Lattice-based Public Key Encryption with Authorized Keyword Search: Construction, Implementation, and Applications

Public key encryption with keyword search (PEKS), formalized by Boneh et al. [EUROCRYPT\u27 04], enables secure searching for specific keywords in the ciphertext. Nevertheless, in certain scenarios, varying user tiers are granted disparate data searching privileges, and administrators need to restrict the searchability of ciphertexts to select users exclusively. To address this concern, Jiang et al. [ACISP\u27 16] devised a variant of PEKS, namely public key encryption with authorized keyword search (PEAKS), wherein solely authorized users possess the ability to conduct targeted keyword searches. Nonetheless, it is vulnerable to resist quantum computing attacks. As a result, research focusing on authorizing users to search for keywords while achieving quantum security is far-reaching. In this work, we present a novel construction, namely lattice-based PEAKS (L-PEAKS), which is the first mechanism to permit the authority to authorize users to search different keyword sets while ensuring quantum-safe properties. Specifically, the keyword is encrypted with a public key, and each authorized user needs to obtain a search privilege from an authority. The authority distributes an authorized token to a user within a time period and the user will generate a trapdoor for any authorized keywords. Technically, we utilize several lattice sampling and basis extension algorithms to fight against attacks from quantum adversaries. Moreover, we leverage identity-based encryption (IBE) to alleviate the bottleneck of public key management. Furthermore, we conduct parameter analysis, rigorous security reduction, and theoretical complexity comparison of our scheme and perform comprehensive evaluations at a commodity machine for completeness. Our L-PEAKS satisfies IND-sID-CKA and T-EUF security and is efficient in terms of space and computation complexity compared to other existing primitives. Finally, we provide two potential applications to show its versatility

Public key encryption with authorized keyword search

Public key encryption with keyword search (PEKS) provides an elegant mechanism for a user to identify the specific encrypted data. PEKS protects data against disclosure while making it searchable. In this paper, we propose a new cryptographic primitive called public key encryption with authorized keyword search (PEAKS). In PEAKS, keywords are encrypted with one public key and users without corresponding secret key need authorization from the authority to search keywords. We present a concrete PEAKS construction which allows the authority to authorize users to search different keyword sets. The proposed scheme features with the constant-size authorized token, independent of the size of keyword set size, which cuts down bandwidth consumption considerably. This property makes our PEAKS quite useful when the authorized token needs to be frequently updated with time for security purpose. The semantical security against chosen keyword attack and trapdoor unforgeability are formally proved

Secure-channel free keyword search with authorization in manager-centric databases

2016 Elsevier Ltd.Public key encryption with keyword search (PEKS) provides the functionality of encrypted data retrieval with keyword privacy in database systems. PEKS allows a user to specify a keyword and search the encrypted data associated with this keyword that is uploaded by others. In this paper, we investigate the retrieval privilege management in the manager-centric model, where each user has a different search right over the unique keyword set. Unfortunately, employing the prior PEKS and other related cryptographic techniques might suffer from the problems of key abuse and bandwidth consumption. To address these issues, we introduce a new cryptographic primitive called public key encryption with authorized keyword search (PEAKS). In PEAKS, the search right is assigned by the authority over a distinct keyword set and the user with an authorized search right can only search data associated with these keywords. We propose two constructions with formal security proof, namely the basic PEAKS scheme and the secure channel-free PEAKS (SCF-PEAKS) scheme. Both schemes feature with the constant-size authorized token, while the SCF-PEAKS scheme is also resistant against the outsider keyword guessing attacks. The performance evaluation shows that the proposed schemes consume less bandwidth for frequent token update