Provably secure public-key encryption with conjunctive and subset keyword search

  • Oriol Farràs
  • Jordi Ribes-GonzálezEmail author
regular contribution


Public-key encryption with keyword search (PEKS) schemes enable public key holders to encrypt documents, while the secret key holder is able to generate queries for the encrypted data. In this paper, we present two PEKS schemes with extended functionalities. The first proposed scheme supports conjunctive queries. That is, it enables searching for encrypted documents containing a chosen list of keywords. We prove the computational consistency of our scheme, and we prove security under the asymmetric DBDH assumption. We show that it improves previous related schemes in terms of efficiency and in terms of index and trapdoor size. The second proposed scheme supports subset queries and some more general predicates. We prove the computational consistency of our scheme, and we prove our scheme secure under the p-BDHI assumption. We show that it improves previous related schemes in terms of efficiency and expressiveness. Moreover, unlike previous related schemes, it admits an arbitrary keyword space.


Searchable encryption Conjunctive keyword search Subset keyword search Public-key encryption with keyword search 



This study was funded by the European Commission (H2020-ICT-2014-1-644024 “CLARUS”), by the Government of Spain (TIN2014-57364-C2-1-R and TIN2016-80250-R “Sec-MCloud”) and by the Government of Catalonia (Grant 2014 SGR 537).

Compliance with ethical standards

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical standard

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. 1.
    Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: CRYPTO’05, pp. 205–222 (2005)Google Scholar
  2. 2.
    Aranha, D.F., Barreto, P.S.L.M., Longa, P., Ricardini, J.E.: The realm of the pairings. In: SAC’13, v.8282, pp. 3–25 (2014)Google Scholar
  3. 3.
    Baek, J., Safavi-Naini, R., Susilo, W.: Public key encryption with keyword search revisited. In: ICCSA’08, vol. 5072, pp. 1249–1259 (2008)Google Scholar
  4. 4.
    Ballard, L., Kamara, S., Monrose, F.: Achieving efficient conjunctive keyword searches over encrypted data. In: ICICS’05, vol. 3783, pp. 414–426 (2005)Google Scholar
  5. 5.
    Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: CRYPTO’02, Springer, pp. 354–368 (2002)Google Scholar
  6. 6.
    Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Advances in Cryptology—EUROCRYPT 2014, LNCS 8441. Springer, pp. 1–16 (2014)Google Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS’93. ACM, New York, NY, USA, pp. 62–73 (1993)Google Scholar
  8. 8.
    Boneh, D., Boyen, X.: Efficient selective identity-based encryption without random oracles. J. Cryptol. 24(4), 659–693 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In EUROCRYPT’04, LNCS, vol. 3027. Springer, pp. 506–522 (2004)Google Scholar
  10. 10.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: TCC’07. Springer, pp. 535–554 (2007)Google Scholar
  12. 12.
    Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. In: ACM Computing Surveys, vol. 47(2), pp. 18:1–18:51 (2014)Google Scholar
  13. 13.
    Byun, J.W., Lee, D.H.: On a security model of conjunctive keyword search over encrypted relational database. J. Syst. Softw. 84(8), 1364–1372 (2011)CrossRefGoogle Scholar
  14. 14.
    Byun, J.W., Lee, D.H., Lim, J.: Efficient conjunctive keyword search on encrypted data storage system. In: EuroPKI ’06, vol. 4043. Springer, pp. 184–196 (2006)Google Scholar
  15. 15.
    Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)CrossRefGoogle Scholar
  16. 16.
    Chen, Z., Wu, C., Wang, D., Li, S.: Conjunctive keywords searchable encryption with efficient pairing, constant ciphertext and short trapdoor. In: PAISI’12. Springer, pp. 176–189 (2012)Google Scholar
  17. 17.
    Chen, Y., Zhang, J., Lin, D., Zhang, Z.: Generic constructions of integrated PKE and PEKS. Des. Codes Cryptogr. 78(2), 493–526 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    D.MAYA.6: final report on main computational assumptions in cryptography. ECRYPT II Project co-funded by the European Commission within the 7th Framework Programme, ICT-2007-216676.
  19. 19.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Appl. Math. 156(16), 3113–3121 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: ACNS 2004, vol. 3089. Springer, pp. 31–45 (2004)Google Scholar
  21. 21.
    Hwang, Y.H., Lee, P.J.: Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Pairing’07. Springer, pp. 2–22 (2007)Google Scholar
  22. 22.
    Joux, A.: A one round protocol for tripartite Diffie–Hellman. In: ANTS-IV. Springer, pp. 385–394 (2000)Google Scholar
  23. 23.
    Jeong, I.R., Kwon, J.O., Hong, D., Lee, D.H.: Constructing PEKS schemes secure against keyword guessing attacks is possible? Comput. Commun. 32(2), 394–396 (2009)CrossRefGoogle Scholar
  24. 24.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. J. Cryptol. 26(2), 191–224 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Kiltz, E., Galindo, D.: Direct chosen-ciphertext secure identity-based key encapsulation without random oracles. Theor. Comput. Sci. 410(47–49), 5093–5111 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Libert, B., Quisquater, J.-J.: On constructing certificateless cryptosystems from identity based encryption. In: PKC 2006, vol. 3958, pp. 474–490 (2006)Google Scholar
  27. 27.
    Lynn, B.: PBC library. The pairing-based cryptography library. Accessed 24 Sept 2016
  28. 28.
    Liu, C., Zhu, L., Wang, M., Tan, Y.A.: Search pattern leakage in searchable encryption: attacks and new construction. Inf. Sci. Int. J. 265, 176–188 (2014)Google Scholar
  29. 29.
    Miller, V.S.: Short programs for functions on curves. Unpublished, 1986. l. Algebra Eng., Commun. Comput. 17, 5, 379–392 (2006)
  30. 30.
    Park, D.J., Cha, J., Lee, P.J.: Searchable keyword-based encryption. In: IACR Cryptology ePrint Archive, 367 (2005).
  31. 31.
    Park, D.J., Kim, K., Lee, P.J.: Public key encryption with conjunctive field keyword search. In: WISA’04, pp. 73–86 (2004)Google Scholar
  32. 32.
    Rhee H.S., Park J.H., Susilo W., Lee D.H.: Improved searchable public key encryption with designated tester. In ASIACCS’09. ACM, pp. 376–379 (2009)Google Scholar
  33. 33.
    Rhee, H.S., Park, J.H., Susilo, W., Lee, D.H.: Trapdoor security in a searchable public-key encryption scheme with a designated tester. J. Syst. Softw. 83(5), 763–771 (2010)CrossRefGoogle Scholar
  34. 34.
    Scott, M., Barreto, P.S.L.M.: Compressed pairings. CRYPTO 2004, LNCS 3152. Springer, pp. 140–156 (2004)Google Scholar
  35. 35.
    Shi, E., Bethencourt, J., Hubert Chan, T.H., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, USA, pp. 350–364 (2007)Google Scholar
  36. 36.
    Shikfa, A., Önen, M., Molva, R.: Privacy and confidentiality in context-based and epidemic forwarding. Comput. Commun. 33(13), 1493–1504 (2010)CrossRefGoogle Scholar
  37. 37.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: SP’00, IEEE Computer Society, p. 44 (2000)Google Scholar
  38. 38.
    Tibouchi, M.: A note on hashing to BN curves. In: SCIS. IEICE (2012)Google Scholar
  39. 39.
    Waters, B.: Efficient identity-based encryption without random oracles. In: EUROCRYPT 2005, vol. 3494. Springer, pp. 114–127 (2005)Google Scholar
  40. 40.
    Wang, T., Au, M.H., Wu, W.: An efficient secure channel free searchable encryption scheme with multiple keywords. In: NSS 2016: Network and System Security, pp. 251–265 (2016)Google Scholar
  41. 41.
    Waters, B., Balfanz, D., Durfee, G., Smetters, D.: Building an encrypted and searchable audit log. In: NDSS (2004)Google Scholar
  42. 42.
    Zhang, B., Zhang, F.: An efficient public key encryption with conjunctive-subset keywords search. J. Netw. Comput. Appl. 34(1), 262–267 (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Universitat Rovira i VirgiliTarragonaSpain

Personalised recommendations