Public Key Encryption with Keyword Search

  • Dan Boneh
  • Giovanni Di Crescenzo
  • Rafail Ostrovsky
  • Giuseppe Persiano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3027)


We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to test whether the email contains the keyword “urgent” so that it could route the email accordingly. Alice, on the other hand does not wish to give the gateway the ability to decrypt all her messages. We define and construct a mechanism that enables Alice to provide a key to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the email without learning anything else about the email. We refer to this mechanism as Public Key Encryption with keyword Search. As another example, consider a mail server that stores various messages publicly encrypted for Alice by others. Using our mechanism Alice can send the mail server a key that will enable the server to identify all messages containing some specific keyword, but learn nothing else. We define the concept of public key encryption with keyword search and give several constructions.


Encryption Scheme Random Oracle Security Parameter Random Oracle Model Oblivious Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-Privacy in Public-Key Encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 566. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Franklin, M.: Identity-based Encryption from the Weil Pairing. SIAM J. of Computing 32(3), 586–615 (2003); Extended abstract in Kilian, J. (ed.): CRYPTO 2001. LNCS, vol. 2139, pp. 586–615. Springer, Heidelberg (2001)Google Scholar
  3. 3.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Eighth IMA International Conference on Cryptography and Coding, Royal Agricultural College, Cirencester, UK (December 2001)Google Scholar
  4. 4.
    Cachin, C., Micali, S., Stadler, M.: Computationally Private Information Retrieval with Polylogarithmic Communication Eurcrypt 1999 (1999)Google Scholar
  5. 5.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private Information Retrieval. In: FOCS (1995); (also Journal of ACM)Google Scholar
  6. 6.
    Coron, J.: On the exact security of Full-Domain-Hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. SIAM Journal on Computing (2000); Early version in proceedings of STOC 1991 (1991)Google Scholar
  8. 8.
    Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Universal service-providers for database private information retrieval. In: Proc. of the 17th Annu. ACM Symp. on Principles of Distributed Computing, pp. 91–100 (1998)Google Scholar
  9. 9.
    Di Crescenzo, G., Malkin, T., Ostrovsky, R.: Single-database private information retrieval implies oblivious transfer. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 122. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Iliev, A., Smith, S.: Privacy-enhanced credential services. Second annual PKI workshop (see also Darthmoth Technical Report TR-2003-442,
  11. 11.
    Galbraith, S.: private communicationsGoogle Scholar
  12. 12.
    Desmedt, Y.: Computer security by redefining what a computer is. In: Proceedings New Security Paradigms II Workshop, pp. 160–166 (1992)Google Scholar
  13. 13.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated public key cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Du, D.Z., Hwang, F.K.: Combinatorial Group Testing and its Applications. World Scientific, Singapore (1993)zbMATHCrossRefGoogle Scholar
  15. 15.
    Erdos, P., Frankl, P., Furedi, Z.: Families of finite sets in which no set is covered by the union of r others. Israeli Journal of Mathematics 51, 79–89 (1985)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Goh, E.: Building Secure Indexes for Searching Efficiently on Encrypted Compressed Data,
  17. 17.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation by oblivious RAMs. JACM (1996)Google Scholar
  18. 18.
    Goldreich, O., Goldwasser, S., Micali, S.: How To Construct Random Functions. Journal of the Association for Computing Machinery 33(4), 792–807 (1986)MathSciNetGoogle Scholar
  19. 19.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: Proc. of the 30th Annual ACM Symposium on the Theory of Computing, pp. 151–160 (1998)Google Scholar
  21. 21.
    Joux, A.: The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, p. 20. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single Database, Computationally-Private Information Retrieval. In: FOCS 1997 (1997)Google Scholar
  23. 23.
    Kushilevitz, E., Ostrovsky, R.: One-way Trapdoor Permutations are Sufficient for Non-Trivial Single-Database Computationally-Private Information Retrieval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 104. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. 24.
    Maniatis, P., Roussopoulos, M., Swierk, E., Lai, K., Appenzeller, G., Zhao, X., Baker, M.: The Mobile People Architecture. ACM Mobile Computing and Communications Review (MC2R) 3(3) (July 1999)Google Scholar
  25. 25.
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: Proc. of the 31th Annu. ACM Symp. on the Theory of Computing, pp. 245–254 (1999)Google Scholar
  26. 26.
    Ostrovsky, R.: Software protection and simulation on oblivious RAMs. MIT Ph.D. Thesis, 1992. Preliminary version in Proc. 22nd Annual ACM Symp. Theory Comp. (1990)Google Scholar
  27. 27.
    Ogata, W., Kurosawa, K.: Oblivious keyword search. J. of Complexity (to appear)Google Scholar
  28. 28.
    Song, D., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: Proc. of the 2000 IEEE symposium on Security and Privacy, S&P 2000 (2000)Google Scholar
  29. 29.
    Shamir, A.: Identity-based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  30. 30.
    Waters, B., Balfanz, D., Durfee, G., Smetters, D.: Building an encrypted and searchable audit log. In: NDSS 2004 (2004) (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Dan Boneh
    • 1
  • Giovanni Di Crescenzo
    • 2
  • Rafail Ostrovsky
    • 3
  • Giuseppe Persiano
    • 4
  1. 1.Stanford University 
  2. 2.Telcordia 
  3. 3.UCLA 
  4. 4.Università di Salerno 

Personalised recommendations