Forward Secure Public-key Authenticated Encryption with Conjunctive Keyword Search

Public key encryption with keyword search is a promising primitive which enables search over encrypted data in secure data outsourcing services. In traditional construction, the associated keywords may be recovered from a given trapdoor by a malicious server through keyword guessing attacks. Therefore, the notion of public-key authenticated encryption with keyword search (PAEKS) was introduced, where a sender encrypts (and authenticates) the keywords using a receiver's public key and its secret key. In this paper, we consider the forward security for PAEKS and introduce a new primitive: forward secure public-key authenticated encryption with keyword search (FS-PAEKS), which captures the information leakage risk from previously issued queries due to the updates on the outsourced data. Technically, we embed a non-interactively agreed key into the cipher-keyword generation algorithm, and bind the cipher-keyword and the trapdoor with a set converted from algorithm-generation time. Finally, we present an efficient FS-PAEKS scheme supporting conjunctive query, and prove its forward security against chosen keyword attacks and keyword guessing attacks. To illustrate practical performance, we implement our FS-PAEKS and related PAEKS schemes based on Enron dataset in real cloud environment.