Paper 2022/1016

Public Key Authenticated Encryption with Keyword Search from LWE

Leixiao Cheng, Shandong University
Fei Meng, Yanqi Lake Beijing Institute of Mathematical Science and Applications
Abstract

Public key encryption with keyword search (PEKS) inherently suffers from the inside keyword guessing attack. To resist against this attack, Huang et al. proposed the public key authenticated encryption with keyword search (PAEKS), where the sender not only encrypts a keyword, but also authenticates it. To further resist against quantum attacks, Liu et al. proposed a generic construction of PAEKS and the first quantum-resistant PAEKS instantiation based on lattices. Later, Emura pointed out some issues in Liu et al.'s construction and proposed a new generic construction of PAEKS. The basic construction methodology of Liu et al. and Emura is the same, i.e., each keyword is converted into an extended keyword using the shared key calculated by a word-independent smooth projective hash functions (SPHF), and PEKS is used for the extended keyword. In this paper, we first analyze the schemes of Liu et al. and Emura, and point out some issues regarding their construction and security model. In short, in their lattice-based instantiations, the sender and receiver use a lattice-based word independent SPHF to compute the same shared key to authenticate keywords, leading to a super-polynomial modulus $q$; their generic constructions need a trusted setup assumption or the designated-receiver setting; Liu et al. failed to provide convincing evidence that their scheme satisfies their claimed security. Then, we propose two new lattice-based PAEKS schemes with totally different construction methodology from Liu et al. and Emura. Specifically, in our PAEKS schemes, instead of using the shared key calculated by SPHF, the sender and receiver achieve keyword authentication by using their own secret key to sample a set of short vectors related to the keyword. In this way, the modulus $q$ in our schemes could be of polynomial size, which results in much smaller size of the public key, ciphertext and trapdoor. In addition, our schemes need neither a trusted setup assumption nor the designated-receiver setting. Finally, our schemes can be proven secure in stronger security model, and thus provide stronger security guarantee for both ciphertext privacy and trapdoor privacy.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. ESORICS 2022
DOI
10.1007/978-3-031-17140-6_15
Keywords
Public Key Authenticated Encryption Keyword Search Inside Keyword Guessing Attack LWE
Contact author(s)
lxcheng @ sdu edu cn
mengfei_sdu @ 163 com
History
2022-09-25: last of 2 revisions
2022-08-06: received
See all versions
Short URL
https://ia.cr/2022/1016
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1016,
      author = {Leixiao Cheng and Fei Meng},
      title = {Public Key Authenticated Encryption with Keyword Search from {LWE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1016},
      year = {2022},
      doi = {10.1007/978-3-031-17140-6_15},
      url = {https://eprint.iacr.org/2022/1016}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.