P2KASE A2-privacy-preserving key aggregate searchable encryption supporting authentication and access control on multi-delegation

Delegation is a technique that allows a subject receiving a delegation (the delegatee) to act on behalf of the delegating subject (the delegator). Although the existing Key Aggregate Searchable Encryption (KASE) schemes support delegation of search rights over any set of ciphertexts using a key of constant-size, two critical issues still should be considered. Firstly, an adversary can intercept the aggregate key or query trapdoor from the insecure communication channels involving the cloud server and impersonate as an authorized user to the server for accessing the data. Secondly, the existing KASE schemes only discuss the delegation of rights from the data owner to other users. However, if a subject receiving a delegation cannot perform the time-critical task on the shared data because of the unavailability, it becomes necessary for the delegatee to further delegate his received rights to another user. In this paper, we propose a novel KASE scheme that allows a fine-grained multi-delegation, i.e., if the attributes of the delegatee satisfy the hidden access policy (defined by the data owner), the delegatee can delegate his received rights to another user, without compromising data privacy. The proposed scheme provides security against the impersonation attack by verifying the user's authentication.