Password Authenticated Keyword Search

In this paper we introduce Password Authenticated Keyword Search (PAKS), a cryptographic scheme where any user can use a single human-memorizable password to outsource encrypted data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PAKS ensures that only the legitimate user who knows the initially registered password can perform outsourcing and retrieval of the encrypted data. In particular, PAKS guarantees that no single server can mount an offline attack on the user's password or learn any information about the encrypted keywords. The concept behind PAKS protocols extends previous concepts behind searchable encryption by removing the requirement on the client to store high-entropy keys, thus making the protocol device-agnostic on the user side. In this paper we model three security requirements for PAKS schemes (indistinguishability against chosen keyword attacks, authentication and consistency) and propose an efficient direct construction in a two-server setting those security we prove in the standard model under the Decisional Diffie-Hellman assumption. Our efficiency comparison shows that the proposed scheme is practical and offers high performance in relation to computations and communications on the user side.

[1]  Jan Camenisch,et al.  Two-Server Password-Authenticated Secret Sharing UC-Secure Against Transient Corruptions , 2015, Public Key Cryptography.

[2]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[3]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[4]  Aggelos Kiayias,et al.  Highly-Efficient and Composable Password-Protected Secret Sharing (Or: How to Protect Your Bitcoin Wallet Online) , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[5]  Feng Hao,et al.  Practical Threshold Password-Authenticated Secret Sharing Protocol , 2015, ESORICS.

[6]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[7]  Kihyun Kim,et al.  Public Key Encryption with Conjunctive Field Keyword Search , 2004, WISA.

[8]  Jan Camenisch,et al.  Memento: How to Reconstruct Your Secrets from a Single Password in a Hostile Environment , 2014, CRYPTO.

[9]  Jan Camenisch,et al.  Practical yet universally composable two-server password-authenticated secret sharing , 2012, CCS.

[10]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[11]  Aggelos Kiayias,et al.  Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model , 2014, ASIACRYPT.

[12]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[13]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[14]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[15]  Fuchun Guo,et al.  Dual-Server Public-Key Encryption With Keyword Search for Secure Cloud Storage , 2016, IEEE Transactions on Information Forensics and Security.

[16]  Franziskus Kiefer,et al.  Blind Password Registration for Two-Server Password Authenticated Key Exchange and Secret Sharing Protocols , 2016, ISC.

[17]  Franziskus Kiefer,et al.  Universally Composable Two-Server PAKE , 2016, ISC.

[18]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[19]  Lucas Ballard,et al.  Achieving Efficient Conjunctive Keyword Searches over Encrypted Data , 2005, ICICS.

[20]  Nitesh Saxena,et al.  Password-protected secret sharing , 2011, CCS '11.

[21]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[22]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[23]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[24]  Murat Kantarcioglu,et al.  Multi-Keyword search over encrypted data with scoring and search pattern obfuscation , 2015, International Journal of Information Security.

[25]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[26]  Veronika Kuchta,et al.  Public Key Encryption with Distributed Keyword Search , 2015, INTRUST.