T. Nishide,K. Sakurai,Z. Liu,Z. Wang,R. A. Popa,N. Zeldovich

2016-01-01

Abstract:Cloud computing is latest technology widely serving client oriented applications. It has the capability of sharing selective encrypted data via public cloud storage with multiple users which may ease security over accidental data leaks in the cloud. Efficient key management is important in encryption schemes. For sharing multiple documents with different groups in cloud, separate encryption keys are needed. Security is required by owner to distribute large number of keys for encryption and searching, and by users to store received keys. Users have to submit equal number of trapdoors to the cloud for search operation. In such case features of security, storage and complexity are required at its best performance. Key-Aggregate Searchable Encryption (KASE) scheme addresses to the problem of storage management and security in group data sharing on cloud. Through this scheme only single key is distributed by owner to user for sharing multiple documents, and user also required to submit single trapdoor to receive shared documents. KASE scheme is efficient and secure as resulted by security analysis tests.

Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/tnet.2021.3058130

2021-01-01

Abstract:With the widespread application of cloud storage, ensuring the integrity of user outsourced data catches more and more attention. To remotely check the integrity of cloud storage, plenty of protocols have been proposed, implemented by checking the equation constructed by the aggregated blocks, tags, and indices. However, the verifier only has the knowledge of the indices of the audited blocks and tags, which thus requires the cloud to store both data blocks and tags for integrity verification. In this article, we present a compressive secure cloud storage protocol inspired by Goldreich-Goldwasser-Halevi (GGH) cryptosystem. Since the aggregated blocks can be reconstructed from the aggregated tags without the help of data indices, the cloud can only store data tags for providing the verifiable integrity proof. In this way, communication and storage costs can be hugely reduced and user private information can be hidden from the cloud. Furthermore, the proposed protocol only contains a few basic algebraic operations, making it highly efficient. We also provide formal security proof of the proposed protocol regarding forge, replay and replace attacks. In addition, we explore a new technique to support data dynamics. Furthermore, we establish a generic framework of compressive secure cloud storage protocols. Finally, we provide the theoretical analysis and experimental results, which further validate the effectiveness of the proposed protocol.

Jinlu Liu,Jing Qin,Wenchao Wang,Lin Mei,Huaxiong Wang

DOI: https://doi.org/10.1016/j.csi.2023.103800

IF: 3.721

2023-10-18

Computer Standards & Interfaces

Abstract:Cloud computing has become the priority for users to store and share data due to its numerous tempting advantages. The "encryption-before-outsourcing" mechanism is necessary to protect data privacy against the semi-trusted cloud server. Key-Aggregate Cryptosystem (KAC) is a novel encryption paradigm for cloud data sharing. It enables users to decrypt multiple data encrypted with different keys using a constant size aggregate key. When selectively sharing data, the KAC effectively addresses the challenges of expensive key management in symmetric encryption (SE) and eliminates the need for multiple copies of ciphertexts in public key encryption (PKE). However, previous KAC schemes can only control what data users are allowed to receive by distributing aggregate keys, but not what data users can send. This limitation could potentially allow a malicious data owner to leak sensitive information by distributing aggregate keys to unauthorized users. Therefore, this paper aims to design the key-aggregate cryptosystem with bidirectional access control, which can control both what the user can receive and what the data owner can send. Inspired by access control encryption (ACE), we first propose a key-aggregate based access control encryption with user level (KA-ACE-UL) system that can control whether a sender can share his data with a receiver. Then, we investigate a finer-grained access control policy and propose a key-aggregate based access control encryption with user-data level (KA-ACE-UDL) system that can control the data classes a sender can share with a receiver. We instantiate the KA-ACE-UL and KA-ACE-UDL schemes based on Chu et al.'s KAC scheme. We prove our proposed schemes can achieve both secure data storage and controlled data sharing, ensuring security against unauthorized receivers and malicious senders. Finally, theoretical performance analysis and practical experiments show the efficiency of our proposed schemes.

computer science, software engineering, hardware & architecture

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

Zaid Alaa Hussien,Zaid Ameen Abduljabbar,Mohammed Abdulridha Hussain,Mustafa A. Al Sibahee,Songfeng Lu,Hamid A. Al-Asadi

DOI: https://doi.org/10.1145/3331453.3361648

2019-01-01

Abstract:People have proposed many data integrity techniques to secure data storage in cloud. The majority of these schemes assume that only the owner of the data can modify their storage in cloud. In recent years, researchers have allowed different cloud users to use integrity assurance for modifying data. As a result, schemes with stronger reality than before have been proposed. Nevertheless, these attempts are impractical due to the large computing costs for cloud users. Clients must also perform numerous computations to ensure the integrity of data storage. A robust and efficient scheme is put forward in this study to maintain data integrity in cases that involve public auditing. In this way, multiuser modification can be used to check the public integrity for cloud data and reduce the auditing cost. The proposed scheme uses public key cryptography equipped with a proxy re-encryption and a cryptographic hash function. We allow a third-party auditor (TPA) to conduct preprocessing of data for the sake of cloud users prior to uploading these data to the cloud service providers (CSPs) and then verify the integrity of data. We also allow the TPA to perform re-encryption of data for sharing data without losing privacy. The scheme is characterised by significant security features, such as management of key, privacy, low-cost computation, exchange of key, freeing clients from burdens, failure of CSPs in creating right verifier response in absence of data and one-time key requirement. Numerical analysis and extensive experimental results verify that the proposed scheme is efficient and scalable.

Guowen Xu,Shengmin Xu,Jinhua Ma,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2023.3305870

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloud computing has been widely accepted as a computing paradigm to offer high-quality data services on demand. However, it suffers from various attacks as the cloud service provider and data owners are not in the same trusted domain. To support data confidentiality, existing cloud-based systems apply cryptographic tools to issue the decryption key to data users to share data in a controlled way. However, fine-grained cloud data sharing still faces many challenges, especially when dealing with dynamic user groups. In this paper, we introduce a secure and efficient cloud-based data-sharing system with fine-grained access control and dynamic user groups. Our system enjoys 1) adaptive security in prime-order groups, 2) forward secrecy against revoked user fetches data generated before being revoked, and 3) decryption key exposure resistance against the compromise of the frequently used decryption key, where the previous solutions only concentrate on one or two above-mentioned properties. More specifically, we introduce two timestamp management mechanisms that manage the timestamp in each ciphertext to support dynamic user groups with forward secrecy. By applying the proposed timestamp management mechanisms, we introduce two novel designs of attribute-based encryption schemes with formal definition and security analyses. The proposed schemes are adaptively secure in prime-order groups under a standard assumption and support decryption key exposure resistance. We conduct theoretical analysis and experimental simulation to demonstrate the outperformance of our solutions.

Zhenyao Qiu,Zhiwei Zhang,Shichong Tan,Jianfeng Wang,Xiaoling Tao

DOI: https://doi.org/10.3966/160792642019052003002

2019-01-01

Abstract:Cloud storage is facing the contradiction between data security and flexible data sharing, and therefore the cryptographic access control mechanisms are well studied. In particular, hierarchical access control in cloud storage is significant for many application scenarios. In these scenarios, the users are divided into several groups organized in a hierarchy, and they are assigned with different access privileges according to their groups and levels. That is, the users in higher level groups can access the data belonging to their subordinate groups while the users in lower level groups cannot access the data belonging to their superior groups. However, most of the existing hierarchical access control solutions seem to be unpractical for their inability of scalable data sharing, inefficiency of key management or lack of delegated reencryption. In this paper, we propose a new hierarchical access control scheme based on key-aggregate encryption, and the proposed scheme realizes scalable data sharing in cloud storage which allows the users to share data with any user group. In the proposed scheme, the size of each key or ciphertext is constant and irrelevant to the scale of hierarchical user structure. Especially, our scheme improves the convenience of key management by cutting off the key derivation widely used in the existing hierarchical key assignment methods. Furthermore, the proposed scheme reduces the users' updating overhead by introducing the delegated re-encryption into the hierarchical scenarios. Finally, the security analysis and the performance evaluation indicate that our scheme is feasible for the hierarchical data sharing applications in cloud storage.

Jian Zhang,Yang,Yanjiao Chen,Fei Chen

DOI: https://doi.org/10.1109/iwqos.2017.7969107

2017-01-01

Abstract:With the development of cloud storage, data owners no longer physically possess their data and thus how to ensure the integrity of their outsourced data becomes a challenging task. Several protocols have been proposed to audit cloud storage, all of which rely mainly on data block tags to check data integrity. However, their block tag constructions employ cryptographic operations, which makes them computationally complex. In this paper, we investigate a secure cloud storage protocol based on the classic discrete logarithm problem. Our protocol generates data block tags with only basic algebraic operations, which brings substantial computation savings compared with previous work. We also strictly prove that the proposed protocol is secure under a definition which captures the real-world uses of cloud storage. In order to fit more application scenarios, we extend the proposed protocol to support data dynamics by employing an index vector and third-party public auditing by using a random masking number, both of which are efficient and provably secure. At last, theoretical analysis and experimental evaluation are provided to validate the superiority of the proposed protocol.

GU Bolun,XU Zikai,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2024055

2024-01-01

Abstract:With the rapid development and application of the Internet, traditional storage resources have been found unable to meet the growing demand for massive data storage. An increasing number of users have attempted to upload their data to third-party cloud servers for unified storage. Efficient deduplication and secure file sharing in the cloud have emerged as critical concerns. Moreover, users have always preferred to customize their passwords for encrypting and decrypting files, only sharing encrypted files when necessary. Based on this preference, a deterministic stepwise encryption algorithm was first designed. It was such that when the keys for the two steps of encryption satisfied a certain relationship, the two steps of encryption could be equivalent to a single encryption process. A novel key-customizable encrypted deduplication scheme with access control for cloud storage was proposed, utilizing the deterministic stepwise encryption algorithm to encrypt files and a ciphertext-policy attribute-based encryption algorithm to encrypt file keys. This scheme not only offered the flexibility to customize encryption and decryption keys for different users with the same files, but also ensured secure file sharing through a dynamic access control mechanism. Moreover, the optional access control component was made compatible with the majority of existing ciphertext-policy attribute-based encryption (CP-ABE) schemes, even allowing for different CP-ABE schemes within different attribute groups. Security analysis results show that the proposed scheme achieves the highest level of security under the current encrypted deduplication paradigm. Experimental and analytical results indicate that it effectively meets the practical needs of cloud service providers and users, and also achieves acceptable efficiency.

Wei Luo,Wenping Ma

DOI: https://doi.org/10.3390/electronics8050590

IF: 2.9

2019-01-01

Electronics

Abstract:As cloud service providers are not completely trusted, people are increasingly concerned about security issues such as data confidentiality and user privacy. In many existing schemes, the private key generator (PKG) generates a full private key for each user, which means that the PKG can forge a valid signature or decrypt the ciphertext. To address the issue, we first present a novel certificateless hybrid signcryption (CL-HSC) scheme without pairing, in which the PKG only generates the partial private keys for users. It is provably secure under the Elliptic Curve Computational Diffie-Hellman (EC-CDH) assumption in the random oracle model. Then, we propose a key derivation method by which the data owner only needs to maintain the master key to get rid of the complex key management. By combining our proposed CL-HSC scheme and the key derivation method, we present a secure and efficient data-sharing scheme for cloud storage, which can resist collusion attacks, spoofing attacks, and replay attacks and makes user revocation easier. In addition, compared with some existing schemes, our scheme has a lower computational complexity.

Cheng Guo,Litao Wang,Xinyu Tang,Bin Feng,Guofeng Zhang

DOI: https://doi.org/10.1016/j.jisa.2023.103426

IF: 4.96

2023-01-01

Journal of Information Security and Applications

Abstract:Deduplication, which stores only one copy of duplicate data, is used extensively in cloud storage to reduce the overhead associated with storage. Unfortunately, client-side encryption prevents cloud storage from performing deduplication due to the randomness of traditional encryption. Some existing schemes can balance encryption and deduplication, but their interaction with third-party servers or online users adds additional overhead to the system. Also, the ownership of outsourced data will change frequently due to users’ requests to upload/delete/modify the data. But many existing schemes that can achieve dynamic ownership management have security flaws or require users to manage multiple keys. By focusing on these troubles, we have developed a secure deduplication scheme that does not rely on any third-party entities and supports data ownership management. More specifically, we take advantage of elliptic curve cryptography to design a key-sharing method so that different owners of the same data can share a random key only by interacting with the cloud service provider. And the broadcast encryption is used to manage the ownership of data, and this allows the cloud service provider to control users’ access to outsourced data by updating the broadcast key. In addition, the security analysis shows that the proposed scheme can meet the required security and that it outperforms other related schemes. The detailed simulation comparisons with other related schemes demonstrate that the proposed scheme has good performance.

Changsha Ma,Chang Wen Chen

DOI: https://doi.org/10.1109/ICME.2014.6890308

2014-01-01

Abstract:Media sharing in cloud environment, which supports sharing media content at any time and from anywhere, is a promising paradigm of social interaction. However, it also brings forth security issues in terms of data confidentiality and access control on media data consumers with different access privileges. One promising solution is scalable media access control, which is capable of providing data confidentiality by encrypting the media data and issuing the key to only authorized data consumers. More importantly, it can empower the data distributor to provide the same media content with various quality levels to the consumers with different privileges. Traditional schemes without utilizing the cloud resources achieve scalable media access control by generating access keys using hash chains. Despite of their computational efficiency, such schemes suffer from various problems including vulnerability to user collusion attack in two-dimensional case, inflexible key distribution, and ambiguous key revocation strategy. In this paper, we propose a novel two-dimensional-scalable access control by generating access keys based on Attribute-Based Encryption (ABE) algorithm. Moreover, the proposed scheme can efficiently achieve comprehensive key management including key distribution and key revocation by fully exploiting the cloud. Security analysis shows that the proposed scheme is able to provide collusion resistance, as well as forward and backward secrecy. We have also evaluated the efficiency of the scheme through numerical analysis and initial implementation.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

2014-01-01

Abstract:Cloud computing provides an economical and efficient solution for sharing group resource with cloud users. Sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud due to the frequent change of the membership. Cloud intend the secure multiple data sharing between the data users by using the cloud computing. By leveraging group signature and dynamic broadcast encryption techniques. Any user can share the data with other users. The storage overhead and encryption computation cost of our scheme are independent with the number of revoked users the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in experiments.

Chunwei Lou,Mingsheng Cao,Yaohua Luo,Hua Xu,Yuan Gao,Weiwei Wang,Dong Wang

DOI: https://doi.org/10.1109/access.2020.2980886

IF: 3.9

2024-01-01

IEEE Access

Abstract:Key-aggregate keyword retrieval primitive enables a cloud server on behalf of delegated users to securely perform a keyword search over the data encrypted with various public keys. However, existing key-aggregate searchable encryption schemes are insecure against keyword guessing attacks, which result in the privacy leakage of keyword ciphertext and trapdoor. In this paper, we for the first time formulate a secure and efficient key-aggregate searchable encryption for cloud-assisted IoT applications, which not only enables a data owner to securely share the selected documents to multiple users, but also supports data users in delegating the capability of keyword search to a cloud server for searching the desired documents without leaking any privacy of keyword ciphertext and trapdoor. Then, the security of the proposed scheme is formally defined and proven to be secure against the indistinguishable selective-file chosen keyword attacks. The flexibility and practicability of the formulated scheme is also demonstrated by theoretical evaluations and experimental simulations.

Mohammed Y. Shakor,Mustafa Ibrahim Khaleel,Mejdl Safran,Sultan Alfarhood,Michelle Zhu

DOI: https://doi.org/10.1109/access.2024.3351119

IF: 3.9

2024-02-28

IEEE Access

Abstract:In the rapidly evolving realm of cloud computing security, this paper introduces an innovative solution to address persistent challenges. The proliferation of cloud technology has brought forth heightened concerns regarding data security, necessitating novel approaches to safeguarding sensitive information. The issue centers on the vulnerability of cloud-stored data, usually necessitating enhanced encryption and key management strategies. Traditional methods usually fall short in mitigating risks associated with compromised encryption keys and centralized key storage. To combat these challenges, our proposed solution encompasses a two-phase approach. In the first phase, dynamic Advanced Encryption Standard (AES) keys are generated, ensuring each file's encryption with a unique and ever-changing key. This approach significantly enhances file-level security, curtailing an attacker's ability to decrypt multiple files even if a key is compromised. The second phase introduces blockchain technology, where keys are securely stored with accompanying metadata, bolstering security and data integrity. Elliptic Curve Cryptography (ECC) public key encryption enhances security during transmission and storage, while also facilitating secure file sharing. In conclusion, this comprehensive approach enhances cloud security, providing robust encryption, decentralized key management, and protection against unauthorized access. Its scalability and adaptability make it a valuable asset in contemporary cloud security paradigms, assuring users of data security in the cloud.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yanqing Yao,Zhengde Zhai,Jianwei Liu,Zhoujun Li

DOI: https://doi.org/10.1109/ACCESS.2019.2952163

IF: 3.9

2019-01-01

IEEE Access

Abstract:In cloud storage, selectively sharing encrypted data is becoming increasingly important. One key design challenge is the management of encryption keys. Traditionally, a large quantity of encryption keys have to be managed by the data owner, and an equally large number of keyword trapdoors must be sent to the cloud for the purpose of searching over the shared data, which are cumbersome in terms of secure communication and management. Recently, key-aggregate (searchable) encryption schemes have been introduced to alleviate the problem. However, they were only designed under the Bilinear Diffie-Hellman Exponent assumption in the prior works. Lattice-based key-aggregate (searchable) encryption schemes are valuable, because they have security against quantum computing attacks, average-case to worse-case equivalence as well as simplicity and potential efficiency. Here we propose a key-aggregate encryption scheme and a key-aggregate searchable encryption scheme which are both based on a lattice problem (i.e., the Learning with Errors problem). Some key techniques are employed during the construction of the schemes. A basis delegation algorithm is designed to generate the aggregate key without increasing the lattice dimension. The encryption algorithms of the two schemes are trickily devised to make the encrypted files decryptable or searchable. To overcome the problem of general matrix multiplication failing to satisfy commutative law, a hash function is designed by using diagonalizable matrices to make the encrypted file decryptable and the trapdoor adjustable.We present the schemes' correctness proof, formal security analysis as well as performance analysis, which confirm that they are provably secure and practically efficient. To the best of our knowledge, the former is the first lattice-based key-aggregate encryption scheme and the latter is the first lattice-based key-aggregate searchable encryption scheme. We also demonstrate their application to cloud storage for searchable group data sharing by combining the two schemes.

Shengmin Xu,Xingshuo Han,Guowen Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3321314

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Cloud computing is the widespread acceptance of a promising paradigm offering a substantial amount of storage and data services on demand. To preserve data confidentiality, many cryptosystems have been introduced. However, current solutions are incompatible with the resource-constrained end-devices because of a variety of vulnerabilities in terms of practicality and security. In this article, we propose a practical and secure data-sharing system by introducing a new design of attribute-based encryption with verifiable outsourced decryption-attribute-based encryption (VO-ABE for short). Our system offers: (1) data sharing at a fine-grained level; (2) a scalable key issuing protocol without any secure channel; (3) a verifiable outsourced decryption mechanism for resource-constrained end-devices against the malicious cloud service provider; and (4) adaptive security against the real-world attacks. To formalize our solution with cryptographic analysis, we present the formal definition of VO-ABE and its concrete construction with provable security. In particular, our design leverages the techniques of the traditional ABE, verifiable outsourced decryption, and randomness extractor to support fine-grained access control, cost-effective data sharing, and security assurance with high entropy. Moreover, our design is provably secure in the adaptive model under the standard assumption, which offers a stronger security guarantee since the state-of-the-art solution is selectively secure under the non-standard assumption and suffers from a variety of real-world attacks. The implementation and evaluation demonstrate that our solution enjoys superior functionality and better performance than the relevant solutions. More importantly, our solution is compatible with the resource-constrained end-devices since the decryption mechanism takes around 1.1 ms and is 22.7x faster than the state-of-the-art solution.

Yibin Li,Keke Gai,Longfei Qiu,Meikang Qiu,Hui Zhao

DOI: https://doi.org/10.1016/j.ins.2016.09.005

IF: 8.1

2016-01-01

Information Sciences

Abstract:Implementing cloud computing empowers numerous paths for Web-based service offerings to meet diverse needs. However, the data security and privacy has become a critical issue that restricts many cloud applications. One of the major concerns in security and privacy is caused by the fact that cloud operators have chances to reach the sensitive data. This concern dramatically increases users anxiety and reduces the adoptability of cloud computing in many fields, such as the financial industry and governmental agencies. This paper focuses on this issue and proposes an intelligent cryptography approach, by which the cloud service operators cannot directly reach partial data. The proposed approach divides the file and separately stores the data in the distributed cloud servers. An alternative approach is designed to determine whether the data packets need a split in order to shorten the operation time. The proposed scheme is entitled Security-Aware Efficient Distributed Storage (SA-EDS) model, which is mainly supported by our proposed algorithms, including Alternative Data Distribution (AD2) Algorithm, Secure Efficient Data Distributions (SED2) Algorithm and Efficient Data Conflation (EDCon) Algorithm. Our experimental evaluations have assessed both security and efficiency performances and the experimental results depict that our approach can effectively defend main threats from clouds and requires with an acceptable computation time.

Tan Yu'an,Zheng Jiamin,Zhang Qikun,Zhang Xiaosong,Li Yuanzhang,Zhang Quanxin

DOI: https://doi.org/10.1049/cje.2018.02.015

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:When the information is exchanged and transmitted among the group members in mobile cloud environment, the group members may distribute different security domains. The information exchanged among group members may have different secret levels in this environment. When a person has some secret information, he only wants to share these information with some people who have the appropriate level of security permissions, other than all the members in the group. Aiming at these needs, we propose a flexible Asymmetric group key agreement (AGKA) protocol that information exchange and transmission are specific-targeting. The paper adopts bilinear mapping and two-way anonymous authentication technology to hide personal identity authentication information, and uses storage and computing migration technology to reduce the resource consumption of mobile terminal, and also proposes the secret key factor oriented extraction and combinations technology to achieve multi-level three-dimensional complex space security information exchange requirements and meet the lightweight computing. The analysis proves that the protocol has good safety performance and low resource consumption.

Tong Li,Zheli Liu,Ping Li,Chunfu Jia,Zoe L. Jiang,Jin Li

DOI: https://doi.org/10.1016/j.future.2017.02.024

2016-01-01

Abstract:In a secure data sharing system, the keyword search over encrypted files is a basic need of a user with appropriate privileges. Although the traditional searchable encryption technique can provide the privacy protection, two critical issues still should be considered. Firstly, a cloud server may be selfish in order to save its computing resources, and thus returns only a fragment of results to reply a search query. Secondly, since different keys are always used for different document sets, making a search query over massive sets and verifying the search results are both impractical for a user with massive keys. In this paper, we propose a scheme named “verifiable searchable encryption with aggregate keys”. In the scheme, a data owner need only distribute a single aggregate key to other users to selectively share both search and verification privileges over his/her document sets. After obtaining such a key, a user can use it not only for generating a single trapdoor as a keyword search query, but for verifying whether the server just conducts a part of computing for the search request. Then, we define the requirements of the scheme and give a valid construction. Finally, our analysis and performance evaluation demonstrate that the scheme are practical and secure.