Blockchain-enabled one-to-many searchable encryption supporting designated server and multi-keywords for Cloud-IoMT

In smart wards, data generated by wearables and monitoring devices are periodically transferred to the cloud server for long-term logging and subsequent access. Remote cloud storage inevitably raises security and access control challenges. Encryption can secure data but may severely impact the value generated by sharing data. More importantly, the privacy leakage caused by keyword searches is unacceptable for medical data. The designated-server public-key encryption with keyword search (dPEKS) can realize ciphertext-based search. However, existing dPEKS face an efficiency bottleneck as they only achieve one-to-one data sharing. In addition, cloud-controlled access control creates over-centralized power. In contrast, using blockchain to control who can search has the extra benefit that the blockchain can record access behavior for subsequent tracking. Therefore, this paper proposes a blockchain-assisted dPEKS (BC-dPEKS) scheme, which exploits a permissioned blockchain to perform trapdoor generation on behalf of data users and record data uploading and access for tracing. To the best of our knowledge, this is the first scheme to tightly integrate blockchain to change PEKS primitive to achieve one-to-many search. Formal security models, the corresponding security proofs, and comprehensive performance analysis are presented.