Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Xiaotong Zhou,Debiao He,Jianting Ning,Min Luo,Xinyi Huang

DOI: https://doi.org/10.1109/tnse.2023.3300716

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Cloud-assisted Industrial Internet of Things (IIoT) gathers and analyzes multiple types of data (such as ambient and mechanical data) from physical devices to improve intelligent manufacturing. However, the heavy requirements for data storage and sharing have led to increased demands for efficiency and security in the IIoT system. Public-key Encryption with Keyword Search (PEKS) is an encryption method that provides both data confidentiality and efficient retrieval. Unfortunately, inside keyword guessing attacks (IKGA) have been a persistent issue in PEKS. To resist this attack, Public-key Authenticated Encryption with Keyword Search (PAEKS) has been developed. However, the existing PAEKS schemes are generally proven under intractability assumptions, such as Decisional Bilinear Diffie-Hellman (DBDH) and modified Decision Linear (mDLIN) assumptions, or they involve costly bilinear pairing operations, or rely on two non-colluded cloud servers, which are not suitable for large-scale IIoT applications. In this article, we propose a secure and efficient PAEKS scheme with only one server for cloud-assisted IIoT. Our proposal achieves the IKGA-secure property (i.e., it satisfies the trapdoor privacy and multi-ciphertext indistinguishability) and sidesteps the bilinear pairing operation. Our performance analysis demonstrates the feasibility of our scheme in IIoT by significantly improving computation efficiency (at least 21.97 times) with similar communication overhead.

Weifeng Long,Jiwen Zeng,Yaying Wu,Yan Gao,Hui Zhang

DOI: https://doi.org/10.3390/electronics13081449

IF: 2.9

2024-04-12

Electronics

Abstract:With superior computing power and efficient data collection capability, Internet of Medical Things (IoMT) significantly improves the accuracy and convenience of medical work. As most communications are over open networks, it is critical to encrypt data to ensure confidentiality before uploading them to cloud storage servers (CSSs). Public key encryption with keyword search (PEKS) allows users to search for specific keywords in ciphertext and plays an essential role in IoMT. However, PEKS still has the following problems: 1. As a semi-trusted third party, the CSSs may provide wrong search results to save computing and bandwidth resources. 2. Single-keyword searches often produce many irrelevant results, which is undoubtedly a waste of computing and bandwidth resources. 3. Most PEKS schemes rely on bilinear pairings, resulting in computational inefficiencies. 4. Public key infrastructure (PKI)-based or identity-based PEKS schemes face the problem of certificate management or key escrow. 5. Most PEKS schemes are vulnerable to offline keyword guessing attacks, online keyword guessing attacks, and insider keyword guessing attacks. We present a certificateless verifiable and pairing-free conjunctive public keyword searchable encryption (CLVPFC-PEKS) scheme. An efficiency analysis shows that the performance advantage of the new scheme is far superior to that of the existing scheme. More importantly, we provide proof of security under the standard model (SM) to ensure the reliability of the scheme in practical applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mohammed Raouf Senouci,Ilyas Benkhaddra,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2021.102271

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:As the wave of data breaches continues crashing down on companies, specially for companies that provide cloud storage services, the data security and privacy have become the main concern of most clients that use this kind of services. Certificateless public key encryption with keyword search (CLPEKS) is a novel cryptographic primitives that if implemented correctly, provides the possibility to search over an encrypted data that has been outsourced to the cloud server, while guaranteeing the privacy of the search-keyword used in the process. Several CLPEKS schemes have been presented in the literature, but many of them are found vulnerable to offline/online keyword guessing attacks either performed by inside attackers, outside attackers or by both. To overcome these security weaknesses, we propose an efficient and secure certificateless searchable encryption scheme that is proven to be resistant against different keyword guessing attacks under both, the hardness of solving the discrete logarithm (DL) and the computational Diffie-Hellman (CDH) problems in the random oracle model. Then, by conducting a comprehensive comparison between our proposed scheme and other related schemes, we found that the proposed scheme has better overall performance in terms of communication and computation complexities, while guaranteeing security against online and offline KGA performed by either outside attackers or inside attacker.

Pan Yang,Hongbo Li,Jianye Huang,Hao Zhang,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.future.2023.03.002

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Public-key Authenticated Encryption with Keyword Search (PAEKS) is a cryptographic primitive that can resist inside keyword guessing attack (KGA). However, most of the previously proposed PAEKS frameworks suffered from certificate management problem and key escrow problem. Inspired by the ideas of certificate-based cryptography, we propose a secure-channel free certificateless searchable public key authenticated encryption with keyword search (SCF-CLPAEKS) scheme which sloves the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems. Our scheme achieves security against keyword guessing attacks are performed by both inside and outside adversaries. Moreover, our scheme satisfies ciphertext indistinguishability (CI), trapdoor indistinguishability (TI), and designated testability simultaneously. The comparisons indicate that our SCF-CLPAEKS scheme enjoys a better performance compared with related schemes.

Xueqiao Liu,Hongbo Li,Guomin Yang,Willy Susilo,Joseph Tonien,Qiong Huang

DOI: https://doi.org/10.1007/978-3-030-31919-9_7

2019-01-01

Abstract:Certificateless Public-key Authenticated Encryption with Keyword Search (CLPAEKS) is derived from the Public-key Authenticated Encryption with Keyword Search (PAEKS) and simultaneously combines the features of the Public Key Cryptography (CLPKC). In a CLPAEKS scheme, the ciphertext is designed to meet the need for both confidentiality and authentication, i.e., on one hand, the ciphertext is the encryption of the keyword; on the other hand, adversaries are incapable of generating a valid ciphertext without the owner's private key. He et al. formalized security models for CLPAEKS and proposed a CLPAEKS scheme. However, we find their models are incomplete to capture the security requirements for CLPAEKS and re-formalize the security requirements for CLPAEKS in terms of trapdoor privacy and ciphertext indistinguishability. Besides, we point out that their scheme is vulnerable to the Keyword Guessing Attack (KGA) by a malicious receiver, which is not considered in their security model. Then we modify He et al.'s scheme and prove that the new scheme meets the new security requirements.

YiHua Zhou,Bin Tang,YuGuang Yang

DOI: https://doi.org/10.1002/ett.4960

IF: 3.6

2024-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Public key encryption with keyword search (PEKS) is able to enhance cloud data security. On the other hand, the existence of malicious cloud servers and untrusted central authorities, in addition the keyword space faces a low entropy, attackers often launch keyword guessing attacks (KGA), thereby leaking data privacy. Therefore, we use certificateless authentication and proxy re‐encryption technology to construct a lattice‐based verifiable PEKS scheme for Multi‐Data Users (MDU). Certificateless authentication can ensure that our scheme does not require key escrow, and proxy re‐encryption technology allows us to perform multi‐user authorization and use the verification block for data users to ensure the integrity of search results. Security research proves that, under the assumption that the learning with errors (LWE) problem is hard, the ciphertext is indistinguishable and resistant to KGA. Results from experiments show that our scheme is significantly more effective than current schemes.

telecommunications

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bin Wu,Caifen Wang,Hailong Yao

DOI: https://doi.org/10.1371/journal.pone.0230722

IF: 3.7

2020-04-09

PLoS ONE

Abstract:With the rapid development of informatization, an increasing number of industries and organizations outsource their data to cloud servers, to avoid the cost of local data management and to share data. For example, industrial Internet of things systems and mobile healthcare systems rely on cloud computing's powerful data storage and processing capabilities to address the storage, provision, and maintenance of massive amounts of industrial and medical data. One of the major challenges facing cloud-based storage environments is how to ensure the confidentiality and security of outsourced sensitive data. To mitigate these issues, He et al. and Ma et al. have recently independently proposed two certificateless public key searchable encryption schemes. In this paper, we analyze the security of these two schemes and show that the reduction proof of He et al.'s CLPAEKS scheme is incorrect, and that Ma et al.'s CLPEKS scheme is not secure against keyword guessing attacks. We then propose a channel-free certificateless searchable public key authenticated encryption (dCLPAEKS) scheme and prove that it is secure against inside keyword guessing attacks under the enhanced security model. Compared with other certificateless public key searchable encryption schemes, this scheme has higher security and comparable efficiency.

Shuo Zhang,Qiaoyan Wen,Wenmin Li,Hua Zhang,Zhengping Jin

DOI: https://doi.org/10.3390/s20236962

IF: 3.9

2020-12-05

Sensors

Abstract:Internet of Things (IoT) and cloud computing are adopted widely in daily life and industrial production. Sensors of IoT equipment gather personal, sensitive and important data, which is stored in a cloud server. The cloud helps users to save cost and collaborate. However, the privacy of data is also at risk. Public-key encryption with keyword search (PEKS) is convenient for users to use the data without leaking privacy. In this article, we give a scheme of PEKS for a multi-user to realize the multi-keyword search at once and extend it to show a rank based on keywords match. The receiver can finish the search by himself or herself. With private cloud and server cloud, most users’ computing can be outsourced. Moreover, the PEKS can be transferred to a multi-user model in which the private cloud is used to manage receivers and outsource. The store cloud and the private cloud both obtain nothing with the keyword information. Then our IoT devices can easily run these protocols. As we do not use any pairing operations, the scheme is under more general assumptions that means the devices do not need to take on the heavy task of calculating pairing.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ziqing Wang,Jin Li,Xiaoguang Liu,Xinyan Wu,Fagen Li

DOI: https://doi.org/10.1007/s11235-024-01131-8

2024-03-31

Telecommunication Systems

Abstract:A public key encryption with keyword search (PEKS) scheme allows users to share encrypted data through cloud servers. However, an inside adversary may launch inside keyword guessing attack (IKGA) for a given trapdoor and guess the keyword. Public key authenticated encryption with keyword search (PAEKS) is a variant of PEKS scheme that can resist IKGA. Most PAEKS schemes cannot resist quantum attacks. To solve this problem, we propose two lattice-based PAEKS schemes under random oracle and standard model respectively. We also improve the security model of PAEKS and prove the security of our schemes under the improved model. The ciphertext and trapdoor sizes of our first scheme are about half of those of the existing lattice-based PAEKS scheme CM22, and the test phase computation overhead of our scheme is about 50.37% of CM22.

telecommunications

Qiong Huang,Peisen Huang,Hongbo Li,Jianye Huang,Hongyuan Lin

DOI: https://doi.org/10.1016/j.sysarc.2023.102839

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:To realize ciphertext retrieval without decryption in the public key settings, Boneh et al. in 2004 proposed a cryptographic primitive named Public-key Encryption with Keyword Search (PEKS) and proposed the first PEKS scheme. Following Boneh et al.’s work, various PEKS schemes were proposed; however, most schemes are vulnerable to inside keyword guessing attacks (IKGA). Huang and Li proposed a new primitive named Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017, which resists the IKGA in the setting of only one test server. Their main idea to resist IKGA is to require the data sender to authenticate the ciphertext while encrypting a keyword. However, in the era of big data, as the number of encrypted files increases, huge storage overhead and heavy retrieval costs become problems in PAEKS. In this paper, we proposed a new PAEKS scheme that costs low storage space and supports fast search. We introduced the ciphertext deduplication into PAEKS to reduce storage space and leveraged the inverted index to accelerate the retrieval process. We simulated the proposed scheme and several related schemes with a desktop computer. The experiment results show that our proposed scheme is of lower storage overhead and higher retrieval efficiency compared with related schemes.

Yaojun Mao,Xingbing Fu,Chen Guo,Guohua Wu

DOI: https://doi.org/10.1002/ett.3531

IF: 3.6

2018-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:Public key encryption With keyword search (PEKS) enables a cloud server (CS) to get the search trapdoor to identify ciphertext containing the target keyword without decrypting the ciphertext or knowing the target keyword. With the advent of mobile cloud computing, PEKS has ushered in an era of new development opportunities and new challenges. In mobile cloud computing environment, the PEKS schemes demand strict bounded timing response and security. However, traditional PEKS schemes rely on heavy bilinear pairing computations, which causes a delay from the CS to the mobile terminal. Moreover, as computing power increases, PEKS is more vulnerable to suffer from an inherent insecurity known as inside keyword guessing attack, which leaks user data query information. To achieve a secure and efficient searchable encryption scheme in the mobile cloud computing environment, we put forward a lattice‐based searchable encryption scheme that supports conjunctive keyword search. Our scheme achieves higher computational efficiency and is resistant against quantum attacks compared with traditional PEKS schemes. To further enhance security and make our scheme secure against keyword guessing attack, we hide the decryption parameters by outsourcing part of the decryption process to a semitrusted third party called unusual keyword server, so that the CS cannot guess the exact keyword by performing consistency verification.

Xiangyu Pan,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2021.102075

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:The notion of Public-key Encryption with Keyword Search (PEKS) was first proposed by Boneh et al. in 2004. However, almost all PEKS schemes cannot resist offline Keyword Guessing Attacks (KGA). To address this issue, Huang and Li introduced the notion of Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017. Recently, Qin et al. put forward a new security model named Multi-Ciphertext Indistinguishability (MCI), in which an adversary aims to distinguish two tuples of ciphertexts. They found that Huang and Li’s scheme cannot achieve MCI-security, so they proposed a new scheme which is able to achieve MCI-security. Furthermore, Qin et al. referred to another security model named Multi-Trapdoor Indistinguishability (MTI). They stated that the future work direction is to design a scheme which can achieve both MCI-security and MTI-security. In this paper, we present a new PAEKS scheme and prove that it is capable of achieving MCI-security and MTI-security simultaneously with the help of random oracles. Finally, we compare our scheme with other four related schemes using PBC library and provide experimental results. It turns out that our scheme achieves a higher security level with a little more cost.

Venkata Bhikshapathi Chenam,Suneeth Yadav Tummala,Syed Taqi Ali

DOI: https://doi.org/10.1007/s12083-023-01618-2

IF: 3.488

2024-02-09

Peer-to-Peer Networking and Applications

Abstract:Public Key Encryption with Keyword Search (PEKS) is a promising cryptographic primitive that allows searching over encrypted data in secure data outsourcing services. Initially, several PEKS schemes were developed for conjunctive keyword search, but they relied on certain assumptions regarding keyword fields. To address this limitation, an Efficient Public-Key Encryption with Field-free Conjunctive Keyword Search (PEFCK) scheme was introduced in 2015. PEFCK enables conjunctive keyword search without any specific ordering of the keywords. However, PEFCK is vulnerable to keyword guessing attacks (KGA), which compromise its security. To overcome the KGA vulnerability, we propose a new scheme called Public Key Authenticated Encryption with Field-free Subset Conjunctive and Disjunctive Keyword Search (PAEFSCDKS), which leverages the mathematical concept of Lagrange Polynomials. This scheme incorporates three key features: 1) Sender Authentication: The sender encrypts the keywords using both the receiver's public key and its private key, ensuring sender authenticity and integrity. 2) Secure Channel-free: Unlike traditional approaches, our scheme does not require a secure channel to transfer data from the receiver to the cloud server. This eliminates the need for additional secure communication overhead. 3) Subset Conjunctive and Disjunctive Keyword Search: The receiver can perform queries that involve both subset conjunctive and disjunctive keywords, enabling more flexible and powerful searches. Furthermore, we demonstrate that our proposed scheme achieves provable security under index indistinguishability and trapdoor indistinguishability against both internal and external adversaries. Finally, through performance analysis, we show that our proposed scheme outperforms similar PEKS schemes in terms of both theoretical and experimental evaluations.

computer science, information systems,telecommunications

Guiquan Yang,Sha Ma,Hongbo Li,Husheng Yang,Qiong Huang

DOI: https://doi.org/10.1007/978-981-97-0942-7_15

2024-01-01

Abstract:To efficiently and securely search encrypted files in cloud storage, Boneh et al. proposed the notion of Public Key Encryption with Keyword Search(PEKS) in 2004. However, original PEKS is susceptible to internal keyword guessing attacks(KGA) launched by server due to the limited keyword space. To resist this attack, Huang and Li introduced the notion of Public Key Authenticated Encryption with Keyword Search (PAEKS), which effectively resists KGA from server by additional authentication between the sender and receiver before encryption. Since both the sender and receiver can generate a common authentication key, a curious sender can use the authentication key to launch KGA, resulting in easily guessing keyword from a given trapdoor. To address this issue, we propose an improved security model for PAEKS that captures both offline KGA and online KGA launched by the curious sender. Then, we present a concrete Stronger Security Public Key Authenticated Encryption with Multi-keyword Search (S-PAEMKS) scheme, which not only supports multi-keyword search but also successfully counters KGA from curious senders. Finally, the experimental results show that our scheme achieves remarkable efficiency in the encryption phase and comparable efficiency in the trapdoor and testing phases.

Xiaojun Zhang,Chunxiang Xu,Huaxiong Wang,Yuan Zhang,Shixiong Wang

DOI: https://doi.org/10.1109/tdsc.2019.2914117

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud-assisted Industrial Internet of Things (IIoT) relies on cloud computing to provide massive data storage services. To ensure the confidentiality, sensitive industrial data need to be encrypted before being outsourced to cloud storage server. Public-key encryption with keyword search (PEKS) enables users to search target encrypted data by keywords. However, most existing PEKS schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, they suffer from key exposure, and thus the security would be broken once the keys are compromised. In this paper, we propose a forward secure PEKS scheme (FS-PEKS) based on lattice assumptions for cloud-assisted IIoT, which is post-quantum secure. We integrate a lattice-based delegation mechanism into FS-PEKS to achieve forward security, such that the security of the system is still guaranteed even the keys are compromised by the adversaries. We define the first formal security model on forward security of PEKS, and prove the security of FS-PEKS under the model. As the keywords of industrial data are with inherently low entropy, we further extend FS-PEKS to resist insider keyword guessing attacks (IKGA). The comprehensive performance evaluation demonstrates that FS-PEKS is practical for cloud-assisted IIoT.

Lingling Xu,Jin Li,Xiaofeng Chen,Wanhua Li,Shaohua Tang,Hao-Tian Wu

DOI: https://doi.org/10.1016/j.jnca.2018.12.003

IF: 7.574

2019-01-01

Journal of Network and Computer Applications

Abstract:With the widespread adoption of Internet of Things (IoT) and cloud computing, more and more individuals and organizations are outsourcing their IoT data in the cloud server. Under these circumstances, how to protect the privacy and security of the outsourced data becomes a key challenge. Public key encryption with keyword search (PEKS) is a promising technology to solve the problem. In this paper, we present a new kind of PEKS named time controlled public key encryption with delegated conjunctive keyword search (tc-PEDCKS) for IoT deployment. A basic tc-PEDCKS is firstly presented which supports conjunctive keyword search and enables a data user to delegate access right over the data to others in a limited time period. To resist against the keyword guessing attacks, a more secure tc-PEDCKS with designated server construction is also presented. The two constructions are proved secure in the random oracle model. The performance evaluation and experimental results demonstrate that our constructions are practical and feasible for real world IoT scenarios.

Mohammed Raouf Senouci,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1007/978-981-99-9331-4_29

2024-01-01

Abstract:Nowadays, users prefer to encrypt their sensitive data before outsourcing it to the cloud. although, performing the encryption assures the data privacy, but it jeopardizes the search functionality. Public key encryption with keyword search (PEKS) is a potential solution for addressing this problem. However, most PEKS schemes are either inefficient, or susceptible to some type of attack(s) (i.e. inside keyword guessing attack, outside keyword guessing attack, ...etc.). Therefore, we propose a sustainable certificateless authenticated encryption system with keyword search scheme. To the best of our knowledge, the proposed scheme considers the multi-trapdoor indistinguishability in the certificateless primitive. Moreover, a thorough security analysis shows that our scheme also guarantees the security against both online and offline keyword guessing attacks. Finally, based on the performance analysis results, we find that the suggested scheme is efficient and outperforms the other schemes.

Haorui Du,Jianhua Chen,Fei Lin,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2309834

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Cloud computing can provide users with sufficient computing resources, storage, and bandwidth to meet their needs. Data security and privacy protection are among the new threats faced by users. Searchable encryption is the combination of search technology and encryption technology. Searchable encryption can upload the user’s data to the cloud server after special encryption, and can realize the function of retrieving according to keywords. Comparatively to symmetric searchable encryption (SSE), public key searchable encryption (PEKS) simplifies key management greatly. However, most existing public key authenticated encryption with keyword search (PAEKS) schemes are based bilinear pairing, making them computationally expensive. Apart from this, complex retrieval requirements and the integrity of the results had not been considered. To address these problems, we propose a blockchain-based PAEKS schemes supporting multi-keyword queries and integrity verification. In addition, we provide security proofs for the PAEKS scheme under the decisional oracle Diffie-Hellman (DODH) assumption. This scheme a scheme that requires less storage and computational power than other schemes of the same kind.