Searchable Public-Key Encryption with Cryptographic Reverse Firewalls for Cloud Storage

In order to protect data privacy in cloud storage, sensitive data is encrypted before being uploaded to a cloud server. How to retrieve ciphertext safely and effectively has become a problem. Public key encryption with keyword search (PEKS) realizes the retrieval of ciphertexts in clouds without disclosing secret information. However, most PEKS protocols can not resist an keyword guessing attack (KGA) launched by untrusted cloud servers. Meanwhile, these protocols are unable to detect vulnerabilities, resulting in information leakage. In this article, we design a searchable public-key encryption with cryptographic reverse firewalls (SPKE-CRF), and use the JPBC library to implement the protocol. Security analysis shows that the SPKE-CRF protocol can resist a chosen keyword attack (CKA), a KGA, and an algorithm substitution attack (ASA) without secure channels. Performance analysis shows that the SPKE-CRF protocol has a significant communication and computational cost advantage while being resistant to the KGA and ASA from malicious insider attackers in cloud environments. Therefore, our SPKE-CRF protocol is secure and efficient for cloud storage.