Public-key Authenticated Encryption with Keyword Search: Cryptanalysis, Enhanced Security, and Quantum-resistant Instantiation

With the rapid development of cloud computing, an increasing number of companies are adopting cloud storage to reduce overhead. However, to ensure the privacy of sensitive data, the uploaded data need to be encrypted before being outsourced to the cloud. The concept of public-key encryption with keyword search (PEKS) was introduced by Boneh et al. to provide flexible usage of the encrypted data. Unfortunately, most of the PEKS schemes are not secure against inside keyword guessing attacks (IKGA), so the keyword information of the trapdoor may be leaked to the adversary. To solve this issue, Huang and Li presented public key authenticated encryption with keyword search (PAEKS) in which the trapdoor generated by the receiver is only valid for authenticated ciphertexts. With their seminal work, many PAEKS schemes have been introduced for the enhanced security of PAEKS. Some of them further consider the upcoming quantum attacks. However, our cryptanalysis indicated that in fact, these schemes could not withstand IKGA. To fight against the attacks from quantum adversaries and support the privacy-preserving search functionality, we first introduce a novel generic PAEKS construction in this work. Then, we further present the first quantum-resistant PAEKS instantiation based on lattices. The security proofs show that our instantiation not only satisfies the basic requirements but also achieves an enhanced security model, namely the multi-ciphertext indistinguishability and multi-trapdoor privacy. Furthermore, the comparative results indicate that with only some additional expenditure, the proposed instantiation provides more secure properties, making it suitable for more diverse application environments.

[1]  Ximeng Liu,et al.  Public-key authenticated encryption with keyword search revisited: Security model and constructions , 2020, Inf. Sci..

[2]  Fuchun Guo,et al.  Dual-Server Public-Key Encryption With Keyword Search for Secure Cloud Storage , 2016, IEEE Transactions on Information Forensics and Security.

[3]  Tatsuya Suzuki,et al.  A Generic Construction of Integrated Secure-Channel Free PEKS and PKE , 2018, ISPEC.

[4]  Qiong Huang,et al.  An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks , 2017, Inf. Sci..

[5]  Raylin Tso,et al.  Public-Key Authenticated Encryption with Keyword Search: A Generic Construction and Its Quantum-Resistant Instantiation , 2021, Comput. J..

[6]  Keita Emura,et al.  A Generic Construction of Secure-Channel Free Searchable Encryption with Multiple Keywords , 2017, NSS.

[7]  Huaxiong Wang,et al.  FS-PEKS: Lattice-Based Forward Secure Public-Key Encryption with Keyword Search for Cloud-Assisted Industrial Internet of Things , 2019, IEEE Transactions on Dependable and Secure Computing.

[8]  Dan Boneh,et al.  Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE , 2010, CRYPTO.

[9]  Dong Hoon Lee,et al.  Off-Line Keyword Guessing Attacks on Recent Keyword Search Schemes over Encrypted Data , 2006, Secure Data Management.

[10]  Sherali Zeadally,et al.  Certificateless Public Key Authenticated Encryption With Keyword Search for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[11]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[12]  Sherali Zeadally,et al.  Dual-Server Public-Key Authenticated Encryption with Keyword Search , 2019, IEEE Transactions on Cloud Computing.

[13]  Joonsang Baek,et al.  Public Key Encryption with Keyword Search Revisited , 2008, ICCSA.

[14]  Fei Meng,et al.  Security analysis of Pan et al.'s "Public-key authenticated encryption with keyword search achieving both multi-ciphertext and multi-trapdoor indistinguishability" , 2021, J. Syst. Archit..

[15]  Qiang Tang,et al.  Public-Key Encryption with Registered Keyword Search , 2009, EuroPKI.

[16]  Raylin Tso,et al.  Identity-Certifying Authority-Aided Identity-Based Searchable Encryption Framework in Cloud Systems , 2022, IEEE Systems Journal.

[17]  Jonathan Katz,et al.  A new framework for efficient password-based authenticated key exchange , 2010, CCS '10.

[18]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[19]  Fagen Li,et al.  Public-key authenticated encryption with keyword search achieving both multi-ciphertext and multi-trapdoor indistinguishability , 2021, J. Syst. Archit..

[20]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[21]  Ron Steinfeld,et al.  Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption , 2018, CCS.

[22]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[23]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[24]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[25]  Pil Joong Lee,et al.  Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System , 2007, Pairing.

[26]  David Pointcheval,et al.  Fuzzy Password-Authenticated Key Exchange , 2018, EUROCRYPT.

[27]  Jiguo Li,et al.  Lightweight Public Key Authenticated Encryption With Keyword Search Against Adaptively-Chosen-Targets Adversaries for Mobile Devices , 2022, IEEE Transactions on Mobile Computing.

[28]  Guomin Yang,et al.  Towards Enhanced Security for Certificateless Public-Key Authenticated Encryption with Keyword Search , 2019, ProvSec.

[29]  Attila A. Yavuz,et al.  Lattice-Based Public Key Searchable Encryption from Experimental Perspectives , 2020, IEEE Transactions on Dependable and Secure Computing.

[30]  Chris Peikert,et al.  Generating Shorter Bases for Hard Random Lattices , 2009, Theory of Computing Systems.

[31]  Dong Hoon Lee,et al.  Constructing PEKS schemes secure against keyword guessing attacks is possible? , 2009, Comput. Commun..

[32]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[33]  Atsuko Miyaji,et al.  Generic constructions of secure-channel free searchable encryption with adaptive security , 2015, Secur. Commun. Networks.

[34]  Peng Jiang,et al.  Online/Offline Ciphertext Retrieval on Resource Constrained Devices , 2016, Computer/law journal.

[35]  Florian Kerschbaum,et al.  Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption , 2020, USENIX Security Symposium.

[36]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[37]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[38]  Tarik Moataz,et al.  Boolean symmetric searchable encryption , 2013, ASIA CCS '13.

[39]  Dong Hoon Lee,et al.  Improved searchable public key encryption with designated tester , 2009, ASIACCS '09.

[40]  Ziba Eslami,et al.  Public key authenticated encryption with keyword search: revisited , 2019, IET Inf. Secur..

[41]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[42]  Jiguo Li,et al.  Secure Channel Free Certificate-Based Searchable Encryption Withstanding Outside and Inside Keyword Guessing Attacks , 2021, IEEE Transactions on Services Computing.

[43]  Fuchun Guo,et al.  Server-Aided Public Key Encryption With Keyword Search , 2016, IEEE Transactions on Information Forensics and Security.

[44]  Franziskus Kiefer,et al.  Distributed Smooth Projective Hashing and Its Application to Two-Server Password Authenticated Key Exchange , 2014, ACNS.

[45]  Dong Hoon Lee,et al.  Trapdoor security in a searchable public-key encryption scheme with a designated tester , 2010, J. Syst. Softw..

[46]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[47]  Willy Susilo,et al.  A Secure Channel Free Public Key Encryption with Keyword Search Scheme without Random Oracle , 2009, CANS.

[48]  Tatsuya Suzuki,et al.  A Generic Construction of Integrated Secure-Channel Free PEKS and PKE and its Application to EMRs in Cloud Storage , 2019, Journal of Medical Systems.

[49]  Ran Canetti,et al.  Efficient Password Authenticated Key Exchange via Oblivious Transfer , 2012, Public Key Cryptography.

[50]  David Pointcheval,et al.  Public-key encryption indistinguishable under plaintext-checkable attacks , 2016, IET Inf. Secur..

[51]  Jian Shen,et al.  Designated-server identity-based authenticated encryption with keyword search for encrypted emails , 2019, Inf. Sci..

[52]  Hugo Krawczyk,et al.  OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks , 2018, IACR Cryptol. ePrint Arch..

[53]  Xiaojun Zhang,et al.  Lattice-based proxy-oriented identity-based encryption with keyword search for cloud storage , 2019, Inf. Sci..

[54]  Ziba Eslami,et al.  Certificateless authenticated encryption with keyword search: Enhanced security model and a concrete construction for industrial IoT , 2020, J. Inf. Secur. Appl..

[55]  Jonathan Katz,et al.  Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices , 2009, ASIACRYPT.

[56]  Ron Steinfeld,et al.  Multi-Writer Searchable Encryption: An LWE-based Realization and Implementation , 2019, AsiaCCS.

[57]  Fuchun Guo,et al.  A New General Framework for Secure Public Key Encryption with Keyword Search , 2015, ACISP.

[58]  Léo Ducas,et al.  Hash Proof Systems over Lattices Revisited , 2018, IACR Cryptol. ePrint Arch..

[59]  Wei Wang,et al.  Public-Key Encryption with Fuzzy Keyword Search: A Provably Secure Scheme under Keyword Guessing Attack , 2013, IEEE Transactions on Computers.

[60]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[61]  Yang Lu,et al.  Pairing-Free Certificate-Based Searchable Encryption Supporting Privacy-Preserving Keyword Search Function for IIoTs , 2021, IEEE Transactions on Industrial Informatics.

[62]  Ioannis Demertzis,et al.  Dynamic Searchable Encryption with Small Client Storage , 2019, IACR Cryptol. ePrint Arch..