Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hongbo Li,Qiong Huang,Jian Shen,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1016/j.ins.2019.01.004

IF: 8.1

2019-01-01

Information Sciences

Abstract:In encrypted email system, how to search over encrypted cloud emails without decryption is an important and practical problem. Public key encryption with keyword search (PEKS) is an efficient solution to it. However, PEKS suffers from the complex key management problem in the public key infrastructure. Its variant in the identity-based setting addresses the drawback, however, almost all the schemes does not resist against offline keyword guessing attacks (KGA) by inside adversaries. In this work we introduce the notion of designated-server identity-based authenticated encryption with keyword search (dIBAEKS), in which the email sender authenticates the message while encrypting so that no adversary including the server can launch offline KGA. Furthermore, we strengthen the security requirement so that only the designated server has the capability to search over encrypted emails for receivers. We formally define dIBAEKS and its security models, and propose two dIBAEKS constructions using Type-I and Type-III bilinear pairing, respectively. We compare our schemes with some related IBEKS schemes in the literature, and do experiments to demonstrate its efficiency. Although they are slightly less computationally efficient than but still comparable with the related schemes, our schemes provide stronger security guarantee and better protect users’ privacy.

Fucai Luo,Haiyan Wang,Changlu Lin,Xingfu Yan

DOI: https://doi.org/10.1109/tifs.2023.3301740

IF: 7.231

2023-08-19

IEEE Transactions on Information Forensics and Security

Abstract:The widespread adoption of cloud computing and the exponential growth of data highlight the need for secure data sharing and querying. Attribute-based keyword search (ABKS) has emerged as an efficient means of searching encrypted data stored in the cloud. However, existing ABKS schemes incur high end-to-end delay and are vulnerable to quantum computer attacks and/or (insider) keyword guessing attacks (KGA). To address these vulnerabilities, this paper introduces a new concept called attribute-based authenticated encryption with keyword search (ABAEKS) and proposes an efficient ABAEKS scheme. Our ABAEKS has low end-to-end delay, and is resistant to both quantum computer attacks and (insider) KGA. In addition, we formalize the security model of ABAEKS system and prove its security in the random oracle model. Finally, we conduct a comprehensive performance evaluation of ABAEKS, and the experimental results show that our ABAEKS is computationally efficient and outperforms current state-of-the-art ABKS schemes.

computer science, theory & methods,engineering, electrical & electronic

Qiong Huang,Peisen Huang,Hongbo Li,Jianye Huang,Hongyuan Lin

DOI: https://doi.org/10.1016/j.sysarc.2023.102839

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:To realize ciphertext retrieval without decryption in the public key settings, Boneh et al. in 2004 proposed a cryptographic primitive named Public-key Encryption with Keyword Search (PEKS) and proposed the first PEKS scheme. Following Boneh et al.’s work, various PEKS schemes were proposed; however, most schemes are vulnerable to inside keyword guessing attacks (IKGA). Huang and Li proposed a new primitive named Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017, which resists the IKGA in the setting of only one test server. Their main idea to resist IKGA is to require the data sender to authenticate the ciphertext while encrypting a keyword. However, in the era of big data, as the number of encrypted files increases, huge storage overhead and heavy retrieval costs become problems in PAEKS. In this paper, we proposed a new PAEKS scheme that costs low storage space and supports fast search. We introduced the ciphertext deduplication into PAEKS to reduce storage space and leveraged the inverted index to accelerate the retrieval process. We simulated the proposed scheme and several related schemes with a desktop computer. The experiment results show that our proposed scheme is of lower storage overhead and higher retrieval efficiency compared with related schemes.

Haorui Du,Jianhua Chen,Fei Lin,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2309834

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Cloud computing can provide users with sufficient computing resources, storage, and bandwidth to meet their needs. Data security and privacy protection are among the new threats faced by users. Searchable encryption is the combination of search technology and encryption technology. Searchable encryption can upload the user’s data to the cloud server after special encryption, and can realize the function of retrieving according to keywords. Comparatively to symmetric searchable encryption (SSE), public key searchable encryption (PEKS) simplifies key management greatly. However, most existing public key authenticated encryption with keyword search (PAEKS) schemes are based bilinear pairing, making them computationally expensive. Apart from this, complex retrieval requirements and the integrity of the results had not been considered. To address these problems, we propose a blockchain-based PAEKS schemes supporting multi-keyword queries and integrity verification. In addition, we provide security proofs for the PAEKS scheme under the decisional oracle Diffie-Hellman (DODH) assumption. This scheme a scheme that requires less storage and computational power than other schemes of the same kind.

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Guiquan Yang,Sha Ma,Hongbo Li,Husheng Yang,Qiong Huang

DOI: https://doi.org/10.1007/978-981-97-0942-7_15

2024-01-01

Abstract:To efficiently and securely search encrypted files in cloud storage, Boneh et al. proposed the notion of Public Key Encryption with Keyword Search(PEKS) in 2004. However, original PEKS is susceptible to internal keyword guessing attacks(KGA) launched by server due to the limited keyword space. To resist this attack, Huang and Li introduced the notion of Public Key Authenticated Encryption with Keyword Search (PAEKS), which effectively resists KGA from server by additional authentication between the sender and receiver before encryption. Since both the sender and receiver can generate a common authentication key, a curious sender can use the authentication key to launch KGA, resulting in easily guessing keyword from a given trapdoor. To address this issue, we propose an improved security model for PAEKS that captures both offline KGA and online KGA launched by the curious sender. Then, we present a concrete Stronger Security Public Key Authenticated Encryption with Multi-keyword Search (S-PAEMKS) scheme, which not only supports multi-keyword search but also successfully counters KGA from curious senders. Finally, the experimental results show that our scheme achieves remarkable efficiency in the encryption phase and comparable efficiency in the trapdoor and testing phases.

Liqing Chen,Jiayi Li,Jiguo Li,Jian Weng

DOI: https://doi.org/10.1109/tifs.2024.3484155

IF: 7.231

2024-11-02

IEEE Transactions on Information Forensics and Security

Abstract:In recent years, many cloud service providers adopt the pay-per-query model to offer paid search services to the public. The data owner rents the resources of cloud service providers and charges the data user a fee based on the data volume to be queried. While this commercial model offers flexibility, convenience, and cost-effectiveness, it comes with a significant vulnerability to data breaches. Public-key authentication encryption with keyword search (PAEKS) is a technology which is well applied in the pay-per-query model. But there is no PAEKS scheme applicable to this scenario. For this purpose, we present public-key authentication encryption with similar data search for pay-per-query (PAESS) and construct the first idiographic scheme PAESS-I. PAESS-I utilizes Shamir secret sharing and locality sensitive hashing to implement similar data search, has the verifiability of results, adds the charge function to prevent cloud servers and data users from colluding to deny deductions. We propose the second scheme PAESS-II based on PAESS-I, which is a mobile-friendly lightweight PAESS. Our second scheme operates in the pay-per-query model without pairing and exponential operations. PAESS-I satisfies ciphertext indistinguishability and trapdoor indistinguishability, and sacrifices the computational performance in favor of the pay-per-query model. The optimized PAESS-II is resistant to adaptively-chosen-targets attack, and satisfies ciphertext indistinguishability and trapdoor indistinguishability. PAESS-II distinguishes itself from other existing similar schemes by having the same characteristics as PAESS-I, along with the benefits when it comes to the calculation cost.

computer science, theory & methods,engineering, electrical & electronic

Z. H. E. JIANG,K. A. ZHANG,L. I. A. N. G. L. I. A. N. G. WANG,J. I. A. N. T. I. N. G. NING

DOI: https://doi.org/10.1093/comjnl/bxac075

2023-01-01

Abstract:Public key encryption with keyword search is a promising primitive which enables search over encrypted data in secure data outsourcing services. In traditional construction, the associated keywords may be recovered from a given trapdoor by a malicious server through keyword guessing attacks. Therefore, the notion of public-key authenticated encryption with keyword search (PAEKS) was introduced, where a sender encrypts (and authenticates) the keywords using a receiver's public key and its secret key. In this paper, we consider the forward security for PAEKS and introduce a new primitive: forward secure public-key authenticated encryption with keyword search (FS-PAEKS), which captures the information leakage risk from previously issued queries due to the updates on the outsourced data. Technically, we embed a non-interactively agreed key into the cipher-keyword generation algorithm, and bind the cipher-keyword and the trapdoor with a set converted from algorithm-generation time. Finally, we present an efficient FS-PAEKS scheme supporting conjunctive query, and prove its forward security against chosen keyword attacks and keyword guessing attacks. To illustrate practical performance, we implement our FS-PAEKS and related PAEKS schemes based on Enron dataset in real cloud environment.

Xiaotong Zhou,Debiao He,Jianting Ning,Min Luo,Xinyi Huang

DOI: https://doi.org/10.1109/tnse.2023.3300716

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Cloud-assisted Industrial Internet of Things (IIoT) gathers and analyzes multiple types of data (such as ambient and mechanical data) from physical devices to improve intelligent manufacturing. However, the heavy requirements for data storage and sharing have led to increased demands for efficiency and security in the IIoT system. Public-key Encryption with Keyword Search (PEKS) is an encryption method that provides both data confidentiality and efficient retrieval. Unfortunately, inside keyword guessing attacks (IKGA) have been a persistent issue in PEKS. To resist this attack, Public-key Authenticated Encryption with Keyword Search (PAEKS) has been developed. However, the existing PAEKS schemes are generally proven under intractability assumptions, such as Decisional Bilinear Diffie-Hellman (DBDH) and modified Decision Linear (mDLIN) assumptions, or they involve costly bilinear pairing operations, or rely on two non-colluded cloud servers, which are not suitable for large-scale IIoT applications. In this article, we propose a secure and efficient PAEKS scheme with only one server for cloud-assisted IIoT. Our proposal achieves the IKGA-secure property (i.e., it satisfies the trapdoor privacy and multi-ciphertext indistinguishability) and sidesteps the bilinear pairing operation. Our performance analysis demonstrates the feasibility of our scheme in IIoT by significantly improving computation efficiency (at least 21.97 times) with similar communication overhead.

Venkata Bhikshapathi Chenam,Suneeth Yadav Tummala,Syed Taqi Ali

DOI: https://doi.org/10.1007/s12083-023-01618-2

IF: 3.488

2024-02-09

Peer-to-Peer Networking and Applications

Abstract:Public Key Encryption with Keyword Search (PEKS) is a promising cryptographic primitive that allows searching over encrypted data in secure data outsourcing services. Initially, several PEKS schemes were developed for conjunctive keyword search, but they relied on certain assumptions regarding keyword fields. To address this limitation, an Efficient Public-Key Encryption with Field-free Conjunctive Keyword Search (PEFCK) scheme was introduced in 2015. PEFCK enables conjunctive keyword search without any specific ordering of the keywords. However, PEFCK is vulnerable to keyword guessing attacks (KGA), which compromise its security. To overcome the KGA vulnerability, we propose a new scheme called Public Key Authenticated Encryption with Field-free Subset Conjunctive and Disjunctive Keyword Search (PAEFSCDKS), which leverages the mathematical concept of Lagrange Polynomials. This scheme incorporates three key features: 1) Sender Authentication: The sender encrypts the keywords using both the receiver's public key and its private key, ensuring sender authenticity and integrity. 2) Secure Channel-free: Unlike traditional approaches, our scheme does not require a secure channel to transfer data from the receiver to the cloud server. This eliminates the need for additional secure communication overhead. 3) Subset Conjunctive and Disjunctive Keyword Search: The receiver can perform queries that involve both subset conjunctive and disjunctive keywords, enabling more flexible and powerful searches. Furthermore, we demonstrate that our proposed scheme achieves provable security under index indistinguishability and trapdoor indistinguishability against both internal and external adversaries. Finally, through performance analysis, we show that our proposed scheme outperforms similar PEKS schemes in terms of both theoretical and experimental evaluations.

computer science, information systems,telecommunications

Mohammed Raouf Senouci,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1007/978-981-99-9331-4_29

2024-01-01

Abstract:Nowadays, users prefer to encrypt their sensitive data before outsourcing it to the cloud. although, performing the encryption assures the data privacy, but it jeopardizes the search functionality. Public key encryption with keyword search (PEKS) is a potential solution for addressing this problem. However, most PEKS schemes are either inefficient, or susceptible to some type of attack(s) (i.e. inside keyword guessing attack, outside keyword guessing attack, ...etc.). Therefore, we propose a sustainable certificateless authenticated encryption system with keyword search scheme. To the best of our knowledge, the proposed scheme considers the multi-trapdoor indistinguishability in the certificateless primitive. Moreover, a thorough security analysis shows that our scheme also guarantees the security against both online and offline keyword guessing attacks. Finally, based on the performance analysis results, we find that the suggested scheme is efficient and outperforms the other schemes.

Liwang Sun,Zhenfu Cao,Xiaolei Dong,Jiachen Shen,Miao Wang,Jiasheng Chen

DOI: https://doi.org/10.1016/j.sysarc.2023.103007

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:Modern Industrial Internet of Things (IIoT) technologies, such as smart grids, 5G-enabled unmanned aerial vehicles (UAV), and supply chain 4.0, can be leveraged to promote intelligent management. Yet, IIoT systems create enormous volumes of data that must be outsourced to the cloud for storage and to provide end-users with search capabilities. The outsourcing of IIoT data to a third-party cloud service provider (CSP) creates a number of data leakage issues. Recently, Certificateless Authenticated Encryption with Keyword Search (CLAEKS) was proposed to address the issue of encrypted data querying in cloud-assisted IIoT. But so far, the majority of existing techniques depend on expensive bilinear pairing, and they are all single-receiver. In addition, these methods are extremely vulnerable to keyword guessing attacks and do not hide the search pattern, making it simple for an attacker to deduce the search content. In this paper, we present a rapid and trustworthy designed-tester multi-recipient CLAEKS (dMCLAEKS) protocol with the numerous advantages: (1) no expensive bilinear pairing procedures; (2) supporting for ciphertexts with multiple recipients; (3) defending against Inside Keyword Guess Attacks (IKGA); (4) incapability to determine search pattern. A comparative between our suggested scheme and other similar schemes is also offered to demonstrate that the proposed method is stronger overall.

Pan Yang,Hongbo Li,Jianye Huang,Hao Zhang,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.future.2023.03.002

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Public-key Authenticated Encryption with Keyword Search (PAEKS) is a cryptographic primitive that can resist inside keyword guessing attack (KGA). However, most of the previously proposed PAEKS frameworks suffered from certificate management problem and key escrow problem. Inspired by the ideas of certificate-based cryptography, we propose a secure-channel free certificateless searchable public key authenticated encryption with keyword search (SCF-CLPAEKS) scheme which sloves the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems. Our scheme achieves security against keyword guessing attacks are performed by both inside and outside adversaries. Moreover, our scheme satisfies ciphertext indistinguishability (CI), trapdoor indistinguishability (TI), and designated testability simultaneously. The comparisons indicate that our SCF-CLPAEKS scheme enjoys a better performance compared with related schemes.

Raylin Tso,Kaibin Huang,Yu-Chi Chen,Sk Md Mizanur Rahman,Tsu-Yang Wu

DOI: https://doi.org/10.1109/access.2020.3017745

IF: 3.9

2020-01-01

IEEE Access

Abstract:Chen et al. indicated the inner keyword guessing attack coming from the low entropy of keywords, which eliminates the semantic security of most keyword search schemes. Then, they accordingly propose the first dual-server PEKS scheme (abbreviated as DS-PEKS) and its related security models to prevent such attacks. In the DS-PEKS architecture, two non-collusive servers must corporate to execute the keyword search procedure. No individual server has the capability of determining the equivalence between keywords alone, and thus the inner keyword guessing attacks can be avoided. In this article, we found that the security models are lack of soundness and strength, so our first result is to define new stronger and sounder security models which implies all security aspects of original models. Secondly, we also propose a generic construction of DS-PEKS schemes based on IND-CCA2 secure PKE schemes. Finally, we analyze the newly proposed DS-PEKS scheme, and proof its security with the stronger models based on the IND-CCA2 security in the standard model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rongmao Chen,Yi Mu,Guomin Yang,Fuchun Guo,Xiaofen Wang

DOI: https://doi.org/10.1109/tifs.2015.2510822

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption is of increasing interest for protecting the data privacy in secure searchable cloud storage. In this paper, we investigate the security of a well-known cryptographic primitive, namely, public key encryption with keyword search (PEKS) which is very useful in many applications of cloud storage. Unfortunately, it has been shown that the traditional PEKS framework suffers from an inherent insecurity called inside keyword guessing attack (KGA) launched by the malicious server. To address this security vulnerability, we propose a new PEKS framework named dual-server PEKS (DS-PEKS). As another main contribution, we define a new variant of the smooth projective hash functions (SPHFs) referred to as linear and homomorphic SPHF (LH-SPHF). We then show a generic construction of secure DS-PEKS from LH-SPHF. To illustrate the feasibility of our new framework, we provide an efficient instantiation of the general framework from a Decision Diffie-Hellman-based LH-SPHF and show that it can achieve the strong security against inside the KGA.

Run Xie,Chanlian He,Yu He,Chunxiang Xu,Kun Liu

DOI: https://doi.org/10.1007/978-3-319-69605-8_17

2016-01-01

Abstract:With networking became prevalent, the amount of data to be stored and managed on networked servers rapidly increases. Meanwhile, with the improvement of awareness of data privacy, the user’s sensitive data is usually encrypted before uploading them to the cloud server. The searchable public-key encryption provides an efficient mechanism to achieve data retrieval in encrypted storage. Therefore, it is a critical technique on promoting secure and efficient cloud storage. Unfortunately, only few the existing schemes are secure to resist outside keyword guessing attacks. In this paper, we propose two efficient searchable public-key encryption schemes with a designated tester (dPEKS). One is a basic dPEKS, where the dPEKS ciphertext indistinguishability is proved without the random oracle. Meanwhile, the basic scheme is secure to resist the outside KGA since it satisfies the property of trapdoor indistinguishability. Comparing with the existing dPEKS schemes which use expensive pairing computation, our scheme is more efficient since we only need multi-exponentiation. Another is an enhanced dPEKS scheme. With the sender’s identity is kept secret from server, this scheme can provide stronger security.

Qiong Huang,Hongbo Li

DOI: https://doi.org/10.1016/j.ins.2017.03.038

IF: 8.1

2017-01-01

Information Sciences

Abstract:How to efficiently search over encrypted data is an important and interesting problem in the cloud era. To solve it, Boneh et al. introduced the notion of public key encryption with keyword search (PEKS), in 2004. However, in almost all the PEKS schemes an inside adversary may recover the keyword from a given trapdoor by exhaustively guessing the keywords offline. How to resist the inside keyword guessing attack in PEKS remains a hard problem. In this paper we propose introduce the notion of Public-key Authenticated Encryption with Keyword Search (PAEKS) to solve the problem, in which the data sender not only encrypts a keyword, but also authenticates it, so that a verifier would be convinced that the encrypted keyword can only be generated by the sender. We propose a concrete and efficient construction of PAEKS, and prove its security based on simple and static assumptions in the random oracle model under the given security models. Experimental results show that our scheme enjoys a comparable efficiency with Boneh et al.’s scheme.

Rongmao Chen,Yi Mu,Guomin Yang,Fuchun Guo,Xinyi Huang,Xiaofen Wang,Yongjun Wang

DOI: https://doi.org/10.1109/tifs.2016.2599293

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive for secure searchable data encryption in cloud storage. Unfortunately, it is inherently subject to the (inside) offline keyword guessing attack (KGA), which is against the data privacy of users. Existing countermeasures for dealing with this security issue mainly suffer from low efficiency and are impractical for real applications. In this paper, we provide a practical and applicable treatment on this security vulnerability by formalizing a new PEKS system named server-aided public key encryption with keyword search (SA-PEKS). In SA-PEKS, to generate the keyword ciphertext/trapdoor, the user needs to query a semitrusted third-party called keyword server (KS) by running an authentication protocol, and hence, security against the offline KGA can be obtained. We then introduce a universal transformation from any PEKS scheme to a secure SA-PEKS scheme using the deterministic blind signature. To illustrate its feasibility, we present the first instantiation of SA-PEKS scheme by utilizing the Full Domain Hash RSA signature and the PEKS scheme proposed by Boneh et al. in Eurocrypt 2004. Finally, we describe how to securely implement the client-KS protocol with a rate-limiting mechanism against online KGA and evaluate the performance of our solutions in experiments.

Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.