SPEKS: Secure Server-Designation Public Key Encryption with Keyword Search against Keyword Guessing Attacks

Public key encryption with keyword search (PEKS) is a system for realizing keyword search over encrypted data, but communication must rely on a secure channel. In PEKS, a sender would like to share data with a receiver via a storage server. For security and privacy purpose, he must upload the encrypted data to the server, and further the server can search encrypted data (sent by the sender) by using a keyword trapdoor (given by the receiver). In the literature, a new system, server-designation public key encryption with keyword search (dPEKS), is introduced to eliminate the assumption of the secure channel in PEKS. The security models are defined for trapdoor security. However, dPEKS suffers from the on-line keyword guessing attack. In this paper, we first analyze this weakness of dPEKS and enhance the security models with practical adversaries. Secondly, owing to the shown weakness, we consider and define 'original ciphertext indistinguishability' regarding the task after the server's search. Finally, we present a new framework of secure server-designation public key encryption with keyword search (SPEKS), and analyze its security.