Xueqiao Liu,Guomin Yang,Yi Mu,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2018.2876831

2020-11-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In a cloud data storage system, symmetric key encryption is usually used to encrypt files due to its high efficiency. In order allow the untrusted/semi-trusted cloud storage server to perform searching over encrypted data while maintaining data confidentiality, searchable symmetric encryption (SSE) has been proposed. In a typical SSE scheme, a users stores encrypted files on a cloud storage server and later can retrieve the encrypted files containing specific keywords. The basic security requirement of SSE is that the cloud server learns no information about the files or the keywords during the searching process. Some SSE schemes also offer additional functionalities such as detecting cheating behavior of a malicious server (i.e., verifiability) and allowing update (e.g., modifying, deleting and adding) of documents on the server. However, the previous (verifiable) SSE schemes were designed for single users, which means the searching can only be done by the data owner, whereas in reality people often use cloud storage to share files with other users. In this paper we present a multi-user verifiable searchable symmetric encryption (MVSSE) scheme that achieves all the desirable features of a verifiable SSE and allows multiple users to perform searching. We then define an ideal functionality for MVSSE under the Universally Composable (UC-) security framework and prove that our ideal functionality implies the security requirements of a secure MVSSE, and our multi-user verifiable SSE scheme is UC-secure. We also implement our scheme to verify its high performance based on some real dataset.

computer science, information systems, software engineering, hardware & architecture

Zhenkui Shi,Xuemei Fu,Xianxian Li,Kai Zhu

DOI: https://doi.org/10.1109/tkde.2020.3025348

IF: 9.235

2020-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Symmetric Searchable Encryption(SSE) is deemed to tackle the privacy issue as well as the operability and confidentiality in data outsourcing. However, most SSE schemes assume that the cloud is honest but curious. This assumption is not always applicable. And even if some schemes supported verification, integrity or freshness checking in a malicious cloud, but the performance and security functionalities are not fully exploited. In this paper, we propose an efficient SSE scheme based on B+-Tree and Counting Bloom Filter (CBF) which supports secure verification, dynamic updating, and multi-user queries. Comparing with the previous state of the arts, we design the new data structure CBF to support dynamic updating and boost verification. We also leverage the timestamp mechanism in the scheme to prevent the malicious cloud from launching a replay attack. The new designed CBF is like a front-engine to save user's cost for query and verification. And it can achieve more efficient query and verification with negligible false positive when there is no value matching the queried keyword. The CBF supports efficient dynamic updating by combining Bloom Filter with a one-dimensional array that provides the counting capability. Furthermore, we design the authenticator for CBF. We adopt B+-Tree for it is widely used in many database engines and file systems. We also give a brief security proof of our scheme. Then we provide a detailed performance analysis. Finally, we evaluate our scheme through comprehensive experiments. The results are consistent with our analysis and show that our scheme is secure, and more efficient compared with the previous schemes with the same functionalities. The average performance can be improved by about 20 percent for both the cloud servers and users when the missing rate of the searching keywords is 20 percent. And the higher the missing rate is, the more the performance can be improved.

Qingqing Gan,Joseph K. Liu,Xiaoming Wang,Xingliang Yuan,Shi-Feng Sun,Daxin Huang,Cong Zuo,Jianfeng Wang

DOI: https://doi.org/10.1007/s11704-021-0601-8

IF: 2.6688

2022-04-02

Frontiers of Computer Science

Abstract:Searchable symmetric encryption (SSE) has been introduced for secure outsourcing the encrypted database to cloud storage, while maintaining searchable features. Of various SSE schemes, most of them assume the server is honest but curious, while the server may be trustless in the real world. Considering a malicious server not honestly performing the queries, verifiable SSE (VSSE) schemes are constructed to ensure the verifiability of the search results. However, existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification. To address this challenge, we present an efficient VSSE scheme, built on OXT protocol (Cash et al., CRYPTO 2013), for conjunctive keyword queries with sublinear search overhead. The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator, by leveraging a well-established cryptographic primitive, Symmetric Hidden Vector Encryption (SHVE). Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations, thus greatly reducing the computational cost in the verification process. Besides, the proposed VSSE scheme can still provide a proof when the search result is empty. Finally, the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.

computer science, information systems, theory & methods, software engineering

Xi Zhang,Cheng Huang,Ye Su,Jing Qin,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001357

2022-01-01

Abstract:Searchable Symmetric Encryption (SSE) is a promising method for users to store data in remote clouds securely and search them using keywords over an encrypted index. In this paper, we explore a new function named "keyword diverting" and propose a variant of SSE named Divertible Searchable Symmetric Encryption (DivSSE). Specifically, the index in DivSSE is encoded into an inverted, compressed, and encrypted format, by using the super-increasing sequence, symmetric homomorphic encryption (SHE), and a secure hash function. According to the homomorphic properties of SHE, users can construct a unique keyword diverting token, which can be utilized to update the encrypted index by obliviously merging data identifiers corresponding to different keywords without searching in advance and thus achieve keyword diverting. Moreover, based on function secret sharing, DivSSE can protect users' search patterns and reduce communication costs with the assistance of two independent clouds. Detailed security proof demonstrates that DivSSE can achieve parallel privacy, forward privacy, and backward privacy. Extensive performance evaluation also shows that DivSSE is efficient in terms of computational and communication overheads.

Rong Cheng,Jingbo Yan,Chaowen Guan,Fangguo Zhang,Kui Ren

DOI: https://doi.org/10.1145/2714576.2714623

2015-01-01

Abstract:ABSTRACTSearchable symmetric encryption (SSE) allows a client to encrypt his data in such a manner that the data can be efficiently searched. SSE has practical application in cloud storage, where a client outsources his encrypted data to a cloud server while maintaining the searchable ability over his data. Most of the current SSE schemes assume that the cloud server is honest-but-curious. However, the cloud may actively cheat on the search process to keep its cost low. In this paper, we focus on the malicious cloud model and propose a new verifiable searchable symmetric encryption scheme. Our scheme is built on the secure indistinguishability obfuscation (iO) and can be considered as the first step to apply iO in the SSE field. Moreover, our scheme can be easily extended to multiple functionalities, such as conjunctive and boolean queries. Furthermore, it can be extended to realize a publicly verifiable SSE. Thorough analysis shows that our scheme is secure and achieves a better performance.

Zhongjun Zhang,Jianfeng Wang,Yunling Wang,Yaping Su,Xiaofeng Chen

DOI: https://doi.org/10.1007/978-3-030-29962-0_15

2019-01-01

Abstract:Searchable Symmetric Encryption (SSE) allows a server to perform search directly over encrypted data outsourced by user. Recently, the primitive of forward secure SSE has attracted significant attention due to its favorable property for dynamic data searching. That is, it can prevent the linkability from newly update data to previously searched keyword. However, the server is assumed to be honest-but-curious in the existing work. How to achieve verifiable forward secure SSE in malicious server model remains a challenging problem. In this paper, we propose an efficient verifiable forward secure SSE scheme, which can simultaneously achieve verifiability of search result and forward security property. In particular, we propose a new verifiable data structure based on the primitive of multiset hash functions, which enables efficient verifiable data update by incrementally hash operation. Compared with the state-of-the-art solution, our proposed scheme is superior in search and update efficiency while providing verifiability of search result. Finally, we present a formal security analysis and implement our scheme, which demonstrates that our proposed scheme is equipped with the desired security properties with practical efficiency.

Chen Guo,Xingbing Fu,Yaojun Mao,Guohua Wu,Fagen Li,Ting Wu

DOI: https://doi.org/10.3390/info9100242

2018-01-01

Information

Abstract:With the advent of cloud computing, more and more users begin to outsource encrypted files to cloud servers to provide convenient access and obtain security guarantees. Searchable encryption (SE) allows a user to search the encrypted files without leaking information related to the contents of the files. Searchable symmetric encryption (SSE) is an important branch of SE. Most of the existing SSE schemes considered single-user settings, which cannot meet the requirements for data sharing. In this work, we propose a multi-user searchable symmetric encryption scheme with dynamic updates. This scheme is applicable to the usage scenario where one data owner encrypts sensitive files and shares them among multiple users, and it allows secure and efficient searches/updates. We use key distribution and re-encryption to achieve multi-user access while avoiding a series of issues caused by key sharing. Our scheme is constructed based on the index structure where a bit matrix is combined with two static hash tables, pseudorandom functions and hash functions. Our scheme is proven secure in the random oracle model.

Xinrui Ge,Jia Yu,Hanlin Zhang,Chengyu Hu,Zengpeng Li,Zhan Qin,Rong Hao

DOI: https://doi.org/10.1109/tdsc.2019.2896258

2021-01-01

Abstract:Verifiable Searchable Symmetric Encryption, as an important cloud security technique, allows users to retrieve the encrypted data from the cloud through keywords and verify the validity of the returned results. Dynamic update for cloud data is one of the most common and fundamental requirements for data owners in such schemes. To the best of our knowledge, the existing verifiable SSE schemes supporting data dynamic update are all based on asymmetric-key cryptography verification, which involves time-consuming operations. The overhead of verification may become a significant burden due to the sheer amount of cloud data. Therefore, how to achieve keyword search over dynamic encrypted cloud data with efficient verification is a critical unsolved problem. To address this problem, we explore achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification and propose a practical scheme in this paper. In order to support the efficient verification of dynamic data, we design a novel Accumulative Authentication Tag (AAT) based on the symmetric-key cryptography to generate an authentication tag for each keyword. Benefiting from the accumulation property of our designed AAT, the authentication tag can be conveniently updated when dynamic operations on cloud data occur. In order to achieve efficient data update, we design a new secure index composed by a search table ST based on the orthogonal list and a verification list VL containing AATs. Owing to the connectivity and the flexibility of ST, the update efficiency can be significantly improved. The security analysis and the performance evaluation results show that the proposed scheme is secure and efficient.

Feng Li,Jianfeng Ma,Yinbin Miao,Ximeng Liu,Jianting Ning,Robert H. Deng

DOI: https://doi.org/10.1145/3617991

IF: 16.6

2024-01-01

ACM Computing Surveys

Abstract:Outsourcing data to the cloud has become prevalent, so Searchable Symmetric Encryption (SSE), one of the methods for protecting outsourced data, has arisen widespread interest. Moreover, many novel technologies and theories have emerged, especially for the attacks on SSE and privacy-preserving. But most surveys related to SSE concentrate on one aspect (e.g., single keyword search, fuzzy keyword search) or lack in-depth analysis. Therefore, we revisit the existing work and conduct a comprehensive analysis and summary. We provide an overview of state-of-the-art in SSE and focus on the privacy it can protect. Generally, (1) we study the work of the past few decades and classify SSE based on query expressiveness. Meanwhile, we summarize the existing schemes and analyze their performance on efficiency, storage space, index structures, and so on.; (2) we complement the gap in the privacy of SSE and introduce in detail the attacks and the related defenses; (3) we discuss the open issues and challenges in existing schemes and future research directions. We desire that our work will help novices to grasp and understand SSE comprehensively. We expect it can inspire the SSE community to discover more crucial leakages and design more efficient and secure constructions.

Jinjiang Yang,Feng Liu,Xinyi Luo,Jianan Hong,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/globecom48099.2022.10001146

2022-01-01

Abstract:Through Searchable Symmetric Encryption (SSE), a user can make search over encrypted documents that are stored on an untrusted cloud server. Multi-client SSE schemes require that one client can search documents contributed by other clients and upload documents. Nevertheless, existing multi- client SSE schemes implement the fine-grained access control with high complexity. Although fine-grained access control adapts to complex scenarios, it is not necessary anytime and may cause heavy costs over computation in SSE schemes. Moreover, it is crucial to support documents updating and forward privacy. To combat that, we design a multi-client SSE scheme with efficient access control over dynamic encrypted documents. Specifically, we first modify Symmetric Hidden Vector Encryption (SHVE) and utilize Bloom filter to implement the access control, which reduces much of computation overhead. We then employ Oblivious Dynamic Cross-Tag (ODXT) protocol to preserve the forward privacy of our scheme. Finally, the corresponding security and experimental evaluation demonstrate both security and practicality of our scheme, respectively.

Shunrong Jiang,Xiaoyan Zhu,Linke Guo,Jianqing Liu

DOI: https://doi.org/10.1109/tcc.2017.2684811

IF: 5.697

2017-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations while keeping privacy-preservation and achieving the verification requirements: authenticity, freshness, and completeness. The security analysis and performance evaluation show that the proposed scheme is privacy-preserving and practical.

Tianhao Wang,Yunlei Zhao

DOI: https://doi.org/10.1145/2897845.2897884

2016-01-01

Abstract:Cloud storage services such as Dropbox [1] and Google Drive [2] are becoming more and more popular. On the one hand, they provide users with mobility, scalability, and convenience. However, privacy issues arise when the storage becomes not fully controlled by users. Although modern encryption schemes are effective at protecting content of data, there are two drawbacks of the encryption-before-outsourcing approach: First, one kind of sensitive information, Access Pattern of the data is left unprotected. Moreover, encryption usually makes the data difficult to use. In this paper, we propose AIS (Access Indistinguishable Storage), the first client-side system that can partially conceal access pattern of the cloud storage in constant time. Besides data content, AIS can conceal information about the number of initial files, and length of each initial file. When it comes to the access phase after initiation, AIS can effectively conceal the behavior (read or write) and target file of the current access. Moreover, the existence and length of each file will remain confidential as long as there is no access after initiation. One application of AIS is SSE (Searchable Symmetric Encryption), which makes the encrypted data searchable. Based on AIS, we propose SBA (SSE Built on AIS). To the best of our knowledge, SBA is safer than any other SSE systems of the same complexity, and SBA is the first to conceal whether current keyword was queried before, the first to conceal whether current operation is an addition or deletion, and the first to support direct modification of files.

Jing Yao,Yifeng Zheng,Cong Wang,Xiaolin Gui

DOI: https://doi.org/10.1109/access.2018.2810297

IF: 3.9

2018-01-01

IEEE Access

Abstract:Searchable symmetric encryption (SSE) is a widely popular cryptographic technique that supports the search functionality over encrypted data on the cloud. Despite the usefulness, however, most of existing SSE schemes leak the search pattern, from which an adversary is able to tell whether two queries are for the same keyword. In recent years, it has been shown that the search pattern leakage can be exploited to launch attacks to compromise the confidentiality of the client's queried keywords. In this paper, we present a new SSE scheme which enables the client to search encrypted cloud data without disclosing the search pattern. Our scheme uniquely bridges together the advanced cryptographic techniques of chameleon hashing and indistinguishability obfuscation. In our scheme, the secure search tokens for plaintext keywords are generated in a randomized manner, so it is infeasible to tell whether the underlying plaintext keywords are the same given two secure search tokens. In this way, our scheme well avoids using deterministic secure search tokens, which is the root cause of the search pattern leakage. We provide rigorous security proofs to justify the security strengths of our scheme. In addition, we also conduct extensive experiments to demonstrate the performance. Although our scheme for the time being is not immediately applicable due to the current inefficiency of indistinguishability obfuscation, we are aware that research endeavors on making indistinguishability obfuscation practical is actively ongoing and the practical efficiency improvement of indistinguishability obfuscation will directly lead to the applicability of our scheme. Our paper is a new attempt that pushes forward the research on SSE with concealed search pattern.

Qiyang Song,Zhuotao Liu,Jiahao Cao,Kun Sun,Qi Li,Cong Wang

DOI: https://doi.org/10.1109/tifs.2020.3042058

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) enables users to search over encrypted documents in untrusted clouds without leaking the search keywords to the clouds. Existing SSE schemes achieve high search efficiency at the expense of leaking access patterns and search patterns, where clouds can recover a large percentage of queried keywords using the leaked access patterns and search patterns. To prevent clouds from recovering users' keywords, researchers have proposed a number of solutions to protect either search patterns or access patterns. However, none of them can protect both access patterns and search patterns. Moreover, existing SSE schemes cannot work in the generic database setting that allows multiple users to write or read over encrypted documents. In this paper, we propose an efficient searchable symmetric encryption scheme, called SAP-SSE, which protects both access patterns and search patterns in the generic database setting. The main idea of protecting search patterns is to leverage re-encryption cryptosystems to shuffle index entries over multiple clouds. To protect access patterns, we distribute secure indexes to multiple clouds and then propose an index redistribution protocol that allows users to renew index entries in clouds. Furthermore, SAP-SSE provides a configurable security policy to balance security and efficiency. Formal security analysis and experimental evaluation show that SAP-SSE can prevent pattern leakage with low overhead.

computer science, theory & methods,engineering, electrical & electronic

Shengshan Hu,Chengjun Cai,Qian Wang,Cong Wang,Minghui Li,Zhibo Wang,Dengpan Ye

DOI: https://doi.org/10.48550/arXiv.1909.09472

2019-09-20

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) allows the data owner to outsource an encrypted database to a remote server in a private manner while maintaining the ability for selectively search. So far, most existing solutions focus on an honest-but-curious server, while security designs against a malicious server have not drawn enough attention. A few recent works have attempted to construct verifiable SSE that enables the data owner to verify the integrity of search results. Nevertheless, these verification mechanisms are highly dependent on specific SSE schemes, and fail to support complex queries. A general verification mechanism is desired that can be applied to all SSE schemes. In this work, instead of concentrating on a central server, we explore the potential of the smart contract, an emerging blockchain-based decentralized technology, and construct decentralized SSE schemes where the data owner can receive correct search results with assurance without worrying about potential wrongdoings of a malicious server. We study both public and private blockchain environments and propose two designs with a trade-off between security and efficiency. To better support practical applications, the multi-user setting of SSE is further investigated where the data owner allows authenticated users to search keywords in shared documents. We implement prototypes of our two designs and present experiments and evaluations to demonstrate the practicability of our decentralized SSE schemes.

Qiang Zhang,Guojun Wang,Wenjuan Tang,Karim Alinani,Qin Liu,Xin Li

DOI: https://doi.org/10.1016/j.comcom.2021.05.009

IF: 5.047

2021-08-01

Computer Communications

Abstract:<p>Cloud storage services allow a data owner to share her/his outsourced data with other users, and enable the users to search target data by keywords. To ensure the data confidentiality, data owner always encrypt data using traditional encryption schemes before outsourcing. Whereas, it makes efficiently searching impossible. Symmetric searchable encryption (SSE) is a cryptographic primitive that resolves this tension. However, most existing SSE schemes do not consider the individual characteristics of users during the search, such that they cannot support personalized search services over encrypted data. Meanwhile, security and efficiency issues in the cloud service model have also severely affected the user's search experience, and the introduction of mobile edge servers can solve these problems to some extent. In this paper, we propose a personalized searchable encryption scheme (PSED) for mobile edge-assisted cloud storage. Our contribution consists of three aspects. First, we incorporate the user's preference factors into the user's query which enable users to get accurate personalized search results. Second, the computational overhead of the cloud server is reduced by calculating the relevance scores of the subqueries and subindexes on mobile edge servers. Third, by cutting the index and the query matrix, the encryption efficiency of the index and the query matrix is improved. Security analysis shows that PSED can guarantee the privacy of the data and the user. Experimental results demonstrate that the proposed schemes are highly efficient and accurate.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Qingqing Gan,Cong Zuo,Jianfeng Wang,Shi-Feng Sun,Xiaoming Wang

DOI: https://doi.org/10.1007/978-3-030-36938-5_3

2019-01-01

Abstract:Searchable symmetric encryption (SSE) has been proposed that enables the clients to outsource their private encrypted data onto the cloud server and later the data can be searched with limited information leakage. However, existing surveys have not covered most recent advances on SSE technique. To fill the gap, we make a survey on state-of-the-art representative SSE schemes in cloud environment. We mainly focus on dynamic SSE schemes with forward and backward privacy, two vital security elements to maintain query privacy during data update operations. Specifically, we discuss about SSE protocols based on query expressiveness, including single keyword search, conjunctive keyword search, range search, disjunctive keyword search and verifiable search. Finally, through comparison on query expressiveness, security and efficiency, we demonstrate the strengths and weaknesses of the existing SSE protocols.

Zuojie Deng,Kenli Li,Keqin Li,Jingli Zhou

DOI: https://doi.org/10.1016/j.future.2016.05.017

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:Multi-user searchable encryption (MSE) allows a user to encrypt its files in such a way that these files can be searched by other users that have been authorized by the user. The most immediate application of MSE is to cloud storage, where it enables a user to securely outsource its files to an untrusted cloud storage provider without sacrificing the ability to share and search over it. Any practical MSE scheme should satisfy the following properties: concise indexes, sublinear search time, security of data hiding and trapdoor hiding, and the ability to efficiently authorize or revoke a user to search over a file. Unfortunately, there exists no MSE scheme to achieve all these properties at the same time. This seriously affects the practical value of MSE and prevents it from deploying in a concrete cloud storage system. To resolve this problem, we propose the first MSE scheme to satisfy all the properties outlined above. Our scheme can enable a user to authorize other users to search for a subset of keywords in encrypted form. We use asymmetric bilinear map groups of Type-3 and keyword authorization binary tree (KABtree) to construct this scheme that achieves better performance. We implement our scheme and conduct performance evaluation, demonstrating that our scheme is very efficient and ready to be deployed.

Haochen Dou,Zhenwu Dan,Peng Xu,Wei Wang,Shuning Xu,Tianyang Chen,Hai Jin

DOI: https://doi.org/10.1109/tifs.2024.3350330

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Dynamic Searchable Symmetric Encryption (DSSE) is a prospective technique in the field of cloud storage for secure search over encrypted data. A DSSE client can issue update queries to an honest-but-curious server for adding or deleting his ciphertexts to or from the server and delegate keyword search over those ciphertexts to the server. Numerous investigations focus on achieving strong security, like forward-and-Type-I−-backward security, to reduce the information leakage of DSSE to the server as much as possible. However, the existing DSSE with such strong security cannot keep search correctness and stable security (or robustness, in short) if irrational queries are issued by the client, like duplicate add or delete queries and the delete queries for removing non-existed entries, to the server unintentionally. Hence, this work proposes two new DSSE schemes, named and , respectively. Both two schemes achieve forward-and-Type-I−-backward security while keeping robustness when irrational queries are issued. In terms of performance, has more efficient communication costs and roundtrips than . In contrast, has a more efficient search performance than . Its search performance is close to the existing DSSE scheme with the same security but fails to achieve robustness.

computer science, theory & methods,engineering, electrical & electronic

Jiadi Yu,Peng Lu,Yanmin Zhu,Guangtao Xue,Minglu Li

DOI: https://doi.org/10.1109/TDSC.2013.9

2013-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but at the cost of compromised efficiency. Searchable symmetric encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we focus on addressing data privacy issues using SSE. For the first time, we formulate the privacy issue from the aspect of similarity relevance and scheme robustness. We observe that server-side ranking based on order-preserving encryption (OPE) inevitably leaks data privacy. To eliminate the leakage, we propose a two-round searchable encryption (TRSE) scheme that supports top-k multikeyword retrieval. In TRSE, we employ a vector space model and homomorphic encryption. The vector space model helps to provide sufficient search accuracy, and the homomorphic encryption enables users to involve in the ranking while the majority of computing work is done on the server side by operations only on ciphertext. As a result, information leakage can be eliminated and data security is ensured. Thorough security and performance analysis show that the proposed scheme guarantees high security and practical efficiency.