Hongtao Yu,Suhui Liu,Liquan Chen,Yuan Gao

DOI: https://doi.org/10.1016/j.sysarc.2024.103103

IF: 5.836

2024-03-09

Journal of Systems Architecture

Abstract:In smart wards, data generated by wearables and monitoring devices are periodically transferred to the cloud server for long-term logging and subsequent access. Remote cloud storage inevitably raises security and access control challenges. Encryption can secure data but may severely impact the value generated by sharing data. More importantly, the privacy leakage caused by keyword searches is unacceptable for medical data. The designated-server public-key encryption with keyword search (dPEKS) can realize ciphertext-based search. However, existing dPEKS face an efficiency bottleneck as they only achieve one-to-one data sharing. In addition, cloud-controlled access control creates over-centralized power. In contrast, using blockchain to control who can search has the extra benefit that the blockchain can record access behavior for subsequent tracking. Therefore, this paper proposes a blockchain-assisted dPEKS (BC-dPEKS) scheme, which exploits a permissioned blockchain to perform trapdoor generation on behalf of data users and record data uploading and access for tracing. To the best of our knowledge, this is the first scheme to tightly integrate blockchain to change PEKS primitive to achieve one-to-many search. Formal security models, the corresponding security proofs, and comprehensive performance analysis are presented.

computer science, software engineering, hardware & architecture

Gang Xu,Shiyuan Xu,Yibo Cao,Fan Yun,Yu Cui,Yiying Yu,Ke Xiao

DOI: https://doi.org/10.1155/2022/3368819

IF: 1.968

2022-03-29

Security and Communication Networks

Abstract:In the current E-healthcare scenarios, medical institutions are used to encrypt the information and store it in an Electronic Health Record (EHR) system in order to ensure the privacy of medical information. To realize data sharing, a Public-key Encryption with Keyword Search (PEKS) scheme is indispensable, ensuring doctors search for medical information in the state of ciphertext. However, the traditional PEKS scheme cannot resist the keyword guessing quantum computing attacks, and its security depends on the confidentiality of the secret key. In addition, classical PEKS hand over the search process to a third party, affecting the search results’ accuracy. Therefore, we proposed a postquantum Public-key Searchable Encryption scheme on Blockchain (PPSEB) for E-healthcare scenarios. Firstly, we utilized a lattice-based cryptographic primitive to ensure the security of the search process and achieve forward security to avoid key leakage of medical information. Secondly, we introduced blockchain technology to solve the problem of third-party untrustworthiness in the search process. Finally, through security analysis, we prove the correctness and forward security of the solution in the E-healthcare scenarios, and the comprehensive performance evaluation demonstrates the efficiency of our scheme compared with other existing schemes.

computer science, information systems,telecommunications

Mohammed Raouf Senouci,Ilyas Benkhaddra,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1007/s11235-024-01121-w

2024-03-22

Telecommunication Systems

Abstract:Nowadays, users often opt to encrypt their sensitive data before outsourcing it to the cloud. While this encryption ensures data privacy, it compromises the search functionality. Public key encryption with keyword search (PEKS) has been posited as a potential solution to this challenge. However, many PEKS schemes are either inefficient or vulnerable to various types of attacks, such as inside keyword guessing attacks, outside keyword guessing attacks, etc. In response, we introduce a sustainable certificateless authenticated encryption system with a keyword search scheme. To the best of our knowledge, this proposed scheme is the first to consider multi-trapdoor indistinguishability within the certificateless primitive. Furthermore, our in-depth security analysis indicates that our scheme effectively protects against both online and offline keyword guessing attacksAdditionally, it ensures semantic security by offering both ciphertext indistinguishability and multi-trapdoor indistinguishability. Performance analysis results also suggest that our scheme is efficient and superior to existing alternatives.

telecommunications

Sheng Gao,Yuqi Chen,Jianming Zhu,Zhiyuan Sui,Rui Zhang,Xindi Ma

DOI: https://doi.org/10.1109/tcc.2022.3196712

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Searchable encryption (SE) has emerged as a cryptographic primitive that allows data users to search on encrypted data. Most existing SE schemes usually delegate search operations to an intermediary such as a cloud server, which would inevitably result in single-point failure, privacy leakage, and even untrustworthy results. Several blockchain-based SE schemes have been proposed to alleviate these issues; however, they suffer from some issues, such as the support for multi-keyword multi-owner model, query privacy and data storage availability. In this paper, we propose BPMS, blockchain-based privacy-preserving multi-keyword search in multi-owner setting, which supports searching over encrypted data in trustworthy, private and efficient manners. The attribute Bloom filter has been introduced into our BPMS to build indexes, which protects query privacy and improves index generation performance. To guarantee data storage availability, our BPMS leverages the advantages of IPFS (InterPlanetary File System) to store large scale of encrypted data. Security proof and comparative analysis in theory indicate that our BPMS is more secure and efficient. A series of experiments conducted on a real-world dataset further demonstrate that our BPMS is feasible in practice.

computer science, information systems, theory & methods

Yiming Zhu,Dehua Zhou,Yuan Li,Beibei Song,Chuansheng Wang

DOI: https://doi.org/10.3390/fi15060197

2023-05-30

Future Internet

Abstract:Recently, significant progress has been made in the field of public key encryption with keyword search (PEKS), with a focus on optimizing search methods and improving the security and efficiency of schemes. Keyword frequency analysis is a powerful tool for enhancing retrieval services in explicit databases. However, designing a PEKS scheme that integrates keyword frequency analysis while preserving privacy and security has remained challenging, as it may conflict with some of the security principles of PEKS. In this paper, we propose an innovative scheme that introduces a security deadline to query trapdoors through the use of timestamps. This means that the keywords in the query trapdoor can only be recovered after the security deadline has passed. This approach allows for keyword frequency analysis of query keywords without compromising data privacy and user privacy, while also providing protection against keyword-guessing attacks through the dual-server architecture of our scheme. Moreover, our scheme supports multi-keyword queries in multi-user scenarios and is highly scalable. Finally, we evaluate the computational and communication efficiency of our scheme, demonstrating its feasibility in practical applications.

Nyamsuren Vaanchig,Zhi Guang Qin

DOI: https://doi.org/10.3934/mbe.2019193

2019-05-05

Abstract:Public Key Encryption with Keyword Search (PEKS) is a desirable technique to provide searchable functionality over encrypted data in public key settings, which allows a user to delegate a third party server to perform the search operation on encrypted data by means of keyword search trapdoor without learning about the data. However, the existing PEKS schemes cannot be directly applied to practice due to keyword guessing attack or the absence of a mechanism to limit the lifetime of a trapdoor. By addressing these issues at the same time, this paper presents a Public Key Encryption Scheme with Temporary and Fuzzy Keyword Search (PETFKS) by using a fuzzy function and an encryption tree. The proposed PETFKS scheme is proven adaptively secure concerning keyword confidentiality and backward and forward secrecy in the random oracle model under the Bilinear Di e-Hellman assumption. Moreover, it is also proven selectively secure with regard to the resistance of keyword guessing attack. Furthermore, the security and e ciency analyses of the proposed scheme are provided by comparing to the related works. The analyses indicate that the proposed scheme makes a threefold contribution to the practical application of public key encryption with keyword search, namely o ering secure search operation, limiting the lifetime of a trapdoor and enabling secure time-dependent data retrieval.

Xiaodong Yang,Tian Tian,Jiaqi Wang,Caifen Wang

DOI: https://doi.org/10.1007/s12083-022-01345-0

2022-07-25

Abstract:Nowadays, with the rapid development of smart health-care based on electronic health records, it remarkably supplies a promising way to alleviate the shortage of medical resources and improve medical efficiency. Meanwhile, data in electronic health records are sensitive and require protection against unauthorized access. However, most previous electronic health records sharing schemes are vulnerable to data leakage and forgery. To address these challenging problems, we propose a new electronic health record sharing scheme. We use the certificateless cryptosystem to encrypt keywords, which solves the certificate management problem and key escrow problem. The proposed scheme also supports multi-user search and the user authorization table can be used to modify access permissions of medical data users. Besides, the root values of the Merkle trees are written into the blockchain to ensure anti-tampering, integrity and traceability of search results. Moreover, a smart contract enables a fair transaction between cloud server provider and medical data users without trusted third parties. We prove that the proposed scheme is secure against the keyword guessing attack in the random oracle model. Furthermore, performance analysis demonstrates that our scheme has greater computational efficiency compared with other related schemes.

computer science, information systems,telecommunications

Li, Liangshun

DOI: https://doi.org/10.1007/s12083-024-01795-8

IF: 3.488

2024-09-12

Peer-to-Peer Networking and Applications

Abstract:With the rapid development of medical information technology, the widespread adoption and application of electronic medical data have prompted more and more healthcare institutions to choose to store medical data in cloud servers to facilitate easier sharing. Attribute-based encryption is utilized for sharing electronic medical data to achieve fine-grained access control. However, storing access policies in plaintext can easily expose user privacy. Additionally, during the data sharing process, placing data retrieval in the cloud prevents secure and reliable searches. To address these issues, this paper proposes a blockchain-based privacy preserving and keyword-searchable scheme for medical data sharing(BPPKS). Access policies are transformed into vector-matrix form, concealing attributes within access policies to prevent the leakage of authorized user privacy information. Leveraging blockchain's transparency, tamper-resistance, and integrity verification features, smart contracts are used for retrieval and verification, enabling secure and reliable data searches while ensuring the integrity of medical data. Simultaneously, some complex decryption operations are delegated to the cloud servers, reducing the decryption load for users to a constant level. Finally, security analysis demonstrates that this scheme can withstand adaptive chosen keyword attacks (IND-CKA), and performance evaluations show higher efficiency in computation and storage aspects.

computer science, information systems,telecommunications

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Guiquan Yang,Sha Ma,Hongbo Li,Husheng Yang,Qiong Huang

DOI: https://doi.org/10.1007/978-981-97-0942-7_15

2024-01-01

Abstract:To efficiently and securely search encrypted files in cloud storage, Boneh et al. proposed the notion of Public Key Encryption with Keyword Search(PEKS) in 2004. However, original PEKS is susceptible to internal keyword guessing attacks(KGA) launched by server due to the limited keyword space. To resist this attack, Huang and Li introduced the notion of Public Key Authenticated Encryption with Keyword Search (PAEKS), which effectively resists KGA from server by additional authentication between the sender and receiver before encryption. Since both the sender and receiver can generate a common authentication key, a curious sender can use the authentication key to launch KGA, resulting in easily guessing keyword from a given trapdoor. To address this issue, we propose an improved security model for PAEKS that captures both offline KGA and online KGA launched by the curious sender. Then, we present a concrete Stronger Security Public Key Authenticated Encryption with Multi-keyword Search (S-PAEMKS) scheme, which not only supports multi-keyword search but also successfully counters KGA from curious senders. Finally, the experimental results show that our scheme achieves remarkable efficiency in the encryption phase and comparable efficiency in the trapdoor and testing phases.

Axin Wu,Yinghui Zhang,Xiaokun Zheng,Rui Guo,Qinglan Zhao,Dong Zheng

DOI: https://doi.org/10.1007/s12243-018-00699-y

2019-01-03

Annals of Telecommunications

Abstract:Attribute-based encryption, especially ciphertext-policy attribute-based encryption, plays an important role in the data sharing. In the process of data sharing, the secret key does not contain the specific information of users, who may share his secret key with other users for benefits without being discovered. In addition, the attribute authority can generate the secret key from any attribute set. If the secret key is abused, it is difficult to judge whether the abused private key comes from users or the attribute authority. Besides, the access control structure usually leaks sensitive information in a distributed network, and the efficiency of attribute-based encryption is a bottleneck of its applications. Fortunately, blockchain technology can guarantee the integrity and non-repudiation of data. In view of the above issues, an efficient and privacy-preserving traceable attribute-based encryption scheme is proposed. In the proposed scheme, blockchain technologies are used to guarantee both integrity and non-repudiation of data, and the ciphertext can be quickly generated by using the pre-encryption technology. Moreover, attributes are hidden in anonymous access control structures by using the attribute bloom filter. When a secret key is abused, the source of the abused secret key can be audited. Security and performance analysis show that the proposed scheme is secure and efficient.

telecommunications

Yuan Zhang,Chunxiang Xu,Jianbing Ni,Hongwei Li,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/tcc.2019.2923222

IF: 5.697

2021-10-01

IEEE Transactions on Cloud Computing

Abstract:Cloud storage enables users to outsource data to storage servers and retrieve target data efficiently. Some of the outsourced data are very sensitive and should be prevented for any leakage. Generally, if users conventionally encrypt the data, searching is impeded. Public-key encryption with keyword search (PEKS) resolves this tension. Whereas, it is vulnerable to keyword guessing attacks (KGA), since keywords are low-entropy. In this paper, we present a secure PEKS scheme called SEPSE against KGA, where users encrypt keywords with the aid of dedicated key servers via a threshold and oblivious way. SEPSE supports key renewal to periodically replace an existing key with a new one on each key server to thwart the key compromise. Furthermore, SEPSE can efficiently resist online KGA, where each keyword request made by a user is integrated into a transaction on a public blockchain (e.g., Ethereum), which allows key servers to learn the number of keyword requests made by the user without requiring a synchronization between them for per-user rate limiting. Security analysis and performance evaluation demonstrate that SEPSE provides a stronger security guarantee compared with existing schemes, at the expense of acceptable computational costs.

computer science, information systems, theory & methods

Yanping Li,Qiang Cao,Kai Zhang,Fang Ren

DOI: https://doi.org/10.1016/j.sysarc.2021.102006

IF: 5.836

2021-05-01

Journal of Systems Architecture

Abstract:<p>The keyword-based searchable encryption is a very promising technology in the cloud storage, which can supply data users with accurate search services over encrypted data based on queried keywords. An important security objective of this kind of schemes is to resist keyword privacy leakage because it may cause content leakage of to data itself and search preferences of data users. To protect keyword privacy, the existing methods mainly are implemented by keyword ciphertext indistinguishability and trapdoor indistinguishability. And there is few works to resist keyword privacy leakage from access pattern and search pattern simultaneously, which will inevitably affects the further application of this promising technology. In order to avoid keyword privacy leakage from above two patterns, we first construct a novel secure keyword index called the global index pair which is used to construct a k-nearest neighbour search, i.e., a data user can always receive the top-k encrypted files which are the most relevant to the search query. To effectively save computing costs and storage costs for DUs, a new order-preserving transformation is designed in our scheme to generate trapdoor without DUs computing the inverse of matrix. Secondly, our construction is independent of a specific searchable encryption scheme. Any kind of a keyword-based searchable encryption scheme can apply our method to resist the keyword privacy leakage both from access pattern and search pattern. Finally, the detailed security analyses are given to demonstrate that the advantage of any Level-3 attacker launching efficient inside attack from search pattern and access pattern is negligible, i.e., our construction can protect the keyword privacy against an inside attacker.</p>

computer science, software engineering, hardware & architecture

Huijun Zhu,Qingji Xue,Tianfeng Li,Dong Xie

DOI: https://doi.org/10.3390/e24030309

2022-02-22

Abstract:Public key encryption supporting equality test (PKEwET) schemes, because of their special function, have good applications in many fields, such as in cloud computing services, blockchain, and the Internet of Things. The original PKEwET has no authorization function. Subsequently, many PKEwET schemes have been proposed with the ability to perform authorization against various application scenarios. However, these schemes are incapable of traceability to the ciphertexts. In this paper, the ability of tracing to the ciphertexts is introduced into a PKEwET scheme. For the ciphertexts, the presented scheme supports not only the equality test, but also has the function of traceability. Meanwhile, the security of the proposed scheme is revealed by a game between an adversary and a simulator, and it achieves a desirable level of security. Depending on the attacker's privileges, it can resist OW-CCA security against an adversary with a trapdoor, and can resist IND-CCA security against an adversary without a trapdoor. Finally, the performance of the presented scheme is discussed.

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wanshan Xu,Jianbiao Zhang,Yilin Yuan,Xiao Wang,Yanhui Liu,Muhammad Irfan Khalid

DOI: https://doi.org/10.7717/peerj-cs.930

2022-03-21

Abstract:Searchable symmetric encryption (SSE) provides an effective way to search encrypted data stored on untrusted servers. When the server is not trusted, it is indispensable to verify the results returned by it. However, the existing SSE schemes either lack fairness in the verification of search results, or do not support the verification of multiple keywords. To address this, we designed a multi-keyword verifiable searchable symmetric encryption scheme based on blockchain, which provides an efficient multi-keyword search and fair verification of search results. We utilized bitmap to build a search index in order to improve search efficiency, and used blockchain to ensure fair verification of search results. The bitmap and hash function are combined to realize lightweight multi-keyword search result verification, compared with the existing verification schemes using public key cryptography primitives, our scheme reduces the verification time and improves the verification efficiency. In addition, our scheme supports the dynamic update of files and realizes the forward security in update. Finally, formal security analysis proves that our scheme is secure against Chosen-Keyword Attacks (CKA), experimental analysis demonstrations that our scheme is efficient and viable in practice.

Kaibin Huang,Raylin Tso

DOI: https://doi.org/10.1109/ivsw.2017.8031542

2017-07-01

Abstract:In public key encryption with keyword search (PEKS) framework, see Figure 1(a), the cloud server stores index $l_{w}$ and verifies the equivalence whether w=w&#x27; or not on receiving a keyword search request through a trapdoor $T_{w&#x27;}$. Aside from the traditional secrecy concerns over index, a new threat called inner keyword guessing attack which addressed the secrecy of trapdoors against off-line brute force attacks, was indicated by Chen et al. First, the index $I_{w}$ is publicly computable; second, the domain of keywords is not big enough to resist brute force attacks; and third, the cloud server can verify the equivalence between keywords of index and trapdoors by itself. As a curious server, on input a trapdoor $T_{w^{&#x27;}}$, the server can keep computing index with different keywords $w$ and tests the equivalence by itself until finding the keyword $w^{\prime}$ hidden in the trapdoors. That is, the secrecy of trapdoors can be easily broken. Furthermore, the ‘hacked trapdoor’ can be utilized to test all the index in the database, which indirectly impacts the secrecy of index. Chen et al. propose a dual-server PEKS (DS-PEKS) syntax to deal with this issue. There are a front server and a back server in their architecture (see Figure 1(b)) and the keyword search test is done by the co-operation of two servers. Assume that these two servers do not collude, the DS-PEKS scheme will be secure against offline inner keyword guessing attacks (although that the on-line inner keyword guessing attacks still work). However, several flaws occur in Chen et al.&#x27;s works so that the secrecy of index and trapdoors are not well-protected even against outside adversaries. In this work, we propose a new DS-PEKS construction based on the Cramer Shoup encryption, whose index and trapdoors are provably indistinguishable against chosen keyword attacks based on the IND-CCA2 security of the Cramer Shoup encryption without random oracle model.

Jingwei Liu,Yue Fan,Rong Sun,Lei Liu,Celimuge Wu,Shahid Mumtaz

DOI: https://doi.org/10.1109/jiot.2023.3287636

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to the massive applications of Internet of Things (IoT) and the prevalence of wearable devices, e-healthcare systems are widely deployed in medical institutions. As a significant carrier of medical data, electronic medical record (EMR) is convenient to be stored and retrieved, which greatly simplifies the experience of medical treatment and cuts down the trivial work of paramedics. However, EMRs usually include much sensitive information such as patients’ identification numbers or home addresses that may be easily captured by unauthorized doctors and cloud servers. Based on this concern, e-healthcare systems can make use of attribute-based encryption (ABE) to protect private information while achieving fine-grained access control of encrypted EMRs. Whereas, most ABE schemes do not support both policy hiding and keyword search. To address the above issues, we propose an inner product searchable encryption scheme with multi-keyword search (MK-IPSE) based on blockchain to provide full privacy preservation and efficient ciphertext retrieval for EMRs. Inner product encryption (IPE) can not only specify access permissions such that only users with matched attributes can get the target files, but also support access policy hiding. Besides, the proposed scheme combines searchable encryption (SE) and federated blockchain (FB) to implement efficient and stable multi-keyword search. Compared with the existing schemes, MK-IPSE shows better performance on computation and storage. Additionally, security analysis demonstrates that our scheme can resist IND-CKA and collusion attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xu Ma,Chen Wang,Xiaofeng Chen

DOI: https://doi.org/10.1016/j.csi.2021.103543

2021-10-01

Abstract:<p>Along with the progress of cloud service, a growing quantity of data owners store their data on cloud databases, which can not only reduce data owners' storage cost but also provide a quick search function. However, while cloud storage brings some conveniences to users, new privacy problems may emerge, such as the leakage of data privacy and user's query privacy. The best way of protecting data privacy is to encrypt the data. So how to efficiently retrieve the ciphertext to make it available becomes a hot issue in recent years. In this paper, new searchable encryption with multiple keywords is described, it can improve the accuracy of retrieval results, and we present a secure and trusted data sharing framework based on attribute-based encryption (ABE), searchable encryption, and blockchain. Unlike the previous studies, we realize flexible data sharing by using ABE. Furthermore, we transfer the related calculation of ciphertext retrieval to blockchain for credible execution without relying on any trusted third party. The security analysis proves that our method meets the proposed security requirements of data, keyword index, trapdoor, and query. Finally, the experimental results indicate that our scheme suggested has certain practicability and efficiency.</p>

computer science, software engineering, hardware & architecture

Lidong Han,Junling Guo,Guang Yang,Qi Xie,Chengliang Tian

DOI: https://doi.org/10.1109/access.2021.3126867

IF: 3.9

2021-01-01

IEEE Access

Abstract:Searchable encryption is an important cryptographic technique that achieves data security and keyword retrieval over encrypted data in cloud. In 2004, Boneh et.al proposed the first searchable encryption scheme based on asymmetric cryptography. Since then, many variants of public key searchable encryption schemes were proposed. However, most previous works are vulnerable to multi-ciphertext attack, and they cannot provide trapdoor indistinguishability. Another problem is how to improve the searching efficiency. To deal with two issues, we construct a fast and secure public key authenticated searchable encryption scheme with designed server. Our scheme can resist keyword guessing attacks, chosen multi-keyword attacks and multi-trapdoor attacks. The search function in our scheme achieves the logarithmic search time in number of keywords while most existing schemes required the linear time. By comparison with previous schemes in computational complexity, our scheme is very fast in keyword search.

computer science, information systems,telecommunications,engineering, electrical & electronic