Designated-Senders Public-Key Searchable Encryption Secure against Keyword Guessing Attacks

摘要

To achieve keyword search in secure cloud storage, a public-key encryption with keyword search (PEKS) has been proposed. However, the PEKS is inherently vulnerable to the Keyword Guessing Attack (KGA): Using the public key, anyone including the server can compute the ciphertext of any keyword. Thus, a malicious server prepares the ciphertexts of possible keywords, and the server can test if the keyword of a trapdoor sent from the receiver is the same as one of the keywords of the prepared ciphertexts. In this paper, we introduce a new type of PEKS that is secure against KGA, designated-senders PEKS. In this type of PEKS, the receiver can designate a group of senders who can encrypt keywords. Thus, since the malicious server cannot encrypt any keyword, the server cannot launch KGA. Furthermore, we construct a designated-senders PEKS scheme using a broadcast encryption.