A Survey of Provably Secure Searchable Encryption

We survey the notion of provably secure searchable encryption (SE) by giving a complete and comprehensive overview of the two main SE techniques: searchable symmetric encryption (SSE) and public key encryption with keyword search (PEKS). Since the pioneering work of Song, Wagner, and Perrig (IEEE S&P '00), the field of provably secure SE has expanded to the point where we felt that taking stock would provide benefit to the community. The survey has been written primarily for the nonspecialist who has a basic information security background. Thus, we sacrifice full details and proofs of individual constructions in favor of an overview of the underlying key techniques. We categorize and compare the different SE schemes in terms of their security, efficiency, and functionality. For the experienced researcher, we point out connections between the many approaches to SE and identify open research problems. Two major conclusions can be drawn from our work. While the so-called IND-CKA2 security notion becomes prevalent in the literature and efficient (sublinear) SE schemes meeting this notion exist in the symmetric setting, achieving this strong form of security efficiently in the asymmetric setting remains an open problem. We observe that in multirecipient SE schemes, regardless of their efficiency drawbacks, there is a noticeable lack of query expressiveness that hinders deployment in practice.

[1]  Dalia Khader,et al.  Public Key Encryption with Keyword Search Based on K-Resilient IBE , 2006, ICCSA.

[2]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[3]  Alexandra Boldyreva,et al.  Provably-Secure Schemes for Basic Query Support in Outsourced Databases , 2007, DBSec.

[4]  Brent Waters,et al.  New constructions and practical applications for private stream searching , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[6]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[7]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[8]  Vincenzo Iovino,et al.  Hidden-Vector Encryption with Groups of Prime Order , 2008, Pairing.

[9]  Elaine Shi,et al.  Delegating Capabilities in Predicate Encryption Systems , 2008, ICALP.

[10]  Tatsuaki Okamoto,et al.  Hierarchical Predicate Encryption for Inner-Products , 2009, ASIACRYPT.

[11]  Pieter H. Hartel,et al.  Efficient Tree Search in Encrypted Data , 2004, Inf. Secur. J. A Glob. Perspect..

[12]  Liqun Chen,et al.  Security Proof of Sakai-Kasahara's Identity-Based Encryption Scheme , 2005, IMACC.

[13]  Melissa Chase,et al.  Structured Encryption and Controlled Disclosure , 2010, IACR Cryptol. ePrint Arch..

[14]  Tal Malkin,et al.  Secure anonymous database search , 2009, CCSW '09.

[15]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[16]  Robert H. Deng,et al.  Private Query on Encrypted Data in Multi-user Settings , 2008, ISPEC.

[17]  Sanjit Chatterjee,et al.  On cryptographic protocols employing asymmetric pairings - The role of Ψ revisited , 2011, Discret. Appl. Math..

[18]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[19]  Rafail Ostrovsky,et al.  Efficient computation on oblivious RAMs , 1990, STOC '90.

[20]  Bill Cheswick,et al.  Privacy-Enhanced Searches Using Encrypted Bloom Filters , 2004, IACR Cryptol. ePrint Arch..

[21]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[22]  Pil Joong Lee,et al.  Public Key Encryption with Conjunctive Keyword Search and Its Extension to a Multi-user System , 2007, Pairing.

[23]  Vincenzo Iovino,et al.  Private-Key Hidden Vector Encryption with Key Confidentiality , 2009, CANS.

[24]  L FredmanMichael,et al.  Storing a Sparse Table with 0(1) Worst Case Access Time , 1984 .

[25]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[26]  Peishun Wang,et al.  Keyword Field-Free Conjunctive Keyword Searches on Encrypted Data and Extension for Dynamic Groups , 2008, CANS.

[27]  Dong Hoon Lee,et al.  Efficient Conjunctive Keyword Search on Encrypted Data Storage System , 2006, EuroPKI.

[28]  Charalampos Papamanthou,et al.  Parallel and Dynamic Searchable Symmetric Encryption , 2013, Financial Cryptography.

[29]  Kaoru Kurosawa,et al.  UC-Secure Searchable Symmetric Encryption , 2012, Financial Cryptography.

[30]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[31]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[32]  Dong Hoon Lee,et al.  A Hidden Vector Encryption Scheme with Constant-Size Tokens and Pairing Computations , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[33]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[34]  Peishun Wang,et al.  An Efficient Scheme of Common Secure Indices for Conjunctive Keyword-Based Retrieval on Encrypted Data , 2009, WISA.

[35]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[36]  Joonsang Baek,et al.  Public Key Encryption with Keyword Search Revisited , 2008, ICCSA.

[37]  Craig Gentry,et al.  A Simple BGN-Type Cryptosystem from LWE , 2010, EUROCRYPT.

[38]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[39]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[40]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[41]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[42]  Jacques Stern,et al.  Extended Notions of Security for Multicast Public Key Cryptosystems , 2000, ICALP.

[43]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[44]  共立出版株式会社 コンピュータ・サイエンス : ACM computing surveys , 1978 .

[45]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Ciphertext Policies , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[46]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[47]  Pieter H. Hartel,et al.  Selective Document Retrieval from Encrypted Database , 2012, ISC.

[48]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[49]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[50]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[51]  Julien Bringer,et al.  Error-Tolerant Searchable Encryption , 2009, 2009 IEEE International Conference on Communications.

[52]  Lucas Ballard,et al.  Achieving Efficient Conjunctive Keyword Searches over Encrypted Data , 2005, ICICS.

[53]  Antoine Joux,et al.  The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems , 2002, ANTS.

[54]  Yutaka Hata,et al.  Fuzzy-ASM Based Automated Skull Stripping Method from Infantile Brain MR Images , 2007 .

[55]  Kihyun Kim,et al.  Public Key Encryption with Conjunctive Field Keyword Search , 2004, WISA.

[56]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[57]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[58]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[59]  Qiang Tang,et al.  Public-Key Encryption with Registered Keyword Search , 2009, EuroPKI.

[60]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[61]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[62]  Peishun Wang,et al.  A New Dynamic Accumulator for Batch Updates , 2007, ICICS.

[63]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[64]  Mihir Bellare,et al.  Randomness Re-use in Multi-recipient Encryption Schemeas , 2003, Public Key Cryptography.

[65]  Dong Hoon Lee,et al.  Trapdoor security in a searchable public-key encryption scheme with a designated tester , 2010, J. Syst. Softw..

[66]  Pieter H. Hartel,et al.  Computationally Efficient Searchable Symmetric Encryption , 2010, Secure Data Management.

[67]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[68]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[69]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[70]  Tsuyoshi Takagi,et al.  Efficient Conjunctive Keyword-Searchable Encryption , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[71]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[72]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[73]  Julien Bringer,et al.  Biometric Identification over Encrypted Data Made Feasible , 2009, ICISS.

[74]  Angelo De Caro,et al.  Hidden Vector Encryption Fully Secure Against Unrestricted Queries , 2011, IACR Cryptol. ePrint Arch..

[75]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[76]  Pieter H. Hartel,et al.  Public-Key Encryption with Delegated Search , 2011, ACNS.

[77]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[78]  Naranker Dulay,et al.  Shared and Searchable Encrypted Data for Untrusted Servers , 2008, DBSec.

[79]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[80]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[81]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[82]  Kaoru Kurosawa,et al.  k-Resilient Identity-Based Encryption in the Standard Model , 2004, CT-RSA.

[83]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[84]  Bok-Min Goi,et al.  Off-Line Keyword Guessing Attacks on Recent Public Key Encryption with Keyword Search Schemes , 2008, ATC.

[85]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[86]  Hideki Imai,et al.  Combining Public Key Encryption with Keyword Search and Public Key Encryption , 2009, IEICE Trans. Inf. Syst..

[87]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[88]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[89]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[90]  Takato Hirano,et al.  Ciphertext-Policy Delegatable Hidden Vector Encryption and Its Application to Searchable Encryption in Multi-user Setting , 2011, IMACC.

[91]  Mihir Bellare,et al.  Multirecipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacrificing Security , 2007, IEEE Transactions on Information Theory.

[92]  Peishun Wang,et al.  Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data , 2007, Secure Data Management.

[93]  Kaoru Kurosawa,et al.  k-Resilient Identity-Based Encryption in the Standard Model , 2004, CT-RSA.

[94]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[95]  Kaoru Kurosawa,et al.  Multi-recipient Public-Key Encryption with Shortened Ciphertext , 2002, Public Key Cryptography.

[96]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[97]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[98]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[99]  Pieter H. Hartel,et al.  Searching Keywords with Wildcards on Encrypted Data , 2010, SCN.

[100]  Mike Scott,et al.  Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[101]  Peishun Wang,et al.  Threshold Privacy Preserving Keyword Searches , 2008, SOFSEM.

[102]  Jong Hwan Park,et al.  Inner-product encryption under standard assumptions , 2011, Des. Codes Cryptogr..

[103]  Qiang Tang,et al.  Towards Public Key Encryption Scheme Supporting Equality Test with Fine-Grained Authorization , 2011, ACISP.

[104]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[105]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[106]  Joonsang Baek,et al.  On the Integration of Public Key Data Encryption and Public Key Encryption with Keyword Search , 2006, ISC.

[107]  Qiang Tang,et al.  Public key encryption supporting plaintext equality test and user-specified authorization , 2012, Secur. Commun. Networks.

[108]  Rafail Ostrovsky,et al.  Private Searching on Streaming Data , 2005, Journal of Cryptology.

[109]  Pil Joong Lee,et al.  Searchable Keyword-Based Encryption , 2005, IACR Cryptol. ePrint Arch..

[110]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[111]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[112]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[113]  HartelPieter,et al.  A Survey of Provably Secure Searchable Encryption , 2014 .

[114]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[115]  Qiang Tang,et al.  Public key encryption schemes supporting equality test with authorisation of different granularity , 2012, Int. J. Appl. Cryptogr..

[116]  Cong Wang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[117]  Robert H. Deng,et al.  Multiuser private queries over encrypted databases , 2009, Int. J. Appl. Cryptogr..

[118]  Dong Hoon Lee,et al.  Secure Similarity Search , 2007, 2007 IEEE International Conference on Granular Computing (GRC 2007).

[119]  Dong Hoon Lee,et al.  Improved searchable public key encryption with designated tester , 2009, ASIACCS '09.

[120]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[121]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[122]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[123]  Guomin Yang,et al.  Probabilistic Public Key Encryption with Equality Test , 2010, CT-RSA.

[124]  Eike Kiltz,et al.  Direct Chosen-Ciphertext Secure Identity-Based Key Encapsulation without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[125]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[126]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[127]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[128]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[129]  Kaisa Nyberg,et al.  Fast Accumulated Hashing , 1996, FSE.

[130]  Dong Hoon Lee,et al.  Improved hidden vector encryption with short ciphertexts and tokens , 2011, Des. Codes Cryptogr..

[131]  Brent Waters,et al.  New Techniques for Private Stream Searching , 2009, TSEC.

[132]  Aggelos Kiayias,et al.  Group Encryption , 2007, ASIACRYPT.

[133]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[134]  GoldreichOded,et al.  Software protection and simulation on oblivious RAMs , 1996 .

[135]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[136]  Eike Kiltz,et al.  From Selective-ID to Full Security: The Case of the Inversion-Based Boneh-Boyen IBE Scheme , 2007, IACR Cryptol. ePrint Arch..

[137]  Dong Hoon Lee,et al.  New Techniques for Anonymous HIBE with Short Ciphertexts in Prime Order Groups , 2010, KSII Trans. Internet Inf. Syst..

[138]  Rafail Ostrovsky,et al.  Public Key Encryption That Allows PIR Queries , 2007, CRYPTO.

[139]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[140]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[141]  Sung Je Hong,et al.  Order-Preserving Encryption for Non-uniformly Distributed Plaintexts , 2011, WISA.

[142]  Elaine Shi,et al.  Predicate Privacy in Encryption Systems , 2009, IACR Cryptol. ePrint Arch..

[143]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[144]  Craig Gentry,et al.  Computing arbitrary functions of encrypted data , 2010, CACM.

[145]  Murat Kantarcioglu,et al.  Efficient Similarity Search over Encrypted Data , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[146]  Jie Wu,et al.  An Efficient Privacy Preserving Keyword Search Scheme in Cloud Computing , 2009, 2009 International Conference on Computational Science and Engineering.

[147]  Ahmed Obied,et al.  Broadcast Encryption , 2008, Encyclopedia of Multimedia.

[148]  Brent Waters,et al.  Secure Conjunctive Keyword Search over Encrypted Data , 2004, ACNS.

[149]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[150]  Matthew Green,et al.  Correlation-Resistant Storage via Keyword-Searchable Encryption , 2005, IACR Cryptol. ePrint Arch..

[151]  Yanjiang Yang,et al.  Multi-User Private Keyword Search for Cloud Computing , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[152]  Vishal Saraswat,et al.  Public Key Encryption with Searchable Keywords Based on Jacobi Symbols , 2007, INDOCRYPT.

[153]  Dong Hoon Lee,et al.  Off-Line Keyword Guessing Attacks on Recent Keyword Search Schemes over Encrypted Data , 2006, Secure Data Management.

[154]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[155]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[156]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..