Designated server-aided revocable identity-based keyword search on lattice

Public key encryption scheme with keyword search is a promising technique supporting search on encrypted data without leaking any information about the keyword. In real applications, it’s critical to find an effective revocation method to revoke users in multi-user cryptosystems, when user’s secret keys are exposed. In this paper, we propose the first designated server-aided revocable identity-based encryption scheme with keyword search (dSR-IBKS) from lattice. The dSR-IBKS model requires each user to keep just one private key corresponding with his identity and does not need to communicate with the key generation center or the server during key updating. We have proved that our scheme can achieve chosen keyword indistinguishability in the standard model. In particular, our scheme can designate a unique tester to test and return the search results, therefore no other entity can guess the keyword embedded in the ciphertext by generating search queries and doing the test by itself. We provide a formal security proof of our scheme assuming the hardness of the learning with errors problem on the standard model.

Designated Server-Aided Revocable Identity-based Keyword Search on Lattice

Public key encryption scheme with keyword search (PEKS) is a promising technique supporting search on encrypted data without leaking any information about the keyword. In real applications, it's critical to find an effective revocation method to revoke users in multi-user cryptosystems, when user's secret keys are exposed.In this paper, we propose the first designated server-aided revocable identity-based encryption scheme with keyword search (dSR-IBKS) from lattice. The dSR-IBKS model requires each user to keep just one private key corresponding with his identity and does not need to communicate with the key generation center or the server during key updating. We have proved that our scheme can achieve chosen keyword indistinguishability in the standard model. In particular, our scheme can designate a unique tester to test and return the search results, therefore no other entity can guess the keyword embedded in the ciphertext by generating search queries and doing the test by itself. We provide a formal security proof of our scheme assuming the hardness of the learning with errors (LWE) problem on the standard model.

A Secure Data Sharing Scheme with Designated Server

The cloud-assisted Internet of Things (CIoT) is booming, which utilizes powerful data processing capabilities of the cloud platform to solve massive Internet of Things (IoT) data. However, the CIoT faces new security challenges, such as the confidentiality of the outsourced data. Data encryption is a fundamental technique that can guarantee the confidentiality of outsourced data, but it limits target encrypted data retrieval from cloud platform. Public key encryption with keyword search (PEKS) provides a promising solution to address this problem. In PEKS, a cloud server can be authorized to search the keyword in encrypted documents and retrieve associated encrypted documents for the receiver. However, most existing PEKS schemes merely focus on keyword search function while ignoring the associated documents encryption/decryption function. Thus, in practice, a PEKS scheme must cooperate with another separated public key encryption (PKE) scheme to fulfill a completely secure data sharing scheme. To address this problem, in this paper, we propose a secure data sharing scheme with designated server that combines PKE scheme with PEKS scheme, which provides both keyword search and documents encryption/decryption functions. Furthermore, only the designated server can search the keyword via encrypted documents for enhanced security in our work. Moreover, our scheme also satisfies the public verifiability of search results, which includes both keywords and documents ciphertexts’ correctness and integrity. As to the security, our scheme provides stronger indistinguishability security of document and keyword in the proposed security model.