Publications-Theses
Article View/Open
Publication Export
-
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
題名 具關鍵字搜尋之公開金鑰認證加密:新型框架及抗量子實例化
Public-key Authenticated Encryption with Keyword Search: Novel Frameworks and Quantum-resistant Instantiations作者 劉子源
Liu, Zi-Yuan貢獻者 左瑞麟
Tso, Ray-Lin
劉子源
Liu, Zi-Yuan關鍵詞 新型框架
抗量子密碼
關鍵字搜尋
基於身分加密
通用架構
公開金鑰認證加密
Novel frameworks
Quantum-resistant cryptosystems
Keyword search
Identity-based encryption
Generic construction
Public-key authenticated encryption日期 2023 上傳時間 1-Dec-2023 10:33:07 (UTC+8) 摘要 隨著雲端服務的應用不斷地發展,愈來愈多使用者能夠透過這些應用便利及彈性地使用其珍貴的數位資料。為了避免敏感資料外洩,資料擁有者需在上傳資料至雲端前將其進行加密。然而,經加密後的資料便喪失了被搜尋的功能。具關鍵字搜尋之公開金鑰加密提供了解決辦法,但現有的架構大多無法抵擋來自內部攻擊者的關鍵字猜測攻擊。其原因在於惡意內部者可以獲取資料接收者傳送的搜尋請求,他可以任意測試他所生成的可搜尋密文,以竊取與搜尋請求相關的關鍵字資訊。為了避免此安全問題,具關鍵字搜尋之公開金鑰認證加密被提出,在此架構中,搜尋請求只對於特定的資料擁有者所產生的可搜尋密文有其效用,避免內部攻擊者能自行產生可搜尋密文來進行攻擊。 本文深入探討具關鍵字搜尋之公開金鑰認證加密的兩個議題。首先,雖然許多具關鍵字搜尋之公開金鑰認證加密架構已經被提出,例如基於公鑰、身份、無憑證及憑證架構,但仍然無一架構能在安全、效率及便利上取得平衡。為了解決這個議題,本論文提出一新型框架——身分認證機構協助之基於身分之搜尋加密框架,與先前架構相比,此框架中的使用者可透過身分來代替需憑證認證之公鑰,以達到使用上的便利性,同時藉由身分認證機構協助,來避免基於身分架構常見之金鑰託管問題,此外,此框架更結合具關鍵字搜尋之公開金鑰認證加密的概念,以避免關鍵字猜測攻擊,以達到安全、效率及便利上之平衡。其次,由於現有架構之安全性皆基於離散對數難問題,並且Shor於1994年已提出一量子演算法能於多項式時間內破解離散對數難問題,因此,隨著量子電腦逐漸發展成熟,構造出能抵擋量子攻擊之具關鍵字搜尋之公開金鑰認證加密成為重要之議題。為了達到這個目標,本論文首先提出一需可信賴方協助之具關鍵字搜尋之公開金鑰認證加密之通用架構,透過可信賴方協助,使得資料擁有者及接收者能獲得一共享秘密,而資料接收者產生之搜尋要求只對擁有此共享秘密之資料擁有者有效用,以避免關鍵字猜測攻擊。在此通用架構的概念下,此論文進一步移除可信賴方協助之需求,提出一具關鍵字搜尋之公開金鑰認證加密之通用架構。透過此通用架構,此論文採用基於晶格之元件,提出第一個可抗量子攻擊之具關鍵字搜尋之公開金鑰認證加密。
As cloud service applications continue to develop, an increasing number of users are able to conveniently and flexibly utilize their valuable digital data through these applications. To prevent sensitive data leakage, the data sender must encrypt their data before uploading them to the cloud. However, after the data is encrypted, they cannot be searched. Public key encryption with keyword search (PEKS) provides a solution to this problem. However, most existing PEKS schemes are vulnerable to keyword guessing attacks (KGA) from internal adversaries. Because a malicious insider can obtain search requests sent by the data receiver, it can test any searchable ciphertext it has generated to steal keyword information related to search requests and encrypted data. To avoid this security loophole, public key authenticated encryption with keyword search (PAEKS) was proposed. Unlike PEKS, search requests in PAEKS are only valid for the searchable ciphertext generated by a specific data sender; therefore, PAEKS can prevent internal adversaries from adaptively generating searchable ciphertexts to attack. This dissertation provides an in-depth discussion of two issues related to PAEKS. First, although many PAEKS schemes have been proposed, such as public-key-based, identity-based, certificateless, and certificate-based schemes, no related scheme can balance between security, efficiency, and convenience. To solve this problem, this dissertation proposes a new framework: identity-certifying authority-aided identity-based searchable encryption. The proposed framework differs from others in that users can use their identity as a public key instead of using a public key that requires certificate authentication. In addition, with the help of an identity-certifying authority, this framework solves key escrow problems. Furthermore, this framework also incorporates the concept of PAEKS to prevent KGA from striking a good balance between security, efficiency, and convenience. Second, the security of current PAEKS schemes is based on the discrete logarithm problem. As demonstrated by Shor in 1994, a quantum algorithm can solve the discrete logarithm problem in polynomial time. The technology behind quantum computers has gradually matured; consequently, constructing a PAEKS scheme that can withstand quantum attacks has become an important goal. To achieve this, a generic trusted authority-aided PAEKS construction is proposed in this dissertation. In this construction, with the assistance of a trusted authority, the data sender and data receiver can obtain a shared secret, and the search request generated by the data receiver is only valid for the searchable ciphertext generated by the data sender; this prevents keyword guessing attacks. On the basis of this idea, a generic PAEKS construction without the need for a trusted authority is further proposed. Therefore, the first quantum-resistant PAEKS scheme can be instantiated through lattice-based building blocks.參考文獻 [AAB+19] F. Arute, K. Arya, R. Babbush, et al., “Quantum supremacy using a programmable superconducting processor,” Nature, vol. 574, no. 7779, pp. 505–510, 2019 (cit. p. 7). [ABB10] S. Agrawal, D. Boneh, and X. Boyen, “Efficient lattice (H)IBE in the standard model,” in EUROCRYPT, 2010 (cit. pp. 25, 26, 117, 118). [ABC+05] M. Abdalla, M. Bellare, D. Catalano, et al., “Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions,” in CRYPTO, 2005 (cit. p. 13). [ABC+08] ——, “Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions,” J. Cryptol., vol. 21, no. 3, pp. 350–391, 2008 (cit. pp. 13, 83, 84). [ABN10] M. Abdalla, M. Bellare, and G. Neven, “Robust encryption,” in TCC, 2010 (cit. p. 14). [ABP15] M. Abdalla, F. Benhamouda, and D. Pointcheval, “Public-key encryption indistinguishable under plaintext-checkable attacks,” in PKC, 2015 (cit. p. 34). [ADM+20] M. H. Ameri, M. Delavar, J. Mohajeri, and M. Salmasizadeh, “A key-policy attribute-based temporary keyword search scheme for secure cloud storage,” IEEE Trans. Cloud Comput., vol. 8, no. 3, pp. 660–671, 2020 (cit. p. 15). [AFG+10] M. Armbrust, A. Fox, R. Griffith, et al., “A view of cloud computing,” Commun. ACM, vol. 53, no. 4, pp. 50–58, 2010 (cit. p. 2). [AFI06] N. Attrapadung, J. Furukawa, and H. Imai, “Forward-secure and searchable broadcast encryption with short ciphertexts and private keys,” in ASIACRYPT, 2006 (cit. p. 14). [AG10] N. Antonopoulos and L. Gillam, Cloud computing. Springer, 2010 (cit. p. 1). [AKM+18] H. Anada, A. Kanaoka, N. Matsuzaki, and Y. Watanabe, “Key-updatable public-key encryption with keyword search: Models and generic constructions,” in ACISP, 2018 (cit. p. 14). [AKM+20] ——, “Key-updatable public-key encryption with keyword search (Or: How to realize PEKS with efficient key updates for IoT environments),” Int. J. Inf. Sec., vol. 19, no. 1, pp. 15–38, 2020 (cit. p. 14). [AP03] S. S. Al-Riyami and K. G. Paterson, “Certificateless public key cryptography,” in ASIACRYPT, 2003 (cit. p. 6). [AP11] J. Alwen and C. Peikert, “Generating shorter bases for hard random lattices,” Theory Comput. Syst., vol. 48, no. 3, pp. 535–553, 2011 (cit. p. 24). [ASS21] G. Asharov, G. Segev, and I. Shahaf, “Tight tradeoffs in searchable symmetric encryption,” J. Cryptol., vol. 34, no. 2, p. 9, 2021 (cit. p. 3). [BB11] D. Boneh and X. Boyen, “Efficient selective identity-based encryption without random oracles,” J. Cryptol., vol. 24, no. 4, pp. 659–693, 2011 (cit. p. 6). [BBB+97] C. H. Bennett, E. Bernstein, G. Brassard, and U. V. Vazirani, “Strengths and weaknesses of quantum computing,” SIAM J. Comput., vol. 26, no. 5, pp. 1510–1523, 1997 (cit. p. 133). [BBD+18] F. Benhamouda, O. Blazy, L. Ducas, and W. Quach, “Hash proof systems over lattices revisited,” in PKC, 2018 (cit. p. 117). [BBM00] M. Bellare, A. Boldyreva, and S. Micali, “Public-key encryption in a multiuser setting: Security proofs and improvements,” in EUROCRYPT, 2000 (cit. p. 2). [BC18] O. Blazy and C. Chevalier, “Non-interactive key exchange from identity-based encryption,” in ARES, 2018 (cit. p. 94). [BCO+04] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in EUROCRYPT, 2004 (cit. pp. 3, 4, 13, 16, 39, 41, 42, 118, 119). [BCR19] E. Blum, M. Castillo-Martin, and M. Rosenberg. (2019). “Survey on the security of the quantum ROM,” [Online]. Available:https://mrosenberg.pub/assets/pdfs/qrom_survey.pdf (visited on Aug. 31, 2021) (cit. p. 133). [BDF+11] D. Boneh, O. Dagdelen, M. Fischlin, et al., “Random oracles in a quantum world,” in ASIACRYPT, 2011 (cit. p. 133). [BF01] D. Boneh and M. K. Franklin, “Identity-based encryption from the weil pairing,” in CRYPTO, 2001 (cit. p. 6). [BF03] ——, “Identity-based encryption from the weil pairing,” SIAM J. Comput., vol. 32, no. 3, pp. 586–615, 2003 (cit. p. 6). [BLS+15] F. Buccafurri, G. Lax, R. A. Sahu, and V. Saraswat, “Practical and secure integrated PKE+PEKS with keyword privacy,” in SECRYPT, 2015 (cit. p. 14). [BOY20] R. Behnia, M. O. Ozmen, and A. A. Yavuz, “Lattice-based public key searchable encryption from experimental perspectives,” IEEE Trans. Dependable Secur. Comput., vol. 17, no. 6, pp. 1269–1282, 2020 (cit. pp. 20, 26, 94, 106, 112, 118–120, 128, 129). [BR94] M. Bellare and P. Rogaway, “Optimal asymmetric encryption,” in EUROCRYPT, 1994 (cit. p. 2). [BRP+06] J. W. Byun, H. S. Rhee, H.-A. Park, and D. H. Lee, “Off-line keyword guessing attacks on recent keyword search schemes over encrypted data,” in SDM, 2006 (cit. pp. 4, 15, 42). [BSS05] J. Baek, R. Safavi-Naini, and W. Susilo, “Certificateless public key encryption without pairing,” in ISC, 2005 (cit. p. 6). [BSS06] ——, “On the integration of public key data encryption and public key encryption with keyword search,” in ISC, 2006 (cit. p. 14). [BSS08] ——,“Public key encryption with keyword search revisited,” in ICCSA, 2008 (cit. pp. 4, 16). [BW07] D. Boneh and B. Waters, “Conjunctive, subset, and range queries on encrypted data,” in TCC, 2007 (cit. p. 14). [CD20] P. Chaudhari and M. L. Das, “KeySea: Keyword-based search with receiver anonymity in attribute-based searchable encryption,” IEEE Trans. Serv. Comput., 2020 (cit. p. 15). [CD21] ——, “Privacy preserving searchable encryption with fine-grained access control,” IEEE Trans. Cloud Comput., vol. 9, no. 2, pp. 753–762, 2021 (cit. p. 15). [CDV+12] R. Canetti, D. Dachman-Soled, V. Vaikuntanathan, and H. Wee, “Efficient password authenticated key exchange via oblivious transfer,” in PKC, 2012 (cit. p. 36). [CGK+06] R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky, “Searchable symmetric encryption: Improved definitions and efficient constructions,” in CCS, 2006 (cit. p. 3). [Che15] Y.-C. Chen, “SPEKS: secure server-designation public key encryption with keyword search against keyword guessing attacks,” Comput. J., vol. 58, no. 4, pp. 922–933, 2015 (cit. p. 16). [Cho09] S. S. M. Chow, “Removing escrow from identity-based encryption,” in PKC, 2009 (cit. pp. 9, 46). [CKM11] M. Carroll, P. Kotze, and A.V. D. Merwe, “Secure cloud computing: Benefits, risks and controls,” in ISSA, 2011 (cit. p. 2). [CLC+19] L. Chen, W.-K. Lee, C.-C. Chang, K.-K. R. Choo, and N. Zhang, “Blockchain based searchable encryption for electronic health record sharing,” Future Gener. Comput. Syst., vol. 95, pp. 420–429, 2019 (cit. p. 15). [CLZ+21] J. Cui, J. Lu, H. Zhong, et al., “Parallel key-insulated multi-user searchable encryption for industrial Internet of things,” IEEE Trans. Ind. Informatics, 2021 (cit. p. 15). [CM21] L. Cheng and F. Meng, “Security analysis of Pan et al.’s “Public-key authenticated encryption with keyword search achieving both multi-ciphertext and multi-trapdoor indistinguishability”,” J. Syst. Archit., vol. 119, p. 102 248, 2021 (cit. p. 19). [CMS19] A. Chiesa, P. Manohar, and N. Spooner, “Succinct arguments in the quantum random oracle model,” in TCC, 2019 (cit. p. 133). [CMY+15] R. Chen, Y. Mu, G. Yang, F. Guo, and X. Wang, “A new general framework for secure public key encryption with keyword search,” in ACISP, 2015 (cit. pp. 5, 17, 18). [CMY+16a] ——, “Dual-server public-key encryption with keyword search for secure cloud storage,” IEEE Trans. Inf. Forensics Secur., vol. 11, no. 4, pp. 789–798, 2016 (cit. pp. 5, 17, 18). [CMY+16b] R. Chen, Y. Mu, G. Yang, et al., “Server-aided public key encryption with keyword search,” IEEE Trans. Inf. Forensics Secur., vol. 11, no. 12, pp. 2833–2842, 2016 (cit. pp. 5, 18). [CPP+18] J. G. Chamani, D. Papadopoulos, C. Papamanthou, and R. Jalili, “New constructions for forward and backward private symmetric searchable encryption,” in CCS, 2018 (cit. p. 3). [CS02] R. Cramer and V. Shoup, “Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption,” in EUROCRYPT, 2002 (cit. p. 36). [CS07] G. D. Crescenzo and V. Saraswat, “Public key encryption with searchable keywords based on Jacobi symbols,” in INDOCRYPT, 2007 (cit. p. 13). [CS98] R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,” in CRYPTO, 1998 (cit. p. 2). [CSA+21] S. Cui, X. Song, M. R. Asghar, S. D. Galbraith, and G. Russello, “Privacy-preserving dynamic symmetric searchable encryption with controllable leakage,” ACM Trans. Priv. Secur., vol. 24, no. 3, 18:1–18:35, 2021 (cit. p. 3). [CW21] P.-W. Chi and M.-H. Wang, “Deniable search of encrypted cloud-storage data,” J. Inf. Secur. Appl., vol. 58, p. 102 806, 2021 (cit. p. 15). [CWL+21] Z. Chen, A. Wu, Y. Li, Q. Xing, and S. Geng, “Blockchain-enabled public key encryption with multi-keyword search in cloud computing,” Secur. Commun. Networks, vol. 2021, 6619689:1–6619689:11, 2021 (cit. p. 15). [CWZ+19] B. Chen, L. Wu, S. Zeadally, and D. He, “Dual-server public-key authenticated encryption with keyword search,” IEEE Trans. Cloud Comput., 2019 (cit. pp. 5, 45, 47, 71–74, 98). [CZL+16] Y. Chen, J. Zhang, D. Lin, and Z. Zhang, “Generic constructions of integrated PKE and PEKS,” Des. Codes Cryptogr., vol. 78, no. 2, pp. 493–526, 2016 (cit. p. 14). [DCP+20] I. Demertzis, J. G. Chamani, D. Papadopoulos, and C. Papamanthou, “Dynamic searchable encryption with small client storage,” in NDSS, 2020 (cit. p. 3). [DGK+10] Y. Dodis, S. Goldwasser, Y. T. Kalai, C. Peikert, and V. Vaikuntanathan, “Public-key encryption schemes with auxiliary inputs,” in TCC, 2010 (cit. p. 2). [DHP+18] P.-A. Dupont, J. Hesse, D. Pointcheval, L. Reyzin, and S. Yakoubov, “Fuzzy password-authenticated key exchange,” in EUROCRYPT, 2018 (cit. p. 36). [DLL+20] L. Du, K. Li, Q. Liu, Z. Wu, and S. Zhang, “Dynamic multi-client searchable symmetric encryption with support for Boolean queries,” Inf. Sci., vol. 506, pp. 234–257, 2020 (cit. p. 3). [DLP14] L. Ducas, V. Lyubashevsky, and T. Prest, “Efficient identity-based encryption over NTRU lattices,” in ASIACRYPT, 2014 (cit. pp. 26–28, 78, 94, 99, 100). [DR01] J. Daemen and V. Rijmen, “Reijndael: The advanced encryption standard,” Dr. Dobb’s Journal: Software Tools for the Professional Programmer, vol. 26, no. 3, pp. 137–139, 2001 (cit. p. 2). [DWC10] T. S. Dillon, C. Wu, and E. Chang, “Cloud computing: Issues and challenges,” in AINA, 2010 (cit. p. 2). [EIO20] K. Emura, K. Ito, and T. Ohigashi, “Secure-channel free searchable encryption with multiple keywords: A generic construction, an instantiation, and its implementation,” J. Comput. Syst. Sci., vol. 114, pp. 107–125, 2020 (cit. p. 17). [EKW19] K. Emura, S. Katsumata, and Y. Watanabe, “Identity-based encryption with security against the KGC: A formal model and its instantiation from lattices,” in ESORICS, 2019 (cit. pp. 9, 47, 51). [EMO11] K. Emura, A. Miyaji, and K. Omote, “Adaptive secure-channel free public-key encryption with keyword search implies timed release encryption,” in ISC, 2011 (cit. p. 17). [EMR+15] K. Emura, A. Miyaji, M. S. Rahman, and K. Omote, “Generic constructions of secure-channel free searchable encryption with adaptive security,” Secur. Commun. Networks, vol. 8, no. 8, pp. 1547–1560, 2015 (cit. p. 17). [Emu17] K. Emura, “A generic construction of secure-channel free searchable encryption with multiple keywords,” in NSS, 2017 (cit. p. 17). [ER12] K. Emura and M. S. Rahman, “Constructing secure-channel free searchable encryption from anonymous IBE with partitioned ciphertext structure,” in SECRYPT, 2012 (cit. p. 17). [FE+10] B. Furht, A. Escalante, et al., Handbook of cloud computing. Springer, 2010, vol. 3 (cit. p. 1). [FP07] T. Fuhr and P. Paillier, “Decryptable searchable encryption,” in ProvSec, 2007 (cit. p. 14). [FR19] O. Farras and J. Ribes-Gonzalez, “Provably secure public-key encryption with conjunctive and subset keyword search,” Int. J. Inf. Sec., vol. 18, no. 5, pp. 533–548, 2019 (cit. p. 15). [FSG+09] L. Fang, W. Susilo, C. Ge, and J. Wang, “A secure channel free public key encryption with keyword search scheme without random oracle,” in CANS, 2009 (cit. p. 16). [FV16] A. Faonio and D. Venturi, “Efficient public-key cryptography with bounded leakage and tamper resilience,” in ASIACRYPT, 2016 (cit. p. 2). [Gaj16] S. Gajek, “Dynamic symmetric searchable encryption from constrained functional encryption,” in CT-RSA, 2016 (cit. p. 3). [GCJ+20] C. Guo, X. Chen, Y. Jie, et al., “Dynamic multi-phrase ranked search over encrypted data with symmetric searchable encryption,” IEEE Trans. Serv. Comput., vol. 13, no. 6, pp. 1034–1044, 2020 (cit. p. 3). [Gen03] C. Gentry, “Certificate-based encryption and the certificate revocation problem,” in EUROCRYPT, 2003 (cit. p. 6). [GGH97] O. Goldreich, S. Goldwasser, and S. Halevi, “Public-key cryptosystems from lattice reduction problems,” in CRYPTO, 1997 (cit. p. 2). [GK10] A. Groce and J. Katz, “A new framework for efficient password-based authenticated key exchange,” in CCS, 2010 (cit. p. 36). [GL03] R. Gennaro and Y. Lindell, “A framework for password-based authenticated key exchange,” in EUROCRYPT, 2003 (cit. p. 36). [GPV08] C. Gentry, C. Peikert, and V. Vaikuntanathan, “Trapdoors for hard lattices and new cryptographic constructions,” in STOC, 2008 (cit. pp. 24, 27). [GZP07] C. Gu, Y. Zhu, and H. Pan, “Efficient public key encryption with keyword search schemes from pairings,” in Inscrypt, 2007 (cit. p. 16). [Han20] W. A. Hanson, “The CORAL supercomputer systems,” IBM J. Res. Dev., vol. 64, no. 3/4, 1:1–1:10, 2020 (cit. p. 7). [Hay08] B. Hayes, “Cloud computing,” Commun. ACM, vol. 51, no. 7, pp. 9–11, 2008 (cit. p. 1). [HCZ+21] K. He, J. Chen, Q. Zhou, R. Du, and Y. Xiang, “Secure dynamic searchable symmetric encryption with constant client storage cost,” IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 1538–1549, 2021 (cit. p. 3). [HFP+18] G. Hatzivasilis, K. Fysarakis, I. Papaefstathiou, and C. Manifavas, “A review of lightweight block ciphers,” J. Cryptogr. Eng., vol. 8, no. 2, pp. 141–184, 2018 (cit. p. 2). [HHK17] D. Hofheinz, K. H.velmanns, and E. Kiltz, “A modular analysis of the Fujisaki-Okamoto transformation,” in TCC, 2017 (cit. p. 133). [HHP+03] J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. H. Silverman, and W. Whyte, “NTRUSIGN: Digital signatures using the NTRU lattice,” in CT-RSA, 2003 (cit. p. 26). [HL07] Y. H. Hwang and P. J. Lee, “Public key encryption with conjunctive keyword search and its extension to a multi-user system,” in Pairing, 2007 (cit. pp. 14, 15). [HL17] Q. Huang and H. Li, “An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks,” Inf. Sci., vol. 403, pp. 1–14, 2017 (cit. pp. 5, 18, 19, 39, 41, 45, 99, 102, 103, 118, 119). [HMZ+18] D. He, M. Ma, S. Zeadally, N. Kumar, and K. Liang, “Certificateless public key authenticated encryption with keyword search for industrial Internet of things,” IEEE Trans. Ind. Informatics, vol. 14, no. 8, pp. 3618–3627, 2018 (cit. pp. 5, 6, 19, 20, 46, 47, 71–74, 98, 99, 102, 103). [HPS98] J. Hoffstein, J. Pipher, and J. H. Silverman, “NTRU: A ring-based public key cryptosystem,” in ANTS, 1998 (cit. pp. 2, 25). [HRS17] T. H.ner, M. Roetteler, and K. M. Svore, “Factoring using 2𝑛 + 2 qubits with toffoli based modular multiplication,” Quantum Inf. Comput., vol. 17, no. 7&8, pp. 673–684, 2017 (cit. p. 8). [HW08] D. Hofheinz and E. Weinreb, Searchable encryption with decryption in the standard model, IACR ePrint, 2008 (cit. p. 14). [HYY21] Q. Huang, G. Yan, and Y. Yang, “Privacy-preserving traceable attribute-based keyword search in multi-authority medical cloud,” IEEE Trans. Cloud Comput., 2021 (cit. p. 15). [IKA+16] S. Iqbal, M. L. M. Kiah, N. B. Anuar, et al., “Service delivery models of cloud computing: Security issues and open challenges,” Secur. Commun. Networks, vol. 9, no. 17, pp. 4726–4750, 2016 (cit. p. 2). [INH+11] L. Ibraimi, S. Nikova, P. H. Hartel, and W. Jonker, “Public-key encryption with delegated search,” in ACNS, 2011 (cit. p. 14). [JKH+09] I. R. Jeong, J. O. Kwon, D. Hong, and D. H. Lee, “Constructing PEKS schemes secure against keyword guessing attacks is possible?” Comput. Commun., vol. 32, no. 2, pp. 394–396, 2009 (cit. pp. 14, 16). [JKX18] S. Jarecki, H. Krawczyk, and J. Xu, “OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks,” in EUROCRYPT, 2018 (cit. p. 36). [JMG+16] P. Jiang, Y. Mu, F. Guo, and Q. Wen, “Public key encryption with authorized keyword search,” in ACISP, 2016 (cit. p. 14). [JN03] A. Joux and K. Nguyen, “Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups,” J. Cryptol., vol. 16, no. 4, pp. 239–247, 2003 (cit. p. 28). [KKK+13] A. N. Khan, M. L. M. Kiah, S. U. Khan, and S. A. Madani, “Towards secure mobile cloud computing: A survey,” Future Gener. Comput. Syst., vol. 29, no. 5, pp. 1278–1299, 2013 (cit. p. 2). [KL20] J. Katz and Y. Lindell, Introduction to Modern Cryptography, Third Edition. CRC Press, 2020 (cit. p. 34). [KLH+18] A. Kobusinska, C. K.-S. Leung, C.-H. Hsu, R. S., and V. Chang, “Emerging trends, issues and challenges in Internet of things, big data and cloud computing,” Future Gener. Comput. Syst., vol. 87, pp. 416–419, 2018 (cit. p. 2). [KM14] F. Kiefer and M. Manulis, “Distributed smooth projective hashing and its application to two-server password authenticated key exchange,” in ACNS, 2014 (cit. p. 37). [KP13] S. Kamara and C. Papamanthou, “Parallel and dynamic searchable symmetric encryption,” in FC, 2013 (cit. p. 3). [KPR12] S. Kamara, C. Papamanthou, and T. Roeder, “Dynamic searchable symmetric encryption,” in CCS, 2012 (cit. p. 3). [KV09] J. Katz and V. Vaikuntanathan, “Smooth projective hashing and password-based authenticated key exchange from lattices,” in ASIACRYPT, 2009 (cit. p. 36). [KV10] R. L. Krutz and R. D. Vines, Cloud security: A comprehensive guide to secure cloud computing. 2010 (cit. p. 2). [KV11] J. Katz and V. Vaikuntanathan, “Round-optimal password-based authenticated key exchange,” in TCC, 2011 (cit. p. 36). [KV13] ——,“Round-optimal password-based authenticated key exchange,” J. Cryptol., vol. 26, no. 4, pp. 714–743, 2013 (cit. p. 36). [LFK+14] H. Lasi, P. Fettke, H.-G. Kemper, T. Feld, and M. Hoffmann, “Industry 4.0,” Bus. Inf. Syst. Eng., vol. 6, no. 4, pp. 239–242, 2014 (cit. p. 2). [LHS+19] H. Li, Q. Huang, J. Shen, G. Yang, and W. Susilo, “Designated-server identity-based authenticated encryption with keyword search for encrypted emails,” Inf. Sci., vol. 481, pp. 330–343, 2019 (cit. pp. 5, 6, 19, 46, 47, 71–74, 98, 99, 102, 103). [LHS20] H. Li, Q. Huang, and W. Susilo, “A secure cloud data sharing protocol for enterprise supporting hierarchical keyword search,” IEEE Trans. Dependable Secur. Comput., 2020 (cit. p. 15). [LHW+21] J. Li, Y. Huang, Y. Wei, et al., “Searchable symmetric encryption with forward search privacy,” IEEE Trans. Dependable Secur. Comput., vol. 18, no. 1, pp. 460–474, 2021 (cit. p. 3). [LHY+21] X. Liu, K. He, G. Yang, et al., “Broadcast authenticated encryption with keyword search,” in ACISP, 2021 (cit. p. 20). [LL19] Y. Lu and J. Li, “Efficient searchable public key encryption against keyword guessing attacks for cloud-based EMR systems,” Clust. Comput., vol. 22, no. 1, pp. 285–299, 2019 (cit. pp. 5, 45, 98). [LL21] ——, “Lightweight public key authenticated encryption with keyword search against adaptively-chosen-targets adversaries for mobile devices,” IEEE Trans. on Mob. Comput., 2021 (cit. pp. 5, 19, 45, 98, 133). [LLW21] Y. Lu, J. Li, and F. Wang, “Pairing-free certificate-based searchable encryption supporting privacy-preserving keyword search function for IIoTs,” IEEE Trans. Ind. Informatics, vol. 17, no. 4, pp. 2696–2706, 2021 (cit. pp. 5, 6, 20, 46, 47, 71–74, 98). [LLY+19] X. Liu, H. Li, G. Yang, et al., “Towards enhanced security for certificateless public-key authenticated encryption with keyword search,” in ProvSec, 2019 (cit. pp. 5, 6, 19, 46, 98, 99, 102, 103). [LLZ19] Y. Lu, J. Li, and Y. Zhang, “Secure channel free certificate-based searchable encryption withstanding outside and inside keyword guessing attacks,” IEEE Trans. Serv. Comput., 2019 (cit. pp. 5, 6, 20, 46, 47, 71–74, 98). [LLZ20] Y. Lu, J. Li, and Y. Zhang, “Privacy-preserving and pairing-free multirecipient certificateless encryption with keyword search for cloud-assisted IIoT,” IEEE Internet Things J., vol. 7, no. 4, pp. 2553–2562, 2020 (cit. pp. 5, 6, 46, 98). [LP11] F. Lombardi and R. D. Pietro, “Secure virtualization for cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1113–1122, 2011 (cit. p. 2). [LPQ12] B. Libert, K. G. Paterson, and E. A. Quaglia, “Anonymous broadcast encryption: Adaptive security and efficient constructions in the standard model,” in PKC, 2012 (cit. p. 2). [LPR10] V. Lyubashevsky, C. Peikert, and O. Regev, “On ideal lattices and learning with errors over rings,” in EUROCRYPT, 2010 (cit. p. 25). [LPR13] ——, “On ideal lattices and learning with errors over rings,” J. ACM, vol. 60, no. 6, 43:1–43:35, 2013 (cit. p. 25). [LQ06] B. Libert and J.-J. Quisquater, “On constructing certificateless cryptosystems from identity based encryption,” in PKC, 2006 (cit. p. 6). [LSQ+18] X. J. Lin, L. Sun, H. Qu, and D. Liu, “On the security of secure server-designation public key encryption with keyword search,” Comput. J., vol. 61, no. 12, pp. 1791–1793, 2018 (cit. p. 16). [LTM+11] F. Liu, J. Tong, J. Mao, et al., “NIST cloud computing reference architecture,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep. NIST Special Publication (SP) 500-292, 2011 (cit. p. 1). [LTT+22a] Z.-Y. Liu, Y.-F. Tseng, R. Tso, Y.-C. Chen, and M. Mambo, “Identity-certifying authority-aided identity-based searchable encryption framework in cloud systems,” IEEE Syst. J., vol. 16, no. 3, pp. 4629–4640, 2022 (cit. p. 11). [LTT+22b] Z.-Y. Liu, Y.-F. Tseng, R. Tso, M. Mambo, and Y.-C. Chen, “Public-key authenticated encryption with keyword search: A generic construction and its quantum-resistant instantiation,” Comput. J., vol. 65, no. 10, pp. 2828–2844, 2022 (cit. p. 11). [LTT+22c] ——,“Public-key authenticated encryption with keyword search: Cryptanalysis, enhanced security, and quantum-resistant instantiation,” in ASIACCS, 2022 (cit. p. 11). [LW19] Z. Li and D. Wang, “Achieving one-round password-based authenticated key exchange over lattices,” IEEE Trans. Serv. Comput., 2019 (cit. pp. 106, 112, 116, 118). [LWL19] Y. Lu, G. Wang, and J. Li, “Keyword guessing attacks on a public key encryption with keyword search scheme without random oracle and its improvement,” Inf. Sci., vol. 479, pp. 270–276, 2019 (cit. pp. 5, 45, 98). [LWQ+21] H. Li, T. Wang, Z. Qiao, et al., “Blockchain-based searchable encryption with efficient result verification and fair payment,” J. Inf. Secur. Appl., vol. 58, p. 102 791, 2021 (cit. p. 15). [LYD+20] H. Li, Y. Yang, Y. Dai, S. Yu, and Y. Xiang, “Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data,” IEEE Trans. Cloud Comput., vol. 8, no. 2, pp. 484–494, 2020 (cit. p. 3). [Lyn07] B. Lynn, “On the implementation of pairing-based cryptosystems,” https://crypto.stanford.edu/pbc/, Ph.D. dissertation, Stanford University, 2007 (cit. p. 100). [LZ08] J. K. Liu and J. Zhou, “Efficient certificate-based encryption in the standard model,” in SCN, 2008 (cit. p. 6). [Mer20] Merriam-Webster Incorporated, Merriam-Webster’s collegiate dictionary, 11th. Merriam-Webster Incorporated, 2020 (cit. p. 4). [MFF20] M. Ma, S. Fan, and D. Feng, “Multi-user certificateless public key encryption with conjunctive keyword search for cloud-based telemedicine,” J. Inf. Secur. Appl., vol. 55, p. 102 652, 2020 (cit. p. 15). [MG11] P. Mell and T. Grance, “The NIST definition of cloud computing,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep. NIST Special Publication (SP) 800-140, 2011 (cit. p. 1). [MH20] S. Ma and Q. Huang, “A new framework of IND-CCA secure public key encryption with keyword search,” Comput. J., vol. 63, no. 12, pp. 1849–1858, 2020 (cit. p. 14). [MHK+18] M. Ma, D. He, N. Kumar, K.-K. R. Choo, and J. Chen, “Certificateless searchable public key encryption scheme for industrial Internet of things,” IEEE Trans. Ind. Informatics, vol. 14, no. 2, pp. 759–767, 2018 (cit. p. 17). [MLB+11] S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi, “Cloud computing - The business perspective,” Decis. Support Syst., vol. 51, no. 1, pp. 176–189, 2011 (cit. p. 1). [MLC20] A. Masood, D. S. Lakew, and S. Cho, “Security and privacy challenges in connected vehicular cloud computing,” IEEE Commun. Surv. Tutorials, vol. 22, no. 4, pp. 2725–2764, 2020 (cit. p. 2). [MMS+18] S. Ma, Y. Mu, W. Susilo, and B. Yang, “Witness-based searchable encryption,” Inf. Sci., vol. 453, pp. 364–378, 2018 (cit. p. 18). [MP12] D. Micciancio and C. Peikert, “Trapdoors for lattices: Simpler, tighter, faster, smaller,” in EUROCRYPT, 2012 (cit. pp. 24, 112, 113, 117, 118). [MS13] T. Moataz and A. Shikfa, “Boolean symmetric searchable encryption,” in ASIACCS, 2013 (cit. p. 3). [NE19] M. Noroozi and Z. Eslami, “Public key authenticated encryption with keyword search: Revisited,” IET Inf. Secur., vol. 13, no. 4, pp. 336–342, 2019 (cit. pp. 5, 19, 45, 81, 98, 99, 102, 103, 133). [NE20] ——, “Public-key encryption with keyword search: A generic construction secure against online and offline keyword guessing attacks,” J. Ambient Intell. Humaniz. Comput., vol. 11, no. 2, pp. 879–890, 2020 (cit. p. 16). [NMO06] W. Nagao, Y. Manabe, and T. Okamoto, “A universally composable secure channel based on the KEM-DEM framework,” IEICE Trans. Fundam. Electron. Commun. Comput. Sci., vol. 89-A, no. 1, pp. 28–38, 2006 (cit. p. 4). [NT21] S. K. Nayak and S. Tripathy, “SEPS: Efficient public-key based secure search over outsourced data,” J. Inf. Secur. Appl., vol. 61, p. 102 932, 2021 (cit. p. 15). [OK21] S. Oya and F. Kerschbaum, “Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption,” in USENIX Security, 2021 (cit. p. 3). [OOM+16] M. O’Neill, E. O’Sullivan, G. McWilliams, et al., “Secure architectures of future emerging cryptography SAFEcrypto,” in CF, 2016 (cit. p. 100). [OP92] T. Okamoto and D. Pointcheval, “The Gap-Problems: A new class of problems for the security of cryptographic schemes,” in PKC, 1992 (cit. p. 28). [PGM+19] E. Pednault, J. Gunnels, D. Maslov, and J. Gambetta. (2019). “On “quantum supremacy”,” [Online]. Available: https://www.ibm.com/blogs/research/2019/10/on-quantum-supremacy/ (visited on Aug. 30, 2021) (cit. p. 7). [PKL04] D. J. Park, K. Kim, and P. J. Lee, “Public key encryption with conjunctive field keyword search,” in WISA, 2004 (cit. p. 14). [PL21] X. Pan and F. Li, “Public-key authenticated encryption with keyword search achieving both multi-ciphertext and multi-trapdoor indistinguishability,” J. Syst. Archit., vol. 115, p. 102 075, 2021 (cit. pp. 5, 19, 45, 98). [PM21] S. Patranabis and D. Mukhopadhyay, “Forward and backward private conjunctive searchable symmetric encryption,” in NDSS, 2021 (cit. p. 3). [PSE20] N. Pakniat, D. Shiraly, and Z. Eslami, “Certificateless authenticated encryption with keyword search: Enhanced security model and a concrete construction for industrial IoT,” J. Inf. Secur. Appl., vol. 53, p. 102 525, 2020 (cit. pp. 5, 6, 20, 45–47, 71–74, 98, 99, 102, 103). [QCA+20] G. A. Quantum, Collaborators, F. Arute, et al., “Hartree-Fock on a superconducting qubit quantum computer,” Science, vol. 369, no. 6507, pp. 1084–1089, 2020 (cit. p. 7). [QCH+20] B. Qin, Y. Chen, Q. Huang, X. Liu, and D. Zheng, “Public-key authenticated encryption with keyword search revisited: Security model and constructions,” Inf. Sci., vol. 516, pp. 515–528, 2020 (cit. pp. 5, 19, 39, 45, 47, 51, 52, 71–74, 98, 99, 102, 103, 118, 119, 133). [QCZ+21] B. Qin, H. Cui, X. Zheng, and D. Zheng, “Improved security model for public-key authenticated encryption with keyword search,” in ProvSec, 2021 (cit. pp. 19, 133). [Qu99] M. Qu, “SEC 2: Recommended elliptic curve domain parameters,” Certicom Res., Mississauga, ON, Canada, Tech. Rep. SEC2-Ver-0.6, 1999 (cit. p. 74). [Reg05] O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” in STOC, 2005 (cit. p. 118). [Reg09] ——, “On lattices, learning with errors, random linear codes, and cryptography,” J. ACM, vol. 56, no. 6, 34:1–34:40, 2009 (cit. p. 118). [Res18] E. Rescorla, “RFC 8446: The transport layer security (TLS) protocol version 1.3,” Internet Engineering Task Force (IETF), p. 25, 2018 (cit. pp. 4, 49). [RNS+17] M. Roetteler, M. Naehrig, K. M. Svore, and K. E. Lauter, “Quantum resource estimates for computing elliptic curve discrete logarithms,” in ASIACRYPT, 2017 (cit. p. 8). [RPL12] H. S. Rhee, J. H. Park, and D. H. Lee, “Generic construction of designated tester public-key encryption with keyword search,” Inf. Sci., vol. 205, pp. 93–109, 2012 (cit. p. 16). [RPS+09] H. S. Rhee, J. H. Park, W. Susilo, and D. H. Lee, “Improved searchable public key encryption with designated tester,” in ASIACCS, 2009 (cit. pp. 4, 16). [RPS+10] ——, “Trapdoor security in a searchable public-key encryption scheme with a designated tester,” J. Syst. Softw., vol. 83, no. 5, pp. 763–771, 2010 (cit. pp. 4, 16). [RSA78] R. L. Rivest, A. Shamir, and L. M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, vol. 21, no. 2, pp. 120–126, 1978 (cit. p. 2). [RSA83] ——, “A method for obtaining digital signatures and public-key cryptosystems (reprint),” Commun. ACM, vol. 26, no. 1, pp. 96–99, 1983 (cit. p. 2). [RSK09] H. S. Rhee, W. Susilo, and H.-J. Kim, “Secure searchable public key encryption scheme against keyword guessing attacks,” IEICE Electron. Express, vol. 6, no. 5, pp. 237–243, 2009 (cit. pp. 4, 16). [SBS+21] M. R. Senouci, I. Benkhaddra, A. Senouci, and F. Li, “An efficient and secure certificateless searchable encryption scheme against keyword guessing attacks,” J. Syst. Archit., vol. 119, p. 102 271, 2021 (cit. p. 6). [Sho94a] P. W. Shor, “Algorithms for quantum computation: Discrete logarithms and factoring,” in FOCS, 1994 (cit. pp. 7, 78). [Sho94b] ——, “Polynomial time algorithms for discrete logarithms and factoring on a quantum computer,” in ANTS, 1994 (cit. pp. 7, 78). [Sho99] ——, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM Rev., vol. 41, no. 2, pp. 303–332, 1999 (cit. pp. 7, 78). [SLC+21] Q. Song, Z. Liu, J. Cao, et al., “SAP-SSE: protecting search patterns and access patterns in searchable symmetric encryption,” IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 1795–1809, 2021 (cit. p. 3). [SPK+18] C. Stergiou, K. E. Psannis, B.-G. Kim, and B. B. Gupta, “Secure integration of IoT and cloud computing,” Future Gener. Comput. Syst., vol. 78, pp. 964–975, 2018 (cit. p. 2). [SS11] D. Stehle and R. Steinfeld, “Making NTRU as secure as worst-case problems over ideal lattices,” in EUROCRYPT, 2011 (cit. p. 25). [SS17] V. Saraswat and R. A. Sahu, “Short integrated PKE+PEKS in standard model,” in SPACE, 2017 (cit. p. 14). [SSS+19] V. Saraswat, R. A. Sahu, G. Sharma, V. Kuchta, and O. Markowitch, “Public-key encryption with integrated keyword search,” J. Hardw. Syst. Secur., vol. 3, no. 1, pp. 12–25, 2019 (cit. p. 14). [SWP00] D. X. Song, D. A. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in IEEE S&P, 2000 (cit. p. 3). [SYL+18] S. Sun, X. Yuan, J. K. Liu, et al., “Practical backward-secure searchable encryption from symmetric puncturable encryption,” in CCS, 2018 (cit. p. 3). [TC09] Q. Tang and L. Chen, “Public-key encryption with registered keyword search,” in EuroPKI, 2009 (cit. p. 17). [TJA10] H. Takabi, J. B. D. Joshi, and G.-J. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Secur. Priv., vol. 8, no. 6, pp. 24–31, 2010 (cit. p. 2). [TMC15] Q. Tang, H. Ma, and X. Chen, “Extend the concept of public key encryption with delegated search,” Comput. J., vol. 58, no. 4, pp. 724–734, 2015 (cit. p. 14). [Wat05] B. Waters, “Efficient identity-based encryption without random oracles,” in EUROCRYPT, 2005 (cit. p. 6). [WAW16] T. Wang, M. H. Au, and W. Wu, “An efficient secure channel free searchable encryption scheme with multiple keywords,” in NSS, 2016 (cit. p. 17). [WCX+21] P. Wang, B. Chen, T. Xiang, and Z. Wang, “Lattice-based public key searchable encryption with fine-grained access control for edge computing,” Future Gener. Comput. Syst., 2021 (cit. p. 21). [WCZ+18] L. Wu, B. Chen, S. Zeadally, and D. He, “An efficient and secure searchable public key encryption scheme with privacy protection for cloud storage,” Soft Comput., vol. 22, no. 23, pp. 7685–7696, 2018 (cit. pp. 5, 45, 98). [WMS+12] W. Wu, Y. Mu, W. Susilo, X. Huang, and L. Xu, “A provably secure construction of certificate-based encryption from certificateless encryption,” Comput. J., vol. 55, no. 10, pp. 1157–1168, 2012 (cit. p. 6). [WTT14] T.-Y. Wu, T.-T. Tsai, and Y.-M. Tseng, “Efficient searchable ID-based encryption with a designated server,” Ann. des Telecommunications, vol. 69, no. 7-8, pp. 391–402, 2014 (cit. p. 17). [WvLY+10] L. Wang, G. von Laszewski, A. J. Younge, et al., “Cloud computing: A perspective study,” New Gener. Comput., vol. 28, no. 2, pp. 137–146, 2010 (cit. p. 2). [WWR+12] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward secure and dependable storage services in cloud computing,” IEEE Trans. Serv. Comput., vol. 5, no. 2, pp. 220–232, 2012 (cit. p. 2). [WXL+20] P. Wang, T. Xiang, X. Li, and H. Xiang, “Public key encryption with conjunctive keyword search on lattice,” J. Inf. Secur. Appl., vol. 51, p. 102 433, 2020 (cit. p. 20). [WZ11] W. Wu and L. Zhang, “LBlock: A lightweight block cipher,” in ACNS, 2011 (cit. p. 2). [WZM+19] L. Wu, Y. Zhang, M. Ma, N. Kumar, and D. He, “Certificateless searchable public key authenticated encryption with designated tester for cloud-assisted medical Internet of things,” Ann. des Telecommunications, vol. 74, no. 7-8, pp. 423–434, 2019 (cit. pp. 5, 6, 20, 46, 98, 99, 102, 103). [XHW+18] P. Xu, S. He, W. Wang, W. Susilo, and H. Jin, “Lightweight searchable public-key encryption for cloud-assisted wireless sensor networks,” IEEE Trans. Ind. Informatics, vol. 14, no. 8, pp. 3712–3723, 2018 (cit. p. 15). [XJW+13] P. Xu, H. Jin, Q. Wu, and W. Wang, “Public-key encryption with fuzzy keyword search: A provably secure scheme under keyword guessing attack,” IEEE Trans. Computers, vol. 62, no. 11, pp. 2266–2277, 2013 (cit. p. 17). [XLC+19] L. Xu, J. Li, X. Chen, et al., “Tc-PEDCKS: Towards time controlled public key encryption with delegatable conjunctive keyword search for Internet of things,” J. Netw. Comput. Appl., vol. 128, pp. 11–20, 2019 (cit. p. 15). [XLZ+20] L. Xu, W. Li, F. Zhang, R. Cheng, and S. Tang, “Authorized keyword searches on public key encrypted data with time controlled keyword privacy,” IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 2096–2109, 2020 (cit. pp. 14, 15). [XYS+19] L. Xu, X. Yuan, R. Steinfeld, C. Wang, and C. Xu, “Multi-writer searchable encryption: An LWE-based realization and implementation,” in ASIACCS, 2019 (cit. p. 20). [YDG+21] Y. Yang, R. Deng, W. Guo, et al., “Dual traceable distributed attribute-based searchable encryption and ownership transfer,” IEEE Trans. Cloud Comput., 2021 (cit. p. 15). [YNY+14] Y. Yu, J. Ni, H. Yang, Y. Mu, and W. Susilo, “Efficient public key encryption with revocable keyword search,” Secur. Commun. Networks, vol. 7, no. 2, pp. 466–472, 2014 (cit. p. 14). [YPH+13] W.-C. Yau, R. C.-W. Phan, S.-H. Heng, and B.-M. Goi, “Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester,” Int. J. Comput. Math., vol. 90, no. 12, pp. 2581–2587, 2013 (cit. p. 16). [YSL+20] Y. Yu, J. Shi, H. Li, et al., “Key-policy attribute-based encryption with keyword search in virtualized environments,” IEEE J. Sel. Areas Commun., vol. 38, no. 6, pp. 1242–1251, 2020 (cit. p. 15). [Zha19] M. Zhandry, “How to record quantum queries, and applications to quantum indifferentiability,” in CRYPTO, 2019 (cit. p. 133). [ZI07] R. Zhang and H. Imai, “Generic combination of public key encryption with keyword search and public key encryption,” in CANS, 2007 (cit. p. 14). [ZL12] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,” Future Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, 2012 (cit. p. 2). [ZLW+21] K. Zhang, J. Long, X. Wang, et al., “Lightweight searchable encryption protocol for industrial Internet of things,” IEEE Trans. Ind. Informatics, vol. 17, no. 6, pp. 4248–4259, 2021 (cit. p. 15). [ZM16] J. Zhang and J. Mao, “Efficient public key encryption with revocable keyword search in cloud computing,” Clust. Comput., vol. 19, no. 3, pp. 1211–1217, 2016 (cit. p. 14). [ZQD+21] W. Zhang, B. Qin, X. Dong, and A. Tian, “Public-key encryption with bidirectional keyword search and its application to encrypted emails,” Comput. Stand. Interfaces, vol. 78, p. 103 542, 2021 (cit. p. 15). [ZSL+19] C. Zuo, S. Sun, J. K. Liu, J. Shao, and J. Pieprzyk, “Dynamic searchable symmetric encryption with forward and stronger backward privacy,” in ESORICS, 2019 (cit. p. 3). [ZTW+19] X. Zhang, Y. Tang, H. Wang, et al., “Lattice-based proxy-oriented identity-based encryption with keyword search for cloud storage,” Inf. Sci., vol. 494, pp. 193–207, 2019 (cit. pp. 106, 118–121, 125, 127–129). [ZWD+20] H.-S. Zhong, H. Wang, Y.-H. Deng, et al., “Quantum computational advantage using photons,” Science, vol. 370, no. 6523, pp. 1460–1463, 2020 (cit. p. 7). [ZXA14] Q. Zheng, S. Xu, and G. Ateniese, “VABKS: Verifiable attribute-based keyword search over outsourced encrypted data,” in INFOCOM, 2014 (cit. p. 15). [ZXN+19] Y. Zhang, C. Xu, J. Ni, H. Li, and X. S. Shen, “Blockchain-assisted public-key encryption with keyword search against keyword guessing attacks for cloud storage,” IEEE Trans. Cloud Comput., 2019 (cit. pp. 5, 45, 98). [ZXW+21] X. Zhang, C. Xu, H. Wang, Y. Zhang, and S. Wang, “FS-PEKS: Lattice-based forward secure public-key encryption with keyword search for cloud-assisted industrial Internet of things,” IEEE Trans. Dependable Secur. Comput., vol. 18, no. 3, pp. 1019–1032, 2021 (cit. pp. 20, 106, 118–122, 124, 128, 129). [ZZ11] B. Zhang and F. Zhang, “An efficient public key encryption with conjunctive-subset keywords search,” J. Netw. Comput. Appl., vol. 34, no. 1, pp. 262–267, 2011 (cit. p. 15). 描述 博士
國立政治大學
資訊科學系
108753501資料來源 http://thesis.lib.nccu.edu.tw/record/#G0108753501 資料類型 thesis dc.contributor.advisor 左瑞麟 zh_TW dc.contributor.advisor Tso, Ray-Lin en_US dc.contributor.author (Authors) 劉子源 zh_TW dc.contributor.author (Authors) Liu, Zi-Yuan en_US dc.creator (作者) 劉子源 zh_TW dc.creator (作者) Liu, Zi-Yuan en_US dc.date (日期) 2023 en_US dc.date.accessioned 1-Dec-2023 10:33:07 (UTC+8) - dc.date.available 1-Dec-2023 10:33:07 (UTC+8) - dc.date.issued (上傳時間) 1-Dec-2023 10:33:07 (UTC+8) - dc.identifier (Other Identifiers) G0108753501 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/148472 - dc.description (描述) 博士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系 zh_TW dc.description (描述) 108753501 zh_TW dc.description.abstract (摘要) 隨著雲端服務的應用不斷地發展,愈來愈多使用者能夠透過這些應用便利及彈性地使用其珍貴的數位資料。為了避免敏感資料外洩,資料擁有者需在上傳資料至雲端前將其進行加密。然而,經加密後的資料便喪失了被搜尋的功能。具關鍵字搜尋之公開金鑰加密提供了解決辦法,但現有的架構大多無法抵擋來自內部攻擊者的關鍵字猜測攻擊。其原因在於惡意內部者可以獲取資料接收者傳送的搜尋請求,他可以任意測試他所生成的可搜尋密文,以竊取與搜尋請求相關的關鍵字資訊。為了避免此安全問題,具關鍵字搜尋之公開金鑰認證加密被提出,在此架構中,搜尋請求只對於特定的資料擁有者所產生的可搜尋密文有其效用,避免內部攻擊者能自行產生可搜尋密文來進行攻擊。 本文深入探討具關鍵字搜尋之公開金鑰認證加密的兩個議題。首先,雖然許多具關鍵字搜尋之公開金鑰認證加密架構已經被提出,例如基於公鑰、身份、無憑證及憑證架構,但仍然無一架構能在安全、效率及便利上取得平衡。為了解決這個議題,本論文提出一新型框架——身分認證機構協助之基於身分之搜尋加密框架,與先前架構相比,此框架中的使用者可透過身分來代替需憑證認證之公鑰,以達到使用上的便利性,同時藉由身分認證機構協助,來避免基於身分架構常見之金鑰託管問題,此外,此框架更結合具關鍵字搜尋之公開金鑰認證加密的概念,以避免關鍵字猜測攻擊,以達到安全、效率及便利上之平衡。其次,由於現有架構之安全性皆基於離散對數難問題,並且Shor於1994年已提出一量子演算法能於多項式時間內破解離散對數難問題,因此,隨著量子電腦逐漸發展成熟,構造出能抵擋量子攻擊之具關鍵字搜尋之公開金鑰認證加密成為重要之議題。為了達到這個目標,本論文首先提出一需可信賴方協助之具關鍵字搜尋之公開金鑰認證加密之通用架構,透過可信賴方協助,使得資料擁有者及接收者能獲得一共享秘密,而資料接收者產生之搜尋要求只對擁有此共享秘密之資料擁有者有效用,以避免關鍵字猜測攻擊。在此通用架構的概念下,此論文進一步移除可信賴方協助之需求,提出一具關鍵字搜尋之公開金鑰認證加密之通用架構。透過此通用架構,此論文採用基於晶格之元件,提出第一個可抗量子攻擊之具關鍵字搜尋之公開金鑰認證加密。 zh_TW dc.description.abstract (摘要) As cloud service applications continue to develop, an increasing number of users are able to conveniently and flexibly utilize their valuable digital data through these applications. To prevent sensitive data leakage, the data sender must encrypt their data before uploading them to the cloud. However, after the data is encrypted, they cannot be searched. Public key encryption with keyword search (PEKS) provides a solution to this problem. However, most existing PEKS schemes are vulnerable to keyword guessing attacks (KGA) from internal adversaries. Because a malicious insider can obtain search requests sent by the data receiver, it can test any searchable ciphertext it has generated to steal keyword information related to search requests and encrypted data. To avoid this security loophole, public key authenticated encryption with keyword search (PAEKS) was proposed. Unlike PEKS, search requests in PAEKS are only valid for the searchable ciphertext generated by a specific data sender; therefore, PAEKS can prevent internal adversaries from adaptively generating searchable ciphertexts to attack. This dissertation provides an in-depth discussion of two issues related to PAEKS. First, although many PAEKS schemes have been proposed, such as public-key-based, identity-based, certificateless, and certificate-based schemes, no related scheme can balance between security, efficiency, and convenience. To solve this problem, this dissertation proposes a new framework: identity-certifying authority-aided identity-based searchable encryption. The proposed framework differs from others in that users can use their identity as a public key instead of using a public key that requires certificate authentication. In addition, with the help of an identity-certifying authority, this framework solves key escrow problems. Furthermore, this framework also incorporates the concept of PAEKS to prevent KGA from striking a good balance between security, efficiency, and convenience. Second, the security of current PAEKS schemes is based on the discrete logarithm problem. As demonstrated by Shor in 1994, a quantum algorithm can solve the discrete logarithm problem in polynomial time. The technology behind quantum computers has gradually matured; consequently, constructing a PAEKS scheme that can withstand quantum attacks has become an important goal. To achieve this, a generic trusted authority-aided PAEKS construction is proposed in this dissertation. In this construction, with the assistance of a trusted authority, the data sender and data receiver can obtain a shared secret, and the search request generated by the data receiver is only valid for the searchable ciphertext generated by the data sender; this prevents keyword guessing attacks. On the basis of this idea, a generic PAEKS construction without the need for a trusted authority is further proposed. Therefore, the first quantum-resistant PAEKS scheme can be instantiated through lattice-based building blocks. en_US dc.description.tableofcontents 1 Introduction 1 1.1 Background 1 1.2 Motivation 6 1.3 Research Questions 8 1.4 Contributions of this Dissertation 9 1.5 Organization of this Dissertation 10 2 Literature Review 13 2.1 Traditional PEKS Schemes 13 2.2 OKGA Secure PEKS-related Schemes 15 2.3 IKGA Secure PEKS-related Schemes 17 2.4 Quantum-resistant PEKS-related Schemes 20 3 Preliminaries 23 3.1 Background of Lattices 23 3.2 Symmetric Bilinear Groups 28 3.3 Digital Signature 29 3.4 Identity-independent Two-tier Identity-based Key Encapsulation Mechanism 30 3.5 Identity-based Encryption 32 3.6 Pseudorandom Generator 33 3.7 Labelled Public-key Encryption 34 3.8 Smooth Projective Hash Function 36 4 Public-key (Authenticated) Encryption with Keyword Search 39 4.1 Public-key Encryption with Keyword Search 39 4.2 Public-key Authenticated Encryption with Keyword Search 41 5 Identity-certifying Authority-aided Identity-based Searchable Encryption 45 5.1 Motivation and Contributions 45 5.2 System Definition 47 5.3 Security Requirements 51 5.4 Proposed Pairing-based Scheme 58 5.5 Security Proofs 61 5.6 Theoretical Comparison and Performance Evaluation 71 6 Quantum-resistant Trusted Authority-aided Public-key Authenticated Encryp- tion with Keyword Search 77 6.1 Motivation and Contributions 78 6.2 System Definition 79 6.3 Security Requirements 80 6.4 Proposed Generic Construction 83 6.5 Security Proofs 87 6.6 NTRU-based Instantiation 94 6.7 Theoretical Comparison and Performance Evaluation 98 7 Quantum-resistant Public-key Authenticated Encryption with Keyword Search 105 7.1 Motivation and Contributions 105 7.2 Proposed Generic Construction 107 7.3 Security Proofs 110 7.4 Lattice-based Instantiation 112 7.5 Theoretical Comparison and Performance Evaluation 118 7.6 Cryptanalysis of Previous Trapdoor Privacy Schemes 123 8 Conclusion and Future Works 131 8.1 Conclusion 131 8.2 FutureWorks 132 Bibliography 135 A Publications 157 zh_TW dc.format.extent 7991955 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0108753501 en_US dc.subject (關鍵詞) 新型框架 zh_TW dc.subject (關鍵詞) 抗量子密碼 zh_TW dc.subject (關鍵詞) 關鍵字搜尋 zh_TW dc.subject (關鍵詞) 基於身分加密 zh_TW dc.subject (關鍵詞) 通用架構 zh_TW dc.subject (關鍵詞) 公開金鑰認證加密 zh_TW dc.subject (關鍵詞) Novel frameworks en_US dc.subject (關鍵詞) Quantum-resistant cryptosystems en_US dc.subject (關鍵詞) Keyword search en_US dc.subject (關鍵詞) Identity-based encryption en_US dc.subject (關鍵詞) Generic construction en_US dc.subject (關鍵詞) Public-key authenticated encryption en_US dc.title (題名) 具關鍵字搜尋之公開金鑰認證加密:新型框架及抗量子實例化 zh_TW dc.title (題名) Public-key Authenticated Encryption with Keyword Search: Novel Frameworks and Quantum-resistant Instantiations en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [AAB+19] F. Arute, K. Arya, R. Babbush, et al., “Quantum supremacy using a programmable superconducting processor,” Nature, vol. 574, no. 7779, pp. 505–510, 2019 (cit. p. 7). [ABB10] S. Agrawal, D. Boneh, and X. Boyen, “Efficient lattice (H)IBE in the standard model,” in EUROCRYPT, 2010 (cit. pp. 25, 26, 117, 118). [ABC+05] M. Abdalla, M. Bellare, D. Catalano, et al., “Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions,” in CRYPTO, 2005 (cit. p. 13). [ABC+08] ——, “Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions,” J. Cryptol., vol. 21, no. 3, pp. 350–391, 2008 (cit. pp. 13, 83, 84). [ABN10] M. Abdalla, M. Bellare, and G. Neven, “Robust encryption,” in TCC, 2010 (cit. p. 14). [ABP15] M. Abdalla, F. Benhamouda, and D. Pointcheval, “Public-key encryption indistinguishable under plaintext-checkable attacks,” in PKC, 2015 (cit. p. 34). [ADM+20] M. H. Ameri, M. Delavar, J. Mohajeri, and M. Salmasizadeh, “A key-policy attribute-based temporary keyword search scheme for secure cloud storage,” IEEE Trans. Cloud Comput., vol. 8, no. 3, pp. 660–671, 2020 (cit. p. 15). [AFG+10] M. Armbrust, A. Fox, R. Griffith, et al., “A view of cloud computing,” Commun. ACM, vol. 53, no. 4, pp. 50–58, 2010 (cit. p. 2). [AFI06] N. Attrapadung, J. Furukawa, and H. Imai, “Forward-secure and searchable broadcast encryption with short ciphertexts and private keys,” in ASIACRYPT, 2006 (cit. p. 14). [AG10] N. Antonopoulos and L. Gillam, Cloud computing. Springer, 2010 (cit. p. 1). [AKM+18] H. Anada, A. Kanaoka, N. Matsuzaki, and Y. Watanabe, “Key-updatable public-key encryption with keyword search: Models and generic constructions,” in ACISP, 2018 (cit. p. 14). [AKM+20] ——, “Key-updatable public-key encryption with keyword search (Or: How to realize PEKS with efficient key updates for IoT environments),” Int. J. Inf. Sec., vol. 19, no. 1, pp. 15–38, 2020 (cit. p. 14). [AP03] S. S. Al-Riyami and K. G. Paterson, “Certificateless public key cryptography,” in ASIACRYPT, 2003 (cit. p. 6). [AP11] J. Alwen and C. Peikert, “Generating shorter bases for hard random lattices,” Theory Comput. Syst., vol. 48, no. 3, pp. 535–553, 2011 (cit. p. 24). [ASS21] G. Asharov, G. Segev, and I. Shahaf, “Tight tradeoffs in searchable symmetric encryption,” J. Cryptol., vol. 34, no. 2, p. 9, 2021 (cit. p. 3). [BB11] D. Boneh and X. Boyen, “Efficient selective identity-based encryption without random oracles,” J. Cryptol., vol. 24, no. 4, pp. 659–693, 2011 (cit. p. 6). [BBB+97] C. H. Bennett, E. Bernstein, G. Brassard, and U. V. Vazirani, “Strengths and weaknesses of quantum computing,” SIAM J. Comput., vol. 26, no. 5, pp. 1510–1523, 1997 (cit. p. 133). [BBD+18] F. Benhamouda, O. Blazy, L. Ducas, and W. Quach, “Hash proof systems over lattices revisited,” in PKC, 2018 (cit. p. 117). [BBM00] M. Bellare, A. Boldyreva, and S. Micali, “Public-key encryption in a multiuser setting: Security proofs and improvements,” in EUROCRYPT, 2000 (cit. p. 2). [BC18] O. Blazy and C. Chevalier, “Non-interactive key exchange from identity-based encryption,” in ARES, 2018 (cit. p. 94). [BCO+04] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in EUROCRYPT, 2004 (cit. pp. 3, 4, 13, 16, 39, 41, 42, 118, 119). [BCR19] E. Blum, M. Castillo-Martin, and M. Rosenberg. (2019). “Survey on the security of the quantum ROM,” [Online]. Available:https://mrosenberg.pub/assets/pdfs/qrom_survey.pdf (visited on Aug. 31, 2021) (cit. p. 133). [BDF+11] D. Boneh, O. Dagdelen, M. Fischlin, et al., “Random oracles in a quantum world,” in ASIACRYPT, 2011 (cit. p. 133). [BF01] D. Boneh and M. K. Franklin, “Identity-based encryption from the weil pairing,” in CRYPTO, 2001 (cit. p. 6). [BF03] ——, “Identity-based encryption from the weil pairing,” SIAM J. Comput., vol. 32, no. 3, pp. 586–615, 2003 (cit. p. 6). [BLS+15] F. Buccafurri, G. Lax, R. A. Sahu, and V. Saraswat, “Practical and secure integrated PKE+PEKS with keyword privacy,” in SECRYPT, 2015 (cit. p. 14). [BOY20] R. Behnia, M. O. Ozmen, and A. A. Yavuz, “Lattice-based public key searchable encryption from experimental perspectives,” IEEE Trans. Dependable Secur. Comput., vol. 17, no. 6, pp. 1269–1282, 2020 (cit. pp. 20, 26, 94, 106, 112, 118–120, 128, 129). [BR94] M. Bellare and P. Rogaway, “Optimal asymmetric encryption,” in EUROCRYPT, 1994 (cit. p. 2). [BRP+06] J. W. Byun, H. S. Rhee, H.-A. Park, and D. H. Lee, “Off-line keyword guessing attacks on recent keyword search schemes over encrypted data,” in SDM, 2006 (cit. pp. 4, 15, 42). [BSS05] J. Baek, R. Safavi-Naini, and W. Susilo, “Certificateless public key encryption without pairing,” in ISC, 2005 (cit. p. 6). [BSS06] ——, “On the integration of public key data encryption and public key encryption with keyword search,” in ISC, 2006 (cit. p. 14). [BSS08] ——,“Public key encryption with keyword search revisited,” in ICCSA, 2008 (cit. pp. 4, 16). [BW07] D. Boneh and B. Waters, “Conjunctive, subset, and range queries on encrypted data,” in TCC, 2007 (cit. p. 14). [CD20] P. Chaudhari and M. L. Das, “KeySea: Keyword-based search with receiver anonymity in attribute-based searchable encryption,” IEEE Trans. Serv. Comput., 2020 (cit. p. 15). [CD21] ——, “Privacy preserving searchable encryption with fine-grained access control,” IEEE Trans. Cloud Comput., vol. 9, no. 2, pp. 753–762, 2021 (cit. p. 15). [CDV+12] R. Canetti, D. Dachman-Soled, V. Vaikuntanathan, and H. Wee, “Efficient password authenticated key exchange via oblivious transfer,” in PKC, 2012 (cit. p. 36). [CGK+06] R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky, “Searchable symmetric encryption: Improved definitions and efficient constructions,” in CCS, 2006 (cit. p. 3). [Che15] Y.-C. Chen, “SPEKS: secure server-designation public key encryption with keyword search against keyword guessing attacks,” Comput. J., vol. 58, no. 4, pp. 922–933, 2015 (cit. p. 16). [Cho09] S. S. M. Chow, “Removing escrow from identity-based encryption,” in PKC, 2009 (cit. pp. 9, 46). [CKM11] M. Carroll, P. Kotze, and A.V. D. Merwe, “Secure cloud computing: Benefits, risks and controls,” in ISSA, 2011 (cit. p. 2). [CLC+19] L. Chen, W.-K. Lee, C.-C. Chang, K.-K. R. Choo, and N. Zhang, “Blockchain based searchable encryption for electronic health record sharing,” Future Gener. Comput. Syst., vol. 95, pp. 420–429, 2019 (cit. p. 15). [CLZ+21] J. Cui, J. Lu, H. Zhong, et al., “Parallel key-insulated multi-user searchable encryption for industrial Internet of things,” IEEE Trans. Ind. Informatics, 2021 (cit. p. 15). [CM21] L. Cheng and F. Meng, “Security analysis of Pan et al.’s “Public-key authenticated encryption with keyword search achieving both multi-ciphertext and multi-trapdoor indistinguishability”,” J. Syst. Archit., vol. 119, p. 102 248, 2021 (cit. p. 19). [CMS19] A. Chiesa, P. Manohar, and N. Spooner, “Succinct arguments in the quantum random oracle model,” in TCC, 2019 (cit. p. 133). [CMY+15] R. Chen, Y. Mu, G. Yang, F. Guo, and X. Wang, “A new general framework for secure public key encryption with keyword search,” in ACISP, 2015 (cit. pp. 5, 17, 18). [CMY+16a] ——, “Dual-server public-key encryption with keyword search for secure cloud storage,” IEEE Trans. Inf. Forensics Secur., vol. 11, no. 4, pp. 789–798, 2016 (cit. pp. 5, 17, 18). [CMY+16b] R. Chen, Y. Mu, G. Yang, et al., “Server-aided public key encryption with keyword search,” IEEE Trans. Inf. Forensics Secur., vol. 11, no. 12, pp. 2833–2842, 2016 (cit. pp. 5, 18). [CPP+18] J. G. Chamani, D. Papadopoulos, C. Papamanthou, and R. Jalili, “New constructions for forward and backward private symmetric searchable encryption,” in CCS, 2018 (cit. p. 3). [CS02] R. Cramer and V. Shoup, “Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption,” in EUROCRYPT, 2002 (cit. p. 36). [CS07] G. D. Crescenzo and V. Saraswat, “Public key encryption with searchable keywords based on Jacobi symbols,” in INDOCRYPT, 2007 (cit. p. 13). [CS98] R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,” in CRYPTO, 1998 (cit. p. 2). [CSA+21] S. Cui, X. Song, M. R. Asghar, S. D. Galbraith, and G. Russello, “Privacy-preserving dynamic symmetric searchable encryption with controllable leakage,” ACM Trans. Priv. Secur., vol. 24, no. 3, 18:1–18:35, 2021 (cit. p. 3). [CW21] P.-W. Chi and M.-H. Wang, “Deniable search of encrypted cloud-storage data,” J. Inf. Secur. Appl., vol. 58, p. 102 806, 2021 (cit. p. 15). [CWL+21] Z. Chen, A. Wu, Y. Li, Q. Xing, and S. Geng, “Blockchain-enabled public key encryption with multi-keyword search in cloud computing,” Secur. Commun. Networks, vol. 2021, 6619689:1–6619689:11, 2021 (cit. p. 15). [CWZ+19] B. Chen, L. Wu, S. Zeadally, and D. He, “Dual-server public-key authenticated encryption with keyword search,” IEEE Trans. Cloud Comput., 2019 (cit. pp. 5, 45, 47, 71–74, 98). [CZL+16] Y. Chen, J. Zhang, D. Lin, and Z. Zhang, “Generic constructions of integrated PKE and PEKS,” Des. Codes Cryptogr., vol. 78, no. 2, pp. 493–526, 2016 (cit. p. 14). [DCP+20] I. Demertzis, J. G. Chamani, D. Papadopoulos, and C. Papamanthou, “Dynamic searchable encryption with small client storage,” in NDSS, 2020 (cit. p. 3). [DGK+10] Y. Dodis, S. Goldwasser, Y. T. Kalai, C. Peikert, and V. Vaikuntanathan, “Public-key encryption schemes with auxiliary inputs,” in TCC, 2010 (cit. p. 2). [DHP+18] P.-A. Dupont, J. Hesse, D. Pointcheval, L. Reyzin, and S. Yakoubov, “Fuzzy password-authenticated key exchange,” in EUROCRYPT, 2018 (cit. p. 36). [DLL+20] L. Du, K. Li, Q. Liu, Z. Wu, and S. Zhang, “Dynamic multi-client searchable symmetric encryption with support for Boolean queries,” Inf. Sci., vol. 506, pp. 234–257, 2020 (cit. p. 3). [DLP14] L. Ducas, V. Lyubashevsky, and T. Prest, “Efficient identity-based encryption over NTRU lattices,” in ASIACRYPT, 2014 (cit. pp. 26–28, 78, 94, 99, 100). [DR01] J. Daemen and V. Rijmen, “Reijndael: The advanced encryption standard,” Dr. Dobb’s Journal: Software Tools for the Professional Programmer, vol. 26, no. 3, pp. 137–139, 2001 (cit. p. 2). [DWC10] T. S. Dillon, C. Wu, and E. Chang, “Cloud computing: Issues and challenges,” in AINA, 2010 (cit. p. 2). [EIO20] K. Emura, K. Ito, and T. Ohigashi, “Secure-channel free searchable encryption with multiple keywords: A generic construction, an instantiation, and its implementation,” J. Comput. Syst. Sci., vol. 114, pp. 107–125, 2020 (cit. p. 17). [EKW19] K. Emura, S. Katsumata, and Y. Watanabe, “Identity-based encryption with security against the KGC: A formal model and its instantiation from lattices,” in ESORICS, 2019 (cit. pp. 9, 47, 51). [EMO11] K. Emura, A. Miyaji, and K. Omote, “Adaptive secure-channel free public-key encryption with keyword search implies timed release encryption,” in ISC, 2011 (cit. p. 17). [EMR+15] K. Emura, A. Miyaji, M. S. Rahman, and K. Omote, “Generic constructions of secure-channel free searchable encryption with adaptive security,” Secur. Commun. Networks, vol. 8, no. 8, pp. 1547–1560, 2015 (cit. p. 17). [Emu17] K. Emura, “A generic construction of secure-channel free searchable encryption with multiple keywords,” in NSS, 2017 (cit. p. 17). [ER12] K. Emura and M. S. Rahman, “Constructing secure-channel free searchable encryption from anonymous IBE with partitioned ciphertext structure,” in SECRYPT, 2012 (cit. p. 17). [FE+10] B. Furht, A. Escalante, et al., Handbook of cloud computing. Springer, 2010, vol. 3 (cit. p. 1). [FP07] T. Fuhr and P. Paillier, “Decryptable searchable encryption,” in ProvSec, 2007 (cit. p. 14). [FR19] O. Farras and J. Ribes-Gonzalez, “Provably secure public-key encryption with conjunctive and subset keyword search,” Int. J. Inf. Sec., vol. 18, no. 5, pp. 533–548, 2019 (cit. p. 15). [FSG+09] L. Fang, W. Susilo, C. Ge, and J. Wang, “A secure channel free public key encryption with keyword search scheme without random oracle,” in CANS, 2009 (cit. p. 16). [FV16] A. Faonio and D. Venturi, “Efficient public-key cryptography with bounded leakage and tamper resilience,” in ASIACRYPT, 2016 (cit. p. 2). [Gaj16] S. Gajek, “Dynamic symmetric searchable encryption from constrained functional encryption,” in CT-RSA, 2016 (cit. p. 3). [GCJ+20] C. Guo, X. Chen, Y. Jie, et al., “Dynamic multi-phrase ranked search over encrypted data with symmetric searchable encryption,” IEEE Trans. Serv. Comput., vol. 13, no. 6, pp. 1034–1044, 2020 (cit. p. 3). [Gen03] C. Gentry, “Certificate-based encryption and the certificate revocation problem,” in EUROCRYPT, 2003 (cit. p. 6). [GGH97] O. Goldreich, S. Goldwasser, and S. Halevi, “Public-key cryptosystems from lattice reduction problems,” in CRYPTO, 1997 (cit. p. 2). [GK10] A. Groce and J. Katz, “A new framework for efficient password-based authenticated key exchange,” in CCS, 2010 (cit. p. 36). [GL03] R. Gennaro and Y. Lindell, “A framework for password-based authenticated key exchange,” in EUROCRYPT, 2003 (cit. p. 36). [GPV08] C. Gentry, C. Peikert, and V. Vaikuntanathan, “Trapdoors for hard lattices and new cryptographic constructions,” in STOC, 2008 (cit. pp. 24, 27). [GZP07] C. Gu, Y. Zhu, and H. Pan, “Efficient public key encryption with keyword search schemes from pairings,” in Inscrypt, 2007 (cit. p. 16). [Han20] W. A. Hanson, “The CORAL supercomputer systems,” IBM J. Res. Dev., vol. 64, no. 3/4, 1:1–1:10, 2020 (cit. p. 7). [Hay08] B. Hayes, “Cloud computing,” Commun. ACM, vol. 51, no. 7, pp. 9–11, 2008 (cit. p. 1). [HCZ+21] K. He, J. Chen, Q. Zhou, R. Du, and Y. Xiang, “Secure dynamic searchable symmetric encryption with constant client storage cost,” IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 1538–1549, 2021 (cit. p. 3). [HFP+18] G. Hatzivasilis, K. Fysarakis, I. Papaefstathiou, and C. Manifavas, “A review of lightweight block ciphers,” J. Cryptogr. Eng., vol. 8, no. 2, pp. 141–184, 2018 (cit. p. 2). [HHK17] D. Hofheinz, K. H.velmanns, and E. Kiltz, “A modular analysis of the Fujisaki-Okamoto transformation,” in TCC, 2017 (cit. p. 133). [HHP+03] J. Hoffstein, N. Howgrave-Graham, J. Pipher, J. H. Silverman, and W. Whyte, “NTRUSIGN: Digital signatures using the NTRU lattice,” in CT-RSA, 2003 (cit. p. 26). [HL07] Y. H. Hwang and P. J. Lee, “Public key encryption with conjunctive keyword search and its extension to a multi-user system,” in Pairing, 2007 (cit. pp. 14, 15). [HL17] Q. Huang and H. Li, “An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks,” Inf. Sci., vol. 403, pp. 1–14, 2017 (cit. pp. 5, 18, 19, 39, 41, 45, 99, 102, 103, 118, 119). [HMZ+18] D. He, M. Ma, S. Zeadally, N. Kumar, and K. Liang, “Certificateless public key authenticated encryption with keyword search for industrial Internet of things,” IEEE Trans. Ind. Informatics, vol. 14, no. 8, pp. 3618–3627, 2018 (cit. pp. 5, 6, 19, 20, 46, 47, 71–74, 98, 99, 102, 103). [HPS98] J. Hoffstein, J. Pipher, and J. H. Silverman, “NTRU: A ring-based public key cryptosystem,” in ANTS, 1998 (cit. pp. 2, 25). [HRS17] T. H.ner, M. Roetteler, and K. M. Svore, “Factoring using 2𝑛 + 2 qubits with toffoli based modular multiplication,” Quantum Inf. Comput., vol. 17, no. 7&8, pp. 673–684, 2017 (cit. p. 8). [HW08] D. Hofheinz and E. Weinreb, Searchable encryption with decryption in the standard model, IACR ePrint, 2008 (cit. p. 14). [HYY21] Q. Huang, G. Yan, and Y. Yang, “Privacy-preserving traceable attribute-based keyword search in multi-authority medical cloud,” IEEE Trans. Cloud Comput., 2021 (cit. p. 15). [IKA+16] S. Iqbal, M. L. M. Kiah, N. B. Anuar, et al., “Service delivery models of cloud computing: Security issues and open challenges,” Secur. Commun. Networks, vol. 9, no. 17, pp. 4726–4750, 2016 (cit. p. 2). [INH+11] L. Ibraimi, S. Nikova, P. H. Hartel, and W. Jonker, “Public-key encryption with delegated search,” in ACNS, 2011 (cit. p. 14). [JKH+09] I. R. Jeong, J. O. Kwon, D. Hong, and D. H. Lee, “Constructing PEKS schemes secure against keyword guessing attacks is possible?” Comput. Commun., vol. 32, no. 2, pp. 394–396, 2009 (cit. pp. 14, 16). [JKX18] S. Jarecki, H. Krawczyk, and J. Xu, “OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks,” in EUROCRYPT, 2018 (cit. p. 36). [JMG+16] P. Jiang, Y. Mu, F. Guo, and Q. Wen, “Public key encryption with authorized keyword search,” in ACISP, 2016 (cit. p. 14). [JN03] A. Joux and K. Nguyen, “Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups,” J. Cryptol., vol. 16, no. 4, pp. 239–247, 2003 (cit. p. 28). [KKK+13] A. N. Khan, M. L. M. Kiah, S. U. Khan, and S. A. Madani, “Towards secure mobile cloud computing: A survey,” Future Gener. Comput. Syst., vol. 29, no. 5, pp. 1278–1299, 2013 (cit. p. 2). [KL20] J. Katz and Y. Lindell, Introduction to Modern Cryptography, Third Edition. CRC Press, 2020 (cit. p. 34). [KLH+18] A. Kobusinska, C. K.-S. Leung, C.-H. Hsu, R. S., and V. Chang, “Emerging trends, issues and challenges in Internet of things, big data and cloud computing,” Future Gener. Comput. Syst., vol. 87, pp. 416–419, 2018 (cit. p. 2). [KM14] F. Kiefer and M. Manulis, “Distributed smooth projective hashing and its application to two-server password authenticated key exchange,” in ACNS, 2014 (cit. p. 37). [KP13] S. Kamara and C. Papamanthou, “Parallel and dynamic searchable symmetric encryption,” in FC, 2013 (cit. p. 3). [KPR12] S. Kamara, C. Papamanthou, and T. Roeder, “Dynamic searchable symmetric encryption,” in CCS, 2012 (cit. p. 3). [KV09] J. Katz and V. Vaikuntanathan, “Smooth projective hashing and password-based authenticated key exchange from lattices,” in ASIACRYPT, 2009 (cit. p. 36). [KV10] R. L. Krutz and R. D. Vines, Cloud security: A comprehensive guide to secure cloud computing. 2010 (cit. p. 2). [KV11] J. Katz and V. Vaikuntanathan, “Round-optimal password-based authenticated key exchange,” in TCC, 2011 (cit. p. 36). [KV13] ——,“Round-optimal password-based authenticated key exchange,” J. Cryptol., vol. 26, no. 4, pp. 714–743, 2013 (cit. p. 36). [LFK+14] H. Lasi, P. Fettke, H.-G. Kemper, T. Feld, and M. Hoffmann, “Industry 4.0,” Bus. Inf. Syst. Eng., vol. 6, no. 4, pp. 239–242, 2014 (cit. p. 2). [LHS+19] H. Li, Q. Huang, J. Shen, G. Yang, and W. Susilo, “Designated-server identity-based authenticated encryption with keyword search for encrypted emails,” Inf. Sci., vol. 481, pp. 330–343, 2019 (cit. pp. 5, 6, 19, 46, 47, 71–74, 98, 99, 102, 103). [LHS20] H. Li, Q. Huang, and W. Susilo, “A secure cloud data sharing protocol for enterprise supporting hierarchical keyword search,” IEEE Trans. Dependable Secur. Comput., 2020 (cit. p. 15). [LHW+21] J. Li, Y. Huang, Y. Wei, et al., “Searchable symmetric encryption with forward search privacy,” IEEE Trans. Dependable Secur. Comput., vol. 18, no. 1, pp. 460–474, 2021 (cit. p. 3). [LHY+21] X. Liu, K. He, G. Yang, et al., “Broadcast authenticated encryption with keyword search,” in ACISP, 2021 (cit. p. 20). [LL19] Y. Lu and J. Li, “Efficient searchable public key encryption against keyword guessing attacks for cloud-based EMR systems,” Clust. Comput., vol. 22, no. 1, pp. 285–299, 2019 (cit. pp. 5, 45, 98). [LL21] ——, “Lightweight public key authenticated encryption with keyword search against adaptively-chosen-targets adversaries for mobile devices,” IEEE Trans. on Mob. Comput., 2021 (cit. pp. 5, 19, 45, 98, 133). [LLW21] Y. Lu, J. Li, and F. Wang, “Pairing-free certificate-based searchable encryption supporting privacy-preserving keyword search function for IIoTs,” IEEE Trans. Ind. Informatics, vol. 17, no. 4, pp. 2696–2706, 2021 (cit. pp. 5, 6, 20, 46, 47, 71–74, 98). [LLY+19] X. Liu, H. Li, G. Yang, et al., “Towards enhanced security for certificateless public-key authenticated encryption with keyword search,” in ProvSec, 2019 (cit. pp. 5, 6, 19, 46, 98, 99, 102, 103). [LLZ19] Y. Lu, J. Li, and Y. Zhang, “Secure channel free certificate-based searchable encryption withstanding outside and inside keyword guessing attacks,” IEEE Trans. Serv. Comput., 2019 (cit. pp. 5, 6, 20, 46, 47, 71–74, 98). [LLZ20] Y. Lu, J. Li, and Y. Zhang, “Privacy-preserving and pairing-free multirecipient certificateless encryption with keyword search for cloud-assisted IIoT,” IEEE Internet Things J., vol. 7, no. 4, pp. 2553–2562, 2020 (cit. pp. 5, 6, 46, 98). [LP11] F. Lombardi and R. D. Pietro, “Secure virtualization for cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1113–1122, 2011 (cit. p. 2). [LPQ12] B. Libert, K. G. Paterson, and E. A. Quaglia, “Anonymous broadcast encryption: Adaptive security and efficient constructions in the standard model,” in PKC, 2012 (cit. p. 2). [LPR10] V. Lyubashevsky, C. Peikert, and O. Regev, “On ideal lattices and learning with errors over rings,” in EUROCRYPT, 2010 (cit. p. 25). [LPR13] ——, “On ideal lattices and learning with errors over rings,” J. ACM, vol. 60, no. 6, 43:1–43:35, 2013 (cit. p. 25). [LQ06] B. Libert and J.-J. Quisquater, “On constructing certificateless cryptosystems from identity based encryption,” in PKC, 2006 (cit. p. 6). [LSQ+18] X. J. Lin, L. Sun, H. Qu, and D. Liu, “On the security of secure server-designation public key encryption with keyword search,” Comput. J., vol. 61, no. 12, pp. 1791–1793, 2018 (cit. p. 16). [LTM+11] F. Liu, J. Tong, J. Mao, et al., “NIST cloud computing reference architecture,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep. NIST Special Publication (SP) 500-292, 2011 (cit. p. 1). [LTT+22a] Z.-Y. Liu, Y.-F. Tseng, R. Tso, Y.-C. Chen, and M. Mambo, “Identity-certifying authority-aided identity-based searchable encryption framework in cloud systems,” IEEE Syst. J., vol. 16, no. 3, pp. 4629–4640, 2022 (cit. p. 11). [LTT+22b] Z.-Y. Liu, Y.-F. Tseng, R. Tso, M. Mambo, and Y.-C. Chen, “Public-key authenticated encryption with keyword search: A generic construction and its quantum-resistant instantiation,” Comput. J., vol. 65, no. 10, pp. 2828–2844, 2022 (cit. p. 11). [LTT+22c] ——,“Public-key authenticated encryption with keyword search: Cryptanalysis, enhanced security, and quantum-resistant instantiation,” in ASIACCS, 2022 (cit. p. 11). [LW19] Z. Li and D. Wang, “Achieving one-round password-based authenticated key exchange over lattices,” IEEE Trans. Serv. Comput., 2019 (cit. pp. 106, 112, 116, 118). [LWL19] Y. Lu, G. Wang, and J. Li, “Keyword guessing attacks on a public key encryption with keyword search scheme without random oracle and its improvement,” Inf. Sci., vol. 479, pp. 270–276, 2019 (cit. pp. 5, 45, 98). [LWQ+21] H. Li, T. Wang, Z. Qiao, et al., “Blockchain-based searchable encryption with efficient result verification and fair payment,” J. Inf. Secur. Appl., vol. 58, p. 102 791, 2021 (cit. p. 15). [LYD+20] H. Li, Y. Yang, Y. Dai, S. Yu, and Y. Xiang, “Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data,” IEEE Trans. Cloud Comput., vol. 8, no. 2, pp. 484–494, 2020 (cit. p. 3). [Lyn07] B. Lynn, “On the implementation of pairing-based cryptosystems,” https://crypto.stanford.edu/pbc/, Ph.D. dissertation, Stanford University, 2007 (cit. p. 100). [LZ08] J. K. Liu and J. Zhou, “Efficient certificate-based encryption in the standard model,” in SCN, 2008 (cit. p. 6). [Mer20] Merriam-Webster Incorporated, Merriam-Webster’s collegiate dictionary, 11th. Merriam-Webster Incorporated, 2020 (cit. p. 4). [MFF20] M. Ma, S. Fan, and D. Feng, “Multi-user certificateless public key encryption with conjunctive keyword search for cloud-based telemedicine,” J. Inf. Secur. Appl., vol. 55, p. 102 652, 2020 (cit. p. 15). [MG11] P. Mell and T. Grance, “The NIST definition of cloud computing,” National Institute of Standards and Technology, Gaithersburg, MD, Tech. Rep. NIST Special Publication (SP) 800-140, 2011 (cit. p. 1). [MH20] S. Ma and Q. Huang, “A new framework of IND-CCA secure public key encryption with keyword search,” Comput. J., vol. 63, no. 12, pp. 1849–1858, 2020 (cit. p. 14). [MHK+18] M. Ma, D. He, N. Kumar, K.-K. R. Choo, and J. Chen, “Certificateless searchable public key encryption scheme for industrial Internet of things,” IEEE Trans. Ind. Informatics, vol. 14, no. 2, pp. 759–767, 2018 (cit. p. 17). [MLB+11] S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi, “Cloud computing - The business perspective,” Decis. Support Syst., vol. 51, no. 1, pp. 176–189, 2011 (cit. p. 1). [MLC20] A. Masood, D. S. Lakew, and S. Cho, “Security and privacy challenges in connected vehicular cloud computing,” IEEE Commun. Surv. Tutorials, vol. 22, no. 4, pp. 2725–2764, 2020 (cit. p. 2). [MMS+18] S. Ma, Y. Mu, W. Susilo, and B. Yang, “Witness-based searchable encryption,” Inf. Sci., vol. 453, pp. 364–378, 2018 (cit. p. 18). [MP12] D. Micciancio and C. Peikert, “Trapdoors for lattices: Simpler, tighter, faster, smaller,” in EUROCRYPT, 2012 (cit. pp. 24, 112, 113, 117, 118). [MS13] T. Moataz and A. Shikfa, “Boolean symmetric searchable encryption,” in ASIACCS, 2013 (cit. p. 3). [NE19] M. Noroozi and Z. Eslami, “Public key authenticated encryption with keyword search: Revisited,” IET Inf. Secur., vol. 13, no. 4, pp. 336–342, 2019 (cit. pp. 5, 19, 45, 81, 98, 99, 102, 103, 133). [NE20] ——, “Public-key encryption with keyword search: A generic construction secure against online and offline keyword guessing attacks,” J. Ambient Intell. Humaniz. Comput., vol. 11, no. 2, pp. 879–890, 2020 (cit. p. 16). [NMO06] W. Nagao, Y. Manabe, and T. Okamoto, “A universally composable secure channel based on the KEM-DEM framework,” IEICE Trans. Fundam. Electron. Commun. Comput. Sci., vol. 89-A, no. 1, pp. 28–38, 2006 (cit. p. 4). [NT21] S. K. Nayak and S. Tripathy, “SEPS: Efficient public-key based secure search over outsourced data,” J. Inf. Secur. Appl., vol. 61, p. 102 932, 2021 (cit. p. 15). [OK21] S. Oya and F. Kerschbaum, “Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption,” in USENIX Security, 2021 (cit. p. 3). [OOM+16] M. O’Neill, E. O’Sullivan, G. McWilliams, et al., “Secure architectures of future emerging cryptography SAFEcrypto,” in CF, 2016 (cit. p. 100). [OP92] T. Okamoto and D. Pointcheval, “The Gap-Problems: A new class of problems for the security of cryptographic schemes,” in PKC, 1992 (cit. p. 28). [PGM+19] E. Pednault, J. Gunnels, D. Maslov, and J. Gambetta. (2019). “On “quantum supremacy”,” [Online]. Available: https://www.ibm.com/blogs/research/2019/10/on-quantum-supremacy/ (visited on Aug. 30, 2021) (cit. p. 7). [PKL04] D. J. Park, K. Kim, and P. J. Lee, “Public key encryption with conjunctive field keyword search,” in WISA, 2004 (cit. p. 14). [PL21] X. Pan and F. Li, “Public-key authenticated encryption with keyword search achieving both multi-ciphertext and multi-trapdoor indistinguishability,” J. Syst. Archit., vol. 115, p. 102 075, 2021 (cit. pp. 5, 19, 45, 98). [PM21] S. Patranabis and D. Mukhopadhyay, “Forward and backward private conjunctive searchable symmetric encryption,” in NDSS, 2021 (cit. p. 3). [PSE20] N. Pakniat, D. Shiraly, and Z. Eslami, “Certificateless authenticated encryption with keyword search: Enhanced security model and a concrete construction for industrial IoT,” J. Inf. Secur. Appl., vol. 53, p. 102 525, 2020 (cit. pp. 5, 6, 20, 45–47, 71–74, 98, 99, 102, 103). [QCA+20] G. A. Quantum, Collaborators, F. Arute, et al., “Hartree-Fock on a superconducting qubit quantum computer,” Science, vol. 369, no. 6507, pp. 1084–1089, 2020 (cit. p. 7). [QCH+20] B. Qin, Y. Chen, Q. Huang, X. Liu, and D. Zheng, “Public-key authenticated encryption with keyword search revisited: Security model and constructions,” Inf. Sci., vol. 516, pp. 515–528, 2020 (cit. pp. 5, 19, 39, 45, 47, 51, 52, 71–74, 98, 99, 102, 103, 118, 119, 133). [QCZ+21] B. Qin, H. Cui, X. Zheng, and D. Zheng, “Improved security model for public-key authenticated encryption with keyword search,” in ProvSec, 2021 (cit. pp. 19, 133). [Qu99] M. Qu, “SEC 2: Recommended elliptic curve domain parameters,” Certicom Res., Mississauga, ON, Canada, Tech. Rep. SEC2-Ver-0.6, 1999 (cit. p. 74). [Reg05] O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” in STOC, 2005 (cit. p. 118). [Reg09] ——, “On lattices, learning with errors, random linear codes, and cryptography,” J. ACM, vol. 56, no. 6, 34:1–34:40, 2009 (cit. p. 118). [Res18] E. Rescorla, “RFC 8446: The transport layer security (TLS) protocol version 1.3,” Internet Engineering Task Force (IETF), p. 25, 2018 (cit. pp. 4, 49). [RNS+17] M. Roetteler, M. Naehrig, K. M. Svore, and K. E. Lauter, “Quantum resource estimates for computing elliptic curve discrete logarithms,” in ASIACRYPT, 2017 (cit. p. 8). [RPL12] H. S. Rhee, J. H. Park, and D. H. Lee, “Generic construction of designated tester public-key encryption with keyword search,” Inf. Sci., vol. 205, pp. 93–109, 2012 (cit. p. 16). [RPS+09] H. S. Rhee, J. H. Park, W. Susilo, and D. H. Lee, “Improved searchable public key encryption with designated tester,” in ASIACCS, 2009 (cit. pp. 4, 16). [RPS+10] ——, “Trapdoor security in a searchable public-key encryption scheme with a designated tester,” J. Syst. Softw., vol. 83, no. 5, pp. 763–771, 2010 (cit. pp. 4, 16). [RSA78] R. L. Rivest, A. Shamir, and L. M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, vol. 21, no. 2, pp. 120–126, 1978 (cit. p. 2). [RSA83] ——, “A method for obtaining digital signatures and public-key cryptosystems (reprint),” Commun. ACM, vol. 26, no. 1, pp. 96–99, 1983 (cit. p. 2). [RSK09] H. S. Rhee, W. Susilo, and H.-J. Kim, “Secure searchable public key encryption scheme against keyword guessing attacks,” IEICE Electron. Express, vol. 6, no. 5, pp. 237–243, 2009 (cit. pp. 4, 16). [SBS+21] M. R. Senouci, I. Benkhaddra, A. Senouci, and F. Li, “An efficient and secure certificateless searchable encryption scheme against keyword guessing attacks,” J. Syst. Archit., vol. 119, p. 102 271, 2021 (cit. p. 6). [Sho94a] P. W. Shor, “Algorithms for quantum computation: Discrete logarithms and factoring,” in FOCS, 1994 (cit. pp. 7, 78). [Sho94b] ——, “Polynomial time algorithms for discrete logarithms and factoring on a quantum computer,” in ANTS, 1994 (cit. pp. 7, 78). [Sho99] ——, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM Rev., vol. 41, no. 2, pp. 303–332, 1999 (cit. pp. 7, 78). [SLC+21] Q. Song, Z. Liu, J. Cao, et al., “SAP-SSE: protecting search patterns and access patterns in searchable symmetric encryption,” IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 1795–1809, 2021 (cit. p. 3). [SPK+18] C. Stergiou, K. E. Psannis, B.-G. Kim, and B. B. Gupta, “Secure integration of IoT and cloud computing,” Future Gener. Comput. Syst., vol. 78, pp. 964–975, 2018 (cit. p. 2). [SS11] D. Stehle and R. Steinfeld, “Making NTRU as secure as worst-case problems over ideal lattices,” in EUROCRYPT, 2011 (cit. p. 25). [SS17] V. Saraswat and R. A. Sahu, “Short integrated PKE+PEKS in standard model,” in SPACE, 2017 (cit. p. 14). [SSS+19] V. Saraswat, R. A. Sahu, G. Sharma, V. Kuchta, and O. Markowitch, “Public-key encryption with integrated keyword search,” J. Hardw. Syst. Secur., vol. 3, no. 1, pp. 12–25, 2019 (cit. p. 14). [SWP00] D. X. Song, D. A. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in IEEE S&P, 2000 (cit. p. 3). [SYL+18] S. Sun, X. Yuan, J. K. Liu, et al., “Practical backward-secure searchable encryption from symmetric puncturable encryption,” in CCS, 2018 (cit. p. 3). [TC09] Q. Tang and L. Chen, “Public-key encryption with registered keyword search,” in EuroPKI, 2009 (cit. p. 17). [TJA10] H. Takabi, J. B. D. Joshi, and G.-J. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Secur. Priv., vol. 8, no. 6, pp. 24–31, 2010 (cit. p. 2). [TMC15] Q. Tang, H. Ma, and X. Chen, “Extend the concept of public key encryption with delegated search,” Comput. J., vol. 58, no. 4, pp. 724–734, 2015 (cit. p. 14). [Wat05] B. Waters, “Efficient identity-based encryption without random oracles,” in EUROCRYPT, 2005 (cit. p. 6). [WAW16] T. Wang, M. H. Au, and W. Wu, “An efficient secure channel free searchable encryption scheme with multiple keywords,” in NSS, 2016 (cit. p. 17). [WCX+21] P. Wang, B. Chen, T. Xiang, and Z. Wang, “Lattice-based public key searchable encryption with fine-grained access control for edge computing,” Future Gener. Comput. Syst., 2021 (cit. p. 21). [WCZ+18] L. Wu, B. Chen, S. Zeadally, and D. He, “An efficient and secure searchable public key encryption scheme with privacy protection for cloud storage,” Soft Comput., vol. 22, no. 23, pp. 7685–7696, 2018 (cit. pp. 5, 45, 98). [WMS+12] W. Wu, Y. Mu, W. Susilo, X. Huang, and L. Xu, “A provably secure construction of certificate-based encryption from certificateless encryption,” Comput. J., vol. 55, no. 10, pp. 1157–1168, 2012 (cit. p. 6). [WTT14] T.-Y. Wu, T.-T. Tsai, and Y.-M. Tseng, “Efficient searchable ID-based encryption with a designated server,” Ann. des Telecommunications, vol. 69, no. 7-8, pp. 391–402, 2014 (cit. p. 17). [WvLY+10] L. Wang, G. von Laszewski, A. J. Younge, et al., “Cloud computing: A perspective study,” New Gener. Comput., vol. 28, no. 2, pp. 137–146, 2010 (cit. p. 2). [WWR+12] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward secure and dependable storage services in cloud computing,” IEEE Trans. Serv. Comput., vol. 5, no. 2, pp. 220–232, 2012 (cit. p. 2). [WXL+20] P. Wang, T. Xiang, X. Li, and H. Xiang, “Public key encryption with conjunctive keyword search on lattice,” J. Inf. Secur. Appl., vol. 51, p. 102 433, 2020 (cit. p. 20). [WZ11] W. Wu and L. Zhang, “LBlock: A lightweight block cipher,” in ACNS, 2011 (cit. p. 2). [WZM+19] L. Wu, Y. Zhang, M. Ma, N. Kumar, and D. He, “Certificateless searchable public key authenticated encryption with designated tester for cloud-assisted medical Internet of things,” Ann. des Telecommunications, vol. 74, no. 7-8, pp. 423–434, 2019 (cit. pp. 5, 6, 20, 46, 98, 99, 102, 103). [XHW+18] P. Xu, S. He, W. Wang, W. Susilo, and H. Jin, “Lightweight searchable public-key encryption for cloud-assisted wireless sensor networks,” IEEE Trans. Ind. Informatics, vol. 14, no. 8, pp. 3712–3723, 2018 (cit. p. 15). [XJW+13] P. Xu, H. Jin, Q. Wu, and W. Wang, “Public-key encryption with fuzzy keyword search: A provably secure scheme under keyword guessing attack,” IEEE Trans. Computers, vol. 62, no. 11, pp. 2266–2277, 2013 (cit. p. 17). [XLC+19] L. Xu, J. Li, X. Chen, et al., “Tc-PEDCKS: Towards time controlled public key encryption with delegatable conjunctive keyword search for Internet of things,” J. Netw. Comput. Appl., vol. 128, pp. 11–20, 2019 (cit. p. 15). [XLZ+20] L. Xu, W. Li, F. Zhang, R. Cheng, and S. Tang, “Authorized keyword searches on public key encrypted data with time controlled keyword privacy,” IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 2096–2109, 2020 (cit. pp. 14, 15). [XYS+19] L. Xu, X. Yuan, R. Steinfeld, C. Wang, and C. Xu, “Multi-writer searchable encryption: An LWE-based realization and implementation,” in ASIACCS, 2019 (cit. p. 20). [YDG+21] Y. Yang, R. Deng, W. Guo, et al., “Dual traceable distributed attribute-based searchable encryption and ownership transfer,” IEEE Trans. Cloud Comput., 2021 (cit. p. 15). [YNY+14] Y. Yu, J. Ni, H. Yang, Y. Mu, and W. Susilo, “Efficient public key encryption with revocable keyword search,” Secur. Commun. Networks, vol. 7, no. 2, pp. 466–472, 2014 (cit. p. 14). [YPH+13] W.-C. Yau, R. C.-W. Phan, S.-H. Heng, and B.-M. Goi, “Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester,” Int. J. Comput. Math., vol. 90, no. 12, pp. 2581–2587, 2013 (cit. p. 16). [YSL+20] Y. Yu, J. Shi, H. Li, et al., “Key-policy attribute-based encryption with keyword search in virtualized environments,” IEEE J. Sel. Areas Commun., vol. 38, no. 6, pp. 1242–1251, 2020 (cit. p. 15). [Zha19] M. Zhandry, “How to record quantum queries, and applications to quantum indifferentiability,” in CRYPTO, 2019 (cit. p. 133). [ZI07] R. Zhang and H. Imai, “Generic combination of public key encryption with keyword search and public key encryption,” in CANS, 2007 (cit. p. 14). [ZL12] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,” Future Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, 2012 (cit. p. 2). [ZLW+21] K. Zhang, J. Long, X. Wang, et al., “Lightweight searchable encryption protocol for industrial Internet of things,” IEEE Trans. Ind. Informatics, vol. 17, no. 6, pp. 4248–4259, 2021 (cit. p. 15). [ZM16] J. Zhang and J. Mao, “Efficient public key encryption with revocable keyword search in cloud computing,” Clust. Comput., vol. 19, no. 3, pp. 1211–1217, 2016 (cit. p. 14). [ZQD+21] W. Zhang, B. Qin, X. Dong, and A. Tian, “Public-key encryption with bidirectional keyword search and its application to encrypted emails,” Comput. Stand. Interfaces, vol. 78, p. 103 542, 2021 (cit. p. 15). [ZSL+19] C. Zuo, S. Sun, J. K. Liu, J. Shao, and J. Pieprzyk, “Dynamic searchable symmetric encryption with forward and stronger backward privacy,” in ESORICS, 2019 (cit. p. 3). [ZTW+19] X. Zhang, Y. Tang, H. Wang, et al., “Lattice-based proxy-oriented identity-based encryption with keyword search for cloud storage,” Inf. Sci., vol. 494, pp. 193–207, 2019 (cit. pp. 106, 118–121, 125, 127–129). [ZWD+20] H.-S. Zhong, H. Wang, Y.-H. Deng, et al., “Quantum computational advantage using photons,” Science, vol. 370, no. 6523, pp. 1460–1463, 2020 (cit. p. 7). [ZXA14] Q. Zheng, S. Xu, and G. Ateniese, “VABKS: Verifiable attribute-based keyword search over outsourced encrypted data,” in INFOCOM, 2014 (cit. p. 15). [ZXN+19] Y. Zhang, C. Xu, J. Ni, H. Li, and X. S. Shen, “Blockchain-assisted public-key encryption with keyword search against keyword guessing attacks for cloud storage,” IEEE Trans. Cloud Comput., 2019 (cit. pp. 5, 45, 98). [ZXW+21] X. Zhang, C. Xu, H. Wang, Y. Zhang, and S. Wang, “FS-PEKS: Lattice-based forward secure public-key encryption with keyword search for cloud-assisted industrial Internet of things,” IEEE Trans. Dependable Secur. Comput., vol. 18, no. 3, pp. 1019–1032, 2021 (cit. pp. 20, 106, 118–122, 124, 128, 129). [ZZ11] B. Zhang and F. Zhang, “An efficient public key encryption with conjunctive-subset keywords search,” J. Netw. Comput. Appl., vol. 34, no. 1, pp. 262–267, 2011 (cit. p. 15). zh_TW