Decryptable Searchable Encryption

Fuhr, Thomas; Paillier, Pascal

doi:10.1007/978-3-540-75670-5_17

Cited by 57 publications

(36 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As to the relationships of various security properties, the IND-CPA security against an outside attacker is implied by the ciphertext indistinguishability property against a Type-I server and the message-dependent trapdoor indistinguishability property (to be presented in the full paper due to space limit). Compared with previous works, such as those from [7,8,9], our formulation defines more flexible functionalities and our security model reflects a higher level of security guarantees. The security of the proposed instantiation relies on the standard DLIN and BDH assumptions in the random oracle model, which plays an important role in the double encryption structure.…”

Section: Resultsmentioning

confidence: 99%

“…Fuhr and Paillier [7] and Hofheinz and Weinreb [8] investigated the concept of ASE with message recovery. Their formulations only allow the data owner to assign messagedependent trapdoors to third-party servers, thus provide less functionality than ASE † † .…”

Section: Related Workmentioning

confidence: 99%

“…As to the security models, the authors only consider information leakage from ciphertexts and allow the servers to easily recover the information encoded in the trapdoors. In [7], if a match is found then the server immediately knows the plaintext in the ciphertext, while, in [8], the to-be-searched message is sent to the server in plaintext. In practice, this may be regarded as a serious security weakness.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Towards asymmetric searchable encryption with message recovery and flexible search authorization

Tang

Chen

2013

Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

When outsourcing data to third-party servers, searchable encryption is an important enabling technique which simultaneously allows the data owner to keep his data in encrypted form and the third-party servers to search in the ciphertexts. Motivated by an encrypted email retrieval and archive scenario, we investigate asymmetric searchable encryption (ASE) schemes which support two special features, namely message recovery and flexible search authorization. With this new primitive, a data owner can keep his data encrypted under his public key and assign different search privileges to third-party servers. In the security model, we define the standard IND-CCA security against any outside attacker and define adapted ciphertext indistinguishability properties against inside attackers according to their functionalities. Moreover, we take into account the potential information leakage from trapdoors, and define two trapdoor security properties. Employing the bilinear property of pairings and a deliberately-designed double encryption technique, we present a provably secure instantiation of the primitive based on the DLIN and BDH assumptions in the random oracle model.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards asymmetric searchable encryption with message recovery and flexible search authorization

Tang

Chen

2013

Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Subsequently, Boneh and Waters [5] extended PEKS to support conjunctive, subset, and range comparisons over the keywords. Moreover, the subsequent papers [3,12,19,37] investigated the secure combination of public key encryption with keyword search (PEKS) with public key encryption (PKE). Rhee et al [28] presented two generic transformations to construct a designated tester public-key encryption with keyword search scheme using two identity-based encryption schemes.…”

Section: Introductionmentioning

confidence: 99%

Public key encryption with keyword search secure against keyword guessing attacks without random oracle

Fang

Susilo

et al. 2013

Information Sciences

195

View full text Add to dashboard Cite

. Public key encryption with keyword search secure against keyword guessing attacks without random oracle. Information Sciences, 238 221-241.Public key encryption with keyword search secure against keyword guessing attacks without random oracle AbstractThe notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a "trapdoor" (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al. 's work, there have been subsequent works that have been proposed to enhance this notion. Two important notions include the so-called keyword guessing attack and secure channel free, proposed by Byun et al. and Baek et al., respectively. The former realizes the fact that in practice, the space of the keywords used is very limited, while the latter considers the removal of secure channel between the receiver and the server to make PEKS practical. Unfortunately, the existing construction of PEKS secure against keyword guessing attack is only secure under the random oracle model, which does not reflect its security in the real world. Furthermore, there is no complete definition that captures secure channel free PEKS schemes that are secure against chosen keyword attack, chosen ciphertext attack, and against keyword guessing attacks, even though these notions seem to be the most practical application of PEKS primitives. In this paper, we make the following contributions. First, we define the strongest model of PEKS which is secure channel free and secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. In particular, we present two important security notions namely IND-SCF-CKCA and IND-KGA. The former is to capture an inside adversary, while the latter is to capture an outside adversary. Intuitively, it should be clear that IND-SCF-CKCA captures a more stringent attack compared to IND-KGA. Second, we present a secure channel free PEKS scheme secure without random oracle under the well known assumptions, namely DLP, DBDH, SXDH and truncated q-ABDHE assumption. Our contributions fill the gap in the literature and hence, making the notion of PEKS Keywords without, against, random, oracle, secure, encryption, key, public, guessing, search, keyword, attacks AbstractThe notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a "trapdoor" (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al.'s work, there have been subsequent works that have been proposed to enhance this notion. T...

show abstract

“…Many functionalities extending the basic setting of public-key encryption have been considered, in particular related to data search. For example, decryptable searchable encryption [13] allows someone having a trapdoor corresponding to a message, to test whether a given ciphertext encrypts this message. Another example is encryption with equality test, proposed in [23].…”

Section: Introductionmentioning

confidence: 99%

Plaintext-Checkable Encryption

Canard

Fuchsbauer

Gouget

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We study the problem of searching on encrypted data, where the search is performed using a plaintext message or a keyword, rather than a message-specific trapdoor as done by state-of-the-art schemes. The use cases include delegation of key-word search e.g. to a cloud data storage provider or to an email server, using a plaintext message. We define a new cryptographic primitive called plaintext-checkable encryption (PCE), which extends public-key encryption by the following functionality: given a plaintext, a ciphertext and a public key, it is universally possible to check whether the ciphertext encrypts the plaintext under the key. We provide efficient generic random-oracle constructions for PCE based on any probabilistic or deterministic encryption scheme; we also give a practical construction in the standard model. As another application we show how PCE can be used to improve the efficiency in group signatures with verifier-local revocation (VLR) and backward unlinkability. These group signatures provide efficient revocation of group members, which is a key issue in practical applications.

show abstract

Decryptable Searchable Encryption

Cited by 57 publications

References 15 publications

Towards asymmetric searchable encryption with message recovery and flexible search authorization

Towards asymmetric searchable encryption with message recovery and flexible search authorization

Public key encryption with keyword search secure against keyword guessing attacks without random oracle

Plaintext-Checkable Encryption

Contact Info

Product

Resources

About