Witness-Based Searchable Encryption with Aggregative Trapdoor

The well-known open problem in public key encryption with keyword search is how to avoid internal adversaries as the server. Implicitly, the internal attack is implemented as follows. Upon receiving a trapdoor, the probability polynomial time internal adversary can always act as a sender to produce each ciphertext for each keyword if keyword space is bounded by a polynomial of the security parameter. Then, the adversary runs the test algorithm for the trapdoor and all produced ciphertext, and then infer the correct keyword. To overcome this problem, the original framework must be changed slightly. A fundamental goal is creates a secure bridge between the sender and receiver. It not only keeps testability of the server, but also avoids imitating a sender. Witness-based searchable encryption (WBSE) is a manner to realize the design goal. In this paper, we formalize an abstracted notion, witness-based searchable encryption with aggregative trapdoor. Under the notion, we present a nearly optimal solution for WBSE under the barrier with trapdoor size proportional to n (the number of senders). Comparing with the existing scheme with trapdoor size O(n), the proposed scheme is based on bilinear map, and offers size only in n.