Decryptable Searchable Encryption

  • Thomas Fuhr
  • Pascal Paillier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4784)

Abstract

As such, public-key encryption with keyword search (a.k.a PEKS or searchable encryption) does not allow the recipient to decrypt keywords i.e. encryption is not invertible. This paper introduces searchable encryption schemes which enable decryption. An additional feature is that the decryption key and the trapdoor derivation key are totally independent, thereby complying with many contexts of application. We put forward a seemingly optimal construction for decryptable searchable encryption which makes use of one KEM, one IDKEM and a couple of hash functions. We define a proper security model for decryptable searchable encryption and show that basic security requirements on the underlying KEM and IDKEM are enough for our generic construction to be strongly secure in the random oracle model.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: Consistency properties, relation to anonymous ibe, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 205–222. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Abe, M., Gennaro, R., Kurosawa, K., Shoup, V.: Tag-kem/dem: A new framework for hybrid encryption and a new analysis of the kurosawa-desmedt kem. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 426–442. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)Google Scholar
  6. 6.
    Boyen, X.: Multipurpose identity-based signcryption (a swiss army knife for identity-based cryptography). In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 383–399. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap diffie-hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)Google Scholar
  8. 8.
    Chen, L., Cheng, Z., Malone-Lee, J., Smart, N.P.: An efficient ID-KEM based on the sakai-kasahara key construction. In: Cryptology ePrint Archive, Report 2005/224 (2005), http://eprint.iacr.org/
  9. 9.
    Coron, J.-S., Handschuh, H., Joye, M., Paillier, P., Pointcheval, D., Tymen, C.: Optimal chosen-ciphertext secure encryption of arbitrary-length messages. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 17–33. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen-ciphertext attacks. SIAM Journal on Computing 33(1), 167–226 (2003)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    ElGamal, T.: A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Fuhr, T., Paillier, P.: Decryptable searchable encryption. Cryptology ePrint Archive  (2007), http://eprint.iacr.org/
  13. 13.
    Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Okamoto, T., Pointcheval, D.: The gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)Google Scholar
  15. 15.
    Paillier, P., Vergnaud, D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Paillier, P., Villar, J.: Trading one-wayness against chosen-ciphertext security in factoring-based encryption. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 252–266. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Paillier, P.: Impossibility proofs for RSA signatures in the standard model. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 31–48. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Pointcheval, D.: Chosen-ciphertext security for any one-way cryptosystem. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 129–146. Springer, Heidelberg (2000)Google Scholar
  19. 19.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Thomas Fuhr
    • 1
  • Pascal Paillier
    • 2
  1. 1.Direction Centrale de la Sécurité des Systèmes d’Information 
  2. 2.Cryptography & Innovation, Gemalto Security Labs 

Personalised recommendations