Paper 2024/761

Lattice-based Broadcast Authenticated Searchable Encryption for Cloud Storage

Abstract

For security issue, data in cloud is encrypted. Searching encrypted data (without decryption) is a practical and important problem. Public key authenticated encryption with keyword search (PAEKS) enables the retrieval of encrypted data, while resisting the insider keyword guessing attacks (IKGAs). Most PAEKS schemes only work with single-receiver model, exhibiting very limited applicability. To address this concern, there have been researches on broadcast authenticated encryption with keyword search (BAEKS) to achieve multi-receiver ciphertext search. But to our best knowledge, existing BAEKS schemes are not quantum resistant. In this paper, we propose lattice-based BAEKS, the first post-quantum broadcast authenticated encryption with keyword search in multi-receiver model. In particular, we leverage several lattice sampling algorithms and rejection sampling technique to construct our BAEKS scheme. We also incorporate the minimal cover set technique and lattice basis extension algorithm to construct an enhanced version, namely FS-BAEKS, which addresses the secret key leakage problem. We give a rigorous security analysis of our schemes. For the efficiency of BAEKS and Test algorithms in our BAEKS scheme, the computational overheads are at least 2x and 89x faster than the state-of-the-art schemes respectively, which is practical for cloud storage systems.