Verifiable and Forward Secure Dynamic Searchable Symmetric Encryption with Storage Efficiency

  • Kazuki Yoneyama
  • Shogo Kimura
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10631)


Searchable symmetric encryption (SSE) provides private searching over an encrypted database against an untrusted server. Though various SSE schemes have been studied, recently, it is shown that most of existing schemes are vulnerable to file injection attacks. At ACM CCS 2016, Bost proposed a forward secure SSE scheme to resist such attacks, called \({\varSigma }{o}{\phi }{o}{\varsigma }\). Besides the basic scheme (\({\varSigma }{o}{\phi }{o}{\varsigma }\)) secure against semi-honest servers, a verifiable scheme ( Open image in new window ) secure against malicious servers is also introduced. In Open image in new window , each client keeps hash values of indexes of documents corresponding to each keyword. Thus, the client storage cost is higher than for \({\varSigma }{o}{\phi }{o}{\varsigma }\), and the hash table must be reconstructed when a new document is added. Also, since any security definition and proof of security against malicious servers are not provided, what Open image in new window guarantees against malicious server is unclear. In this paper, we propose a new verifiable and forward secure SSE scheme against malicious servers. An advantage of our scheme to Open image in new window is the client storage cost; that is, our scheme only needs the same storage cost as \({\varSigma }{o}{\phi }{o}{\varsigma }\). Our key idea is to bind each index and keyword with a tag generated by an algebraic pseudo-random function, and to store the tag to the server as well as the encrypted index on an update phase. The client can efficiently check validity of answers to search queries by verifying the combined tag thanks to closed form efficiency of the algebraic pseudo-random function; and thus, the client does not need to keep the hash table. Also, we formally prove security against malicious servers. Specifically, we show that our scheme satisfies the strong reliability definition.


Searchable symmetric encryption Forward security Algebraic pseudo-random function Strong reliability 


  1. 1.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy 2000, pp. 44–55 (2000)Google Scholar
  2. 2.
    Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM Conference on Computer and Communications Security 2006, pp. 79–88 (2006)Google Scholar
  3. 3.
    Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: ACM Conference on Computer and Communications Security 2012, pp. 965–976 (2012)Google Scholar
  4. 4.
    Kurosawa, K., Ohtaki, Y.: UC-secure searchable symmetric encryption. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 285–298. Springer, Heidelberg (2012). Scholar
  5. 5.
    Kurosawa, K., Ohtaki, Y.: How to update documents Verifiably in searchable symmetric encryption. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 309–328. Springer, Cham (2013). Scholar
  6. 6.
    Kurosawa, K., Sasaki, K., Ohta, K., Yoneyama, K.: UC-secure dynamic searchable symmetric encryption scheme. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 73–90. Springer, Cham (2016). Scholar
  7. 7.
    Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: NDSS 2012 (2012)Google Scholar
  8. 8.
    Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: ACM Conference on Computer and Communications Security 2015, pp. 668–679 (2015)Google Scholar
  9. 9.
    Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of file-injection attacks on searchable encryption. In: USENIX Security Symposium 2016, pp. 707–720 (2016)Google Scholar
  10. 10.
    Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005). Scholar
  11. 11.
    Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: NDSS 2014 (2014)Google Scholar
  12. 12.
    Bost, R., Fouque, P.A., Pointcheval, D.: Verifiable dynamic symmetric searchable encryption: optimality and forward security. In: IACR Cryptology ePrint Archive 2016 (2016)Google Scholar
  13. 13.
    Bost, R.: \(\Sigma o \phi o \varsigma \): forward secure searchable encryption. In: ACM Conference on Computer and Communications Security 2016, pp. 1143–1154 (2016)Google Scholar
  14. 14.
    Benabbas, S., Gennaro, R., Vahlis, Y.: Verifiable delegation of computation over large datasets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 111–131. Springer, Heidelberg (2011). Scholar
  15. 15.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: FOCS 1997, pp. 458–467 (1997)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Ibaraki UniversityHitachi-shiJapan

Personalised recommendations