Improved Security Model for Public-Key Authenticated Encryption with Keyword Search

The motivation of public-key authenticated encryption with keyword search (PAEKS) was to resist against inside keyword guessing attacks. Its security model captures both cipher-keyword indistinguishability (CI-security) and trapdoor indistinguishability (TI-security). Recently, this security model was extended from one-user settings to multi-user settings, or from one cipher-keyword indistinguishability to multiple cipher-keyword indistinguishability, making it more practical. However, none of previous CI-security model for PAEKS scheme captures fully chosen keyword to cipher-keyword (CKC) attacks, in which an attacker may obtain cipher-keywords of any keyword (even a challenge keyword) of his choice. Due to this, the paper introduces an improved CI-security model for PAEKS to capture fully CKC attacks in a multi-user setting, and proves that CI-security against fully CKC attacks implies multiple cipher-keyword indistinguishability. Then, the paper proves that some previous PAEKS schemes cannot achieve CI-security under fully CKC attacks. Next, the paper proposes a new PAEKS scheme and proves its CI-security in the improved security model. Finally, the paper demonstrates its comparable security guarantees and computational efficiency by comparing it with previous PAEKS schemes.