Efficient Encrypted Keyword Search for Multi-user Data Sharing

Abstract: Abstract. In this paper, we provide a secure and e cient encrypted keyword search scheme for multi-user data sharing. Specifically, a data owner outsources a set of encrypted files to an untrusted server, shares it with a set of users, and a user is allowed to search keywords in a subset of files that he is authorized to access. In the proposed scheme, (a) each user has a constant size secret key, (b) each user generates a constant size trapdoor for a keyword without getting any help from any party (e.g., data… Show more

“…In contrast, the schemes in [10,[14][15][16] support the dynamic groups of users where joining/leaving a group by a member is entirely controlled by a Data Owner. In addition, the recent schemes in [17][18][19][20] provide Multiuser Searchable Encryption with the notion of Functional Encryption (FE) (Section 2.1) where an Enterprise Trusted Authority (ETA) is responsible for the System Setup and a master public key setup. The most notable characteristic of FE is that a system's master public key is utilized to prepare the searchable ciphertexts and a single ciphertext can serve multiple search tokens (may be issued by different users).…”

“…Therefore, such FE based searchable schemes can support multiple users in the system with the optimal storagecomputational overhead (i.e., (| |)) for the ciphertexts. Additionally, in the schemes [17][18][19][20], a separate search key (related to the master public key) is issued (either by an ETA or by a Data Owner) to each user. Subsequently, a user constructs a search token with an available search key.…”

“…With the existing FE based searchable schemes [17][18][19][20], a user possessing a search key can ask the server to execute a search operation at any time and therefore the search activity of a user cannot be tracked. The problem can be resolved by an interactive scheme where a search token is constructed by the centralized trusted authority on request from an authorized user.…”

“…This ultimately outputs an impractical system with (| | ⋅ ) computational overhead at the Data Owner site and (| | ⋅ ) storage overhead at the server site. As solution, several Searchable Encryption schemes in [9,10,[14][15][16][17][18][19][20] with a builtin support of multiple users are devised in recent years. Amongst them, the scheme proposed by Hwang and Lee [9] is a simple extension of a single-user Searchable Encryption with the ciphertext size (| | + | | ⋅ ), where | | is the number of keywords to be searched.…”

“…In addition, a scheme in [16] leaks user access control information to the server. Few other multiuser schemes [17][18][19][20] are based on the notion of FE wherein an ETA is responsible for the System Setup and a master public key setup. In these schemes, a ciphertext is prepared by a Data Owner using a master public key.…”

Multiuser Searchable Encryption with Token Freshness Verification

“…In contrast, the schemes in [10,[14][15][16] support the dynamic groups of users where joining/leaving a group by a member is entirely controlled by a Data Owner. In addition, the recent schemes in [17][18][19][20] provide Multiuser Searchable Encryption with the notion of Functional Encryption (FE) (Section 2.1) where an Enterprise Trusted Authority (ETA) is responsible for the System Setup and a master public key setup. The most notable characteristic of FE is that a system's master public key is utilized to prepare the searchable ciphertexts and a single ciphertext can serve multiple search tokens (may be issued by different users).…”

“…Therefore, such FE based searchable schemes can support multiple users in the system with the optimal storagecomputational overhead (i.e., (| |)) for the ciphertexts. Additionally, in the schemes [17][18][19][20], a separate search key (related to the master public key) is issued (either by an ETA or by a Data Owner) to each user. Subsequently, a user constructs a search token with an available search key.…”

“…With the existing FE based searchable schemes [17][18][19][20], a user possessing a search key can ask the server to execute a search operation at any time and therefore the search activity of a user cannot be tracked. The problem can be resolved by an interactive scheme where a search token is constructed by the centralized trusted authority on request from an authorized user.…”

“…This ultimately outputs an impractical system with (| | ⋅ ) computational overhead at the Data Owner site and (| | ⋅ ) storage overhead at the server site. As solution, several Searchable Encryption schemes in [9,10,[14][15][16][17][18][19][20] with a builtin support of multiple users are devised in recent years. Amongst them, the scheme proposed by Hwang and Lee [9] is a simple extension of a single-user Searchable Encryption with the ciphertext size (| | + | | ⋅ ), where | | is the number of keywords to be searched.…”

“…In addition, a scheme in [16] leaks user access control information to the server. Few other multiuser schemes [17][18][19][20] are based on the notion of FE wherein an ETA is responsible for the System Setup and a master public key setup. In these schemes, a ciphertext is prepared by a Data Owner using a master public key.…”

Multiuser Searchable Encryption with Token Freshness Verification

Fast Two-Server Multi-User Searchable Encryption with Strict Access Pattern Leakage

Keyword Searchable Encryption with Fine-Grained Forward Secrecy for Internet of Thing Data