Verifiable Searchable Encryption with Aggregate Keys for Data Sharing in Outsourcing Storage

“…Thus, the computational cost of the main construction can be considered to be practical. Moreover, for the storage cost, in spite of two additional components in Z p , the storage size is fairly identical to that of the scheme by Zhou et al In particular, an element in G is constructed by two integers on an elliptic curve, i.e., x- Cui et al [9] Li et al [11] Zhou et al [20] First Construction Main Construction encrypted keyword 2|G| coordinate and y-coordinate, whose bit lengths are the same as the bit length of an element in Z p . Thus, the entire bit length of 2Z p is equal to that of G. The main construction can achieve a similar storage size as other works.…”

“…Cui et al [9] Li et al [11] Zhou et al [20] The scheme by Cui et al [9] does not satisfy the keyword privacy because random values embedded in encrypted keywords are common for every keywords. We show an example where the scheme by Cui et al is broken under our definition of the keyword privacy below.…”

“…The computational cost and the storage size for the first construction are less-than-or-equal to those of the schemes by Cui et al [9] and by Li et al [11] in spite of achieving the provable security, which is an open problem in these works.…”

“…In this section, we compare the computational cost and the storage cost of our schemes with other schemes [9], [11], [20] of KASE. The results are shown in Tables 1 and 2.…”

“…The results are shown in Tables 1 and 2. Li et al [11] proposed two constructions, i.e., the single-owner setting and the multi-owner setting. Therefore, we only compare our schemes in the single-owner setting because our schemes have a single-owner setting.…”

Key-Aggregate Searchable Encryption, Revisited: Formal Foundations for Cloud Applications, and Their Implementation

“…Thus, the computational cost of the main construction can be considered to be practical. Moreover, for the storage cost, in spite of two additional components in Z p , the storage size is fairly identical to that of the scheme by Zhou et al In particular, an element in G is constructed by two integers on an elliptic curve, i.e., x- Cui et al [9] Li et al [11] Zhou et al [20] First Construction Main Construction encrypted keyword 2|G| coordinate and y-coordinate, whose bit lengths are the same as the bit length of an element in Z p . Thus, the entire bit length of 2Z p is equal to that of G. The main construction can achieve a similar storage size as other works.…”

“…Cui et al [9] Li et al [11] Zhou et al [20] The scheme by Cui et al [9] does not satisfy the keyword privacy because random values embedded in encrypted keywords are common for every keywords. We show an example where the scheme by Cui et al is broken under our definition of the keyword privacy below.…”

“…The computational cost and the storage size for the first construction are less-than-or-equal to those of the schemes by Cui et al [9] and by Li et al [11] in spite of achieving the provable security, which is an open problem in these works.…”

“…In this section, we compare the computational cost and the storage cost of our schemes with other schemes [9], [11], [20] of KASE. The results are shown in Tables 1 and 2.…”

“…The results are shown in Tables 1 and 2. Li et al [11] proposed two constructions, i.e., the single-owner setting and the multi-owner setting. Therefore, we only compare our schemes in the single-owner setting because our schemes have a single-owner setting.…”

Key-Aggregate Searchable Encryption, Revisited: Formal Foundations for Cloud Applications, and Their Implementation

Keyword Searchable Encryption with Fine-Grained Forward Secrecy for Internet of Thing Data

Data Range Query Privacy Protection Scheme Suitable for Multiple Users