Tree-Based Public Key Encryption with Conjunctive Keyword Search

Searchable public key encryption supporting conjunctive keyword search is an important technique in today’s cloud environment. Nowadays, previous schemes usually take advantage of forward index structure, which leads to a linear search complexity. In order to obtain better search efficiency, in this paper, we utilize a tree index structure instead of forward index to realize such schemes. To achieve the goal, we first give a set of keyword conversion methods that can convert the index and query keywords into a group of vectors and then present a novel algorithm for building index tree based on these vectors. Finally, by combining an efficient predicate encryption scheme to encrypt the index tree, a tree-based public key encryption with conjunctive keyword search scheme is proposed. The proposed scheme is proven to be secure against chosen plaintext attacks and achieves a sublinear search complexity. Moreover, both theoretical analysis and experimental result show that the proposed scheme is efficient and feasible for practical applications.

Private Predicate Encryption for Inner Product from Key-Homomorphic Pseudorandom Function

Predicate encryption (PE), formalized by Katz et al., is a new paradigm of public-key encryption that conceptually captures the public-key encryption that supports fine-grained access control policy. Because of the nature of PE, it is used for cloud storage so that users can retrieve encrypted data without revealing any information about the data to cloud servers and other users. Although lots of PE schemes have been studied, the predicate-hiding security is seldom considered; that is, the user’s secret key may leak sensitive information of the predicate. Additionally, the security of the current predicate-hiding PE schemes relies on the discrete logarithm assumption which cannot resist the quantum attacks in the future. In this paper, we propose a generic PE for inner product under symmetric-key setting, called private IPE, from specific key-homomorphic pseudorandom function (PRF). The rigorous proofs are provided to show that the construction is payload-hiding, attribute-hiding, and predicate-hiding secure. With the advantage of the generic construction, if the underlying PRF can resist quantum attacks, then, through our proposed generic construction, a quantum-resistant private IPE can be obtained.

Revocable attribute-based proxy re-encryption

Attribute-based proxy re-encryption (ABPRE), which combines the notions of proxy re-encryption (PRE) and attribute-based encryption (ABE), allows a semi-trusted proxy with re-encryption key to transform a ciphertext under a particular access policy into a ciphertext under another access policy, without revealing any information about the underlying plaintext. This primitive is very useful in applications where encrypted data need to be stored in untrusted environments, such as cloud storage. In many practical applications, and in order to address scenarios where users misbehave or the re-encryption keys are compromised, an efficient revocation mechanism is necessary for ABPRE. Previously, revocation mechanism was considered in the settings of identity-based encryption (IBE), ABE, predicate encryption (PE), and broadcast PRE, but not ABPRE, which is what we set to do in this paper. We first formalize the concept of revocable ABPRE and its security model. Then, we propose a lattice-based instantiation of revocable ABPRE. Our scheme not only supports an efficient revocation mechanism but also supports polynomial-depth policy circuits and has short private keys, where the size of the keys is dependent only on the depth of the supported policy circuits. In addition, we prove that our scheme is selectively chosen-plaintext attack (CPA) secure in the standard model, based on the learning with errors assumption.

Practical Inner Product Encryption with Constant Private Key

Inner product encryption, first introduced by Katz et al., is a type of predicate encryption in which a ciphertext and a private key correspond to an attribute vector and a predicate vector, respectively. Only if the attribute and predicate vectors satisfy the inner product predicate will the decryption in this scheme be correct. In addition, the ability to use inner product encryption as an underlying building block to construct other useful cryptographic primitives has been demonstrated in the context of anonymous identity-based encryption and hidden vector encryption. However, the computing cost and communication cost of performing inner product encryption are very high at present. To resolve this problem, we introduce an efficient inner product encryption approach in this work. Specifically, the size of the private key is only one G element and one Zp element, and decryption requires only one pairing computation. The formal security proof and implementation result are also demonstrated. Compared with other state-of-the-art schemes, our scheme is the most efficient in terms of the number of pairing computations for decryption and the private key length.

Public Key Encryption with Keyword Search in Cloud: A Survey

With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.