Lattice-based proxy-oriented identity-based encryption with keyword search for cloud storage

•We propose an efficient proxy-oriented identity-based encryption with keyword search scheme (PO-IBEKS) from lattices.•PO-IBEKS enables an original data owner authorizes a proxy to encrypt sensitive data as well as corresponding keywords and upload them to clouds.•PO-IBEKS can resist against insider...

Full description

Saved in:
Bibliographic Details
Published in:Information sciences 2019-08, Vol.494, p.193-207
Main Authors: Zhang, Xiaojun, Tang, Yao, Wang, Huaxiong, Xu, Chunxiang, Miao, Yinbin, Cheng, Hang
Format: Article
Language:English
Subjects:
Identity-based encryption
Inside keyword guessing attacks
Keyword search
Lattices
Post-quantum secure
Proxy-oriented
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•We propose an efficient proxy-oriented identity-based encryption with keyword search scheme (PO-IBEKS) from lattices.•PO-IBEKS enables an original data owner authorizes a proxy to encrypt sensitive data as well as corresponding keywords and upload them to clouds.•PO-IBEKS can resist against insider keyword guessing attacks (IKGA).•PO-IBEKS can achieve ciphertext indistinguishability, existential unforgeability, and delegation security.•PO-IBEKS is much more practical in post-quantum secure cloud storage systems compared with existing schemes. Public-key encryption with keyword search (PEKS) enables users to search over encrypted data and retrieve target data efficiently. However, most of existing PEKS schemes are vulnerable to adversaries equipped with quantum computers in the near future, and even incur complex certificate management procedures due to the public key infrastructure (PKI). To this end, we propose a proxy-oriented identity-based encryption with keyword search (PO-IBEKS) scheme from lattices for cloud storage, which is post-quantum secure. In PO-IBEKS, an original data owner authorizes a proxy to encrypt sensitive data as well as corresponding keywords and upload ciphertexts to clouds, which alleviates the data processing burden on the original data owner. Besides, PO-IBEKS can resist inside keyword guessing attacks (IKGA) from misbehaved cloud servers by integrating the learning with errors (LWE) encryption and preimage sampleable function. Each entity in PO-IBEKS is identified with her/his recognizable information, thereby eliminating managing certificates. Formal security analysis proves that PO-IBEKS can achieve ciphertext indistinguishability, existential unforgeability, and delegation security. Experimental results demonstrate PO-IBEKS is much more practical when compared with existing schemes.
ISSN:0020-0255
1872-6291
DOI:10.1016/j.ins.2019.04.051