Non-interactive Boolean Searchable Asymmetric Encryption With Bilateral Access Control

Searchable asymmetric encryption (SAE) enables a client to search over a data owner's encrypted data. Nevertheless, state-of-the-art SAE schemes allow a data owner to specify access control policy for a client, while they have not considered the threat case of a malicious data owner. To address the problem, this work presents a non-interactive SAE scheme with bilateral access control: (i) allowing data owner and client to both specify policies toward the other party; (ii) allowing client to perform arbitrary boolean queries with sub-linear search complexity. Technically, we extend Cash et al.'s highly scalable SSE into an asymmetric setting and introduce the property of data owner authenticity. By refining identity-based matchmaking encryption, we formalize the syntax and security definition of our SAE with identity-based bilateral access control. Moreover, the security of the proposed SAE can be reduced to discrete logistic assumption and decisional bilinear Diffie-Hellman assumption. As an enhanced extension, we present a non-interactive multi-client SAE scheme with fuzzy identity-based bilateral access control. In addition, we implement the proposed schemes in real cloud platform and evaluate their performance on a real-world dataset. The result confirms that our SAE schemes achieve bilateral access control for both data owner and client with highly acceptable efficiency.