multi-keyword search (SCF-PAEMKS) scheme. The proposed SCF-PAEMKS scheme supports conjunctive keyword search, meanwhile satisfying multi-ciphertext indistinguishability (MCI) and multi-trapdoor privacy (MTP) simultaneously. The efficiency analysis and experimental results show that our SCF-PAEMKS scheme enjoys a better performance compared with related schemes.

A more efficient public-key authenticated encryption scheme with keyword search

To realize ciphertext retrieval without decryption in the public key settings, Boneh et al. in 2004 proposed a cryptographic primitive named Public-key Encryption with Keyword Search (PEKS) and proposed the first PEKS scheme. Following Boneh et al.’s work, various PEKS schemes were proposed; however, most schemes are vulnerable to inside keyword guessing attacks (IKGA). Huang and Li proposed a new primitive named Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017, which resists the IKGA in the setting of only one test server. Their main idea to resist IKGA is to require the data sender to authenticate the ciphertext while encrypting a keyword. However, in the era of big data, as the number of encrypted files increases, huge storage overhead and heavy retrieval costs become problems in PAEKS. In this paper, we proposed a new PAEKS scheme that costs low storage space and supports fast search. We introduced the ciphertext deduplication into PAEKS to reduce storage space and leveraged the inverted index to accelerate the retrieval process. We simulated the proposed scheme and several related schemes with a desktop computer. The experiment results show that our proposed scheme is of lower storage overhead and higher retrieval efficiency compared with related schemes.

Dual Fine-Grained Public-Key Searchable Encryption from Lattices

Fine-grained public key encryption with keyword search (PEKS), allowing users to search on encrypted data with flexible access control policy, has been widely studied recently due to its promising application to real-world scenarios such as cloud computing. However, most of the existing fine-grained PEKS schemes are either only able to support single access control (e.g., attribute-based access control) or susceptible to being attacked or compromised by quantum computers in or after a short time. In this paper, we propose a fine-grained PEKS scheme that o ers dual access control based on lattice. In particular, we first define a dual fine-grained PEKS primitive against chosen keyword attacks under selective security. Subsequently, we adapt the key homomorphic technique and noise rerandomization technique to design a concrete scheme. Particularly, the keyword space in our construction is unlimited. Then, we present a formal security proof against chosen keyword attacks on the learning with errors (LWE) problem in the standard model. Moreover, we demonstrate the theoretical performance and experimental result of our proposed scheme. Finally, we discuss that our scheme can be easily extended to support conjunctive keywords and delegation without incurring complex operations.

Public-key authenticated encryption with keyword search achieving both multi-ciphertext and multi-trapdoor indistinguishability

The notion of Public-key Encryption with Keyword Search (PEKS) was first proposed by Boneh et al. in 2004. However, almost all PEKS schemes cannot resist offline Keyword Guessing Attacks (KGA). To address this issue, Huang and Li introduced the notion of Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017. Recently, Qin et al. put forward a new security model named Multi-Ciphertext Indistinguishability (MCI), in which an adversary aims to distinguish two tuples of ciphertexts. They found that Huang and Li’s scheme cannot achieve MCI-security, so they proposed a new scheme which is able to achieve MCI-security. Furthermore, Qin et al. referred to another security model named Multi-Trapdoor Indistinguishability (MTI). They stated that the future work direction is to design a scheme which can achieve both MCI-security and MTI-security. In this paper, we present a new PAEKS scheme and prove that it is capable of achieving MCI-security and MTI-security simultaneously with the help of random oracles. Finally, we compare our scheme with other four related schemes using PBC library and provide experimental results. It turns out that our scheme achieves a higher security level with a little more cost.

Designated-ciphertext searchable encryption

Public-key encryption with keyword search (PEKS), proposed by Boneh et al. (2004), allows users to search encrypted keywords without losing data privacy. Although extensive studies have been conducted on this topic, only a few have focused on insider-keyword-guessing attacks (IKGA) that can reveal a user’s sensitive information. In particular, after receiving a trapdoor used to search ciphertext from a user, a malicious insider (e.g., a server) can randomly encrypt possible keywords using the user’s public key, and then test whether the trapdoor corresponds to the selected keyword. This paper introduces a new concept called designated-ciphertext searchable encryption (DCSE), which provides the same desired functionality as a PEKS scheme and prevents IKGA. Each trapdoor in DCSE is designated to a specific ciphertext, and thus malicious insiders cannot perform IKGA. We further propose a generic DCSE construction that employs identity-based encryption and a key encapsulation mechanism. We provide formal proofs to demonstrate that the generic construction satisfies the security requirements. Moreover, we provide a lattice-based instantiation whose security is based on NTRU and ring-learning with errors assumptions; the proposed scheme is thus considered to be resistant to the quantum-computing attacks.

SPEKS: Forward Private SGX-Based Public Key Encryption with Keyword Search

Public key encryption with keyword search (PEKS) enables users to search over encrypted data outsourced to an untrusted server. Unfortunately, updates to the outsourced data may incur information leakage by exploiting the previously submitted queries. Prior works addressed this issue by means of forward privacy, but most of them suffer from significant performance degradation. In this paper, we present a novel forward private PEKS scheme leveraging Software Guard Extension (SGX), a trusted execution environment provided by Intel. The proposed scheme presents substantial performance improvements over prior work. Specifically, we reduce the query processing cost from O(n) to O(1), where n is the number of encrypted data. According to our performance analysis, the overall computation time is reduced by 80% on average. Lastly, we provide a formal security definition of SGX-based forward private PEKS, as well as a rigorous security proof of the proposed scheme.

A Secure Data Sharing Scheme with Designated Server

The cloud-assisted Internet of Things (CIoT) is booming, which utilizes powerful data processing capabilities of the cloud platform to solve massive Internet of Things (IoT) data. However, the CIoT faces new security challenges, such as the confidentiality of the outsourced data. Data encryption is a fundamental technique that can guarantee the confidentiality of outsourced data, but it limits target encrypted data retrieval from cloud platform. Public key encryption with keyword search (PEKS) provides a promising solution to address this problem. In PEKS, a cloud server can be authorized to search the keyword in encrypted documents and retrieve associated encrypted documents for the receiver. However, most existing PEKS schemes merely focus on keyword search function while ignoring the associated documents encryption/decryption function. Thus, in practice, a PEKS scheme must cooperate with another separated public key encryption (PKE) scheme to fulfill a completely secure data sharing scheme. To address this problem, in this paper, we propose a secure data sharing scheme with designated server that combines PKE scheme with PEKS scheme, which provides both keyword search and documents encryption/decryption functions. Furthermore, only the designated server can search the keyword via encrypted documents for enhanced security in our work. Moreover, our scheme also satisfies the public verifiability of search results, which includes both keywords and documents ciphertexts’ correctness and integrity. As to the security, our scheme provides stronger indistinguishability security of document and keyword in the proposed security model.

A Generic Construction of Integrated Secure-Channel Free PEKS and PKE and its Application to EMRs in Cloud Storage.

To provide a search functionality for encrypted data, public key encryption with keyword search (PEKS) has been widely recognized. In actual usage, a PEKS scheme should be employed with a PKE scheme since PEKS itself does not support the decryption of data. Since a naive composition of a PEKS ciphertext and a PKE ciphertext does not provide CCA security, several attempts have been made to integrate PEKS and PKE in a joint CCA manner (PEKS/PKE for short). In this paper, we further extend these works by integrating secure-channel free PEKS (SCF-PEKS) and PKE, which we call SCF-PEKS/PKE, where no secure channel is required to send trapdoors. We give a formal security definition of SCF-PEKS/PKE in a joint CCA manner, and propose a generic construction of SCF-PEKS/PKE based on anonymous identity-based encryption, tag-based encryption, and one-time signature. We also strengthen the current consistency definition according to the secure-channel free property, and show that our construction is strongly consistent if the underlying IBE provides unrestricted strong collision-freeness which is defined in this paper. We also show that such an IBE scheme can be constructed by employing the Abdalla et al. transformations (TCC 2010/J. Cryptology 2018). Finally, as an application of SCF-PEKS/PKE, we strengthen the security of encrypted Electronic Medical Record (EMR) system proposed by Guo and Yau (J. Medical Sys. 2015).

Public-Key Encryption with Integrated Keyword Search

Since the last decade, the public-key encryption with keyword search (PEKS) has been studied as a popular technique for searching data over encrypted files. The notion finds useful application for fine-grained data search on outsourced encrypted data like iCloud, mobile cloud data, etc. In this paper, we present a concrete public-key encryption (PKE)+PEKS scheme and prove its security in the standard model. We prove that our scheme is both IND-PKE-CCA secure, that is, provides message confidentiality against an adaptive chosen-ciphertext adversary, and IND-PEKS-CCA secure, that is, provides keyword privacy against an adaptive chosen-ciphertext adversary, under the Symmetric eXternal Diffie-Hellman (SXDH) assumption. Our construction uses asymmetric pairings which enable a fast implementation useful for practical applications. Our scheme has much shorter ciphertexts than other known PKE+PEKS schemes. Particularly, we compare our scheme with other proposed PEKS and integrated PKE+PEKS schemes and provide a relative analysis of various parameters including assumption, security, and efficiency.

Provably secure public-key encryption with conjunctive and subset keyword search

Public-key encryption with keyword search (PEKS) schemes enable public key holders to encrypt documents, while the secret key holder is able to generate queries for the encrypted data. In this paper, we present two PEKS schemes with extended functionalities. The first proposed scheme supports conjunctive queries. That is, it enables searching for encrypted documents containing a chosen list of keywords. We prove the computational consistency of our scheme, and we prove security under the asymmetric DBDH assumption. We show that it improves previous related schemes in terms of efficiency and in terms of index and trapdoor size. The second proposed scheme supports subset queries and some more general predicates. We prove the computational consistency of our scheme, and we prove our scheme secure under the p-BDHI assumption. We show that it improves previous related schemes in terms of efficiency and expressiveness. Moreover, unlike previous related schemes, it admits an arbitrary keyword space.

Cryptanalysis of the existing integrated PKE and PEKS schemes

Public key encryption with keyword search (PEKS) is a useful cryptographic primitive which allows one to delegate to an untrusted storage server the capability of searching on publicly encrypted data without impacting the security and privacy of original data. However, due to lack of data encryption/decryption function, a PEKS scheme cannot be used alone but has to be coupled with a standard public key encryption (PKE) scheme. For this reason, a new cryptographic primitive called integrated PKE and PEKS (PKE/PEKS) was introduced by Baek et al. in 2006, which provides the functions of both PKE and PEKS. So far, several PKE/PEKS schemes have been proposed in the literature. However, none of them considers the keyword guessing attack. The first PKE/PEKS scheme proposed by Baek et al. was shown to be insecure under this attack. In this paper, we analyse the security of other PKE/PEKS schemes. We demonstrate that none of these schemes can resist the keyword guessing attack. The presented attacks show that a malicious storage server can successfully guess the keyword encoded in any keyword trapdoor produced by these schemes. Therefore, it is still an unsolved problem to devise a PKE/PEKS scheme withstanding the keyword guessing attack.

Cryptanalysis of the existing integrated PKE and PEKS schemes

Public key encryption with keyword search (PEKS) is a useful cryptographic primitive which allows one to delegate to an untrusted storage server the capability of searching on publicly encrypted data without impacting the security and privacy of original data. However, due to lack of data encryption/decryption function, a PEKS scheme cannot be used alone but has to be coupled with a standard public key encryption (PKE) scheme. For this reason, a new cryptographic primitive called integrated PKE and PEKS (PKE/PEKS) was introduced by Baek et al. in 2006, which provides the functions of both PKE and PEKS. So far, several PKE/PEKS schemes have been proposed in the literature. However, none of them considers the keyword guessing attack. The first PKE/PEKS scheme proposed by Baek et al. was shown to be insecure under this attack. In this paper, we analyse the security of other PKE/PEKS schemes. We demonstrate that none of these schemes can resist the keyword guessing attack. The presented attacks show that a malicious storage server can successfully guess the keyword encoded in any keyword trapdoor produced by these schemes. Therefore, it is still an unsolved problem to devise a PKE/PEKS scheme withstanding the keyword guessing attack.

Robust Encryption

We provide a provable-security treatment of "robust" encryption. Robustness means it is hard to produce a ciphertext that is valid for two different users. Robustness makes explicit a property that has been implicitly assumed in the past. We argue that it is an essential conjunct of anonymous encryption. We show that natural anonymity-preserving ways to achieve it, such as adding recipient identification information before encrypting, fail. We provide transforms that do achieve it, efficiently and provably. We assess the robustness of specific encryption schemes in the literature, providing simple patches for some that lack the property. We explain that robustness of the underlying anonymous IBE scheme is essential for public-key encryption with keyword search (PEKS) to be consistent (meaning, not have false positives), and our work provides the first generic conversions of anonymous IBE schemes to consistent (and secure) PEKS schemes. Overall, our work enables safer and simpler use of encryption.

Public‐key encryption with keyword search secure against continual memory attacks

AbstractContinual memory attacks, inspired by recent realistic physical attacks, have broken many cryptographic schemes that were considered secure in traditional cryptography model. In this paper, we consider the continual memory leakage resilience in public‐key encryption with keyword search scheme (PEKS). We give the definition of continual memory leakage resilience security for PEKS, which allows continual secret key leakage in the trapdoor generation algorithm rather than leakage of trapdoor itself. We believe that the definition is more suitable for practical PEKS scenario. To construct a concrete PEKS scheme secure against continual memory attacks, we firstly obtain a continual master‐key leakage‐resilient anonymous identity‐based encryption (IBE) scheme by applying the generic tool provided by Lewko et al. to a fully secure anonymous IBE scheme that comes from the fully secure anonymous hierarchical identity‐based encryption (HIBE) scheme of De Caro and colleagues. Then, we transform our continual master‐key leakage‐resilient anonymous IBE scheme to a PEKS scheme using the generic Anonymous IBE‐to‐PEKS transformation and prove its continual leakage‐resilient security. Copyright © 2016 John Wiley & Sons, Ltd.

Generic constructions of integrated PKE and PEKS

In this paper we investigate the topic of integrated public-key encryption (PKE) and public-key encryption with keyword search (PEKS) schemes (PKE---PEKS as shorthand). We first formalize the strongest security notion to date for PKE---PEKS schemes, named joint CCA-security. We then propose two simple constructions of jointly CCA-secure PKE---PEKS schemes from anonymous (hierarchical) identity-based encryption schemes. Besides, we also define the notion of consistency for PKE---PEKS schemes, as well as revisit its related notions (including consistency of PEKS schemes, robustness and collision-freeness of IBE schemes), which may be of independent interest.

Efficient searchable ID-based encryption with a designated server

Public key encryption with keyword search (PEKS) is a mechanism that allows one to extract e-mails containing a particular keyword by providing a trapdoor corresponding to the keyword. And parties without the trapdoor are unable to learn any information about the extracted e-mails. Meanwhile, a PEKS scheme is also suitable to provide a secure storage system in cloud computing environment. However, in a PEKS scheme, a secure channel must be established to transmit trapdoors. A PEKS scheme with a designated server, termed dPEKS, removes the requirement of the secure channel while retaining the same functionality of PEKS. Up to date, the related studies on dPEKS are all based on the pairing-based public key system. No work focuses on dPEKS based on ID-based systems, termed dIBEKS. In this article, we propose the first dIBEKS scheme that possesses the advantage (removing certificate management) of ID-based systems. Security analysis is given to demonstrate that our scheme is provably secure and can resist off-line keyword guessing attacks. When compared with previously proposed dPEKS schemes, our scheme has better performance in terms of computational time.

Security Improvement Against Malicious Server’s Attackfor a dPEKS Scheme

While the original public-key encryption with keyword search scheme (PEKS) has been pointed out to be insecure against off-line keyword-guessing attacks, some public-key encryption with designated tester schemes (dPEKS) proposed recently also encounter the same attacks. Rhee et al. proposed a dPEKS which is intended to prevent the off-line keyword-guessing attacks. However, we find that the off-line keyword-guessing attacks are still working in the test phase when some malicious servers exist. Hence, we add a random parameter into the test phase of Rhee et al.'s scheme to get a more secure and improved dPEKS scheme so as to prevent from keyword-guessing attacks and to benefit the advantages of dPEKS as well. Index Terms—Searchable encryption, designated tester, data