# Searching on Encrypted E-Data Using Random Searchable Encryption (RanSCrypt) Scheme

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

- We detect the core reason behind keyword guessing attacks and statistical attacks and list the necessary requirements of searchable encryption in a data sharing scenario so that it bypasses the keyword guessing attacks and prevents statistical information leakage.
- We present a searchable encryption called random searchable encryption (RanSCrypt) using randomized algorithms for both PEKS ciphertext and trapdoors. To confuse the attacker, even if he gets the result of a search, we introduce a false positive result in RanSCrypt.
- Finally, we introduce a new type of attack on SE called the Keyword Luring Attack (KLA) and show that RanSCrypt is free from KLA while many other PEKS schemes are susceptible to it.

## 2. Related Work

## 3. Necessary Requirements of RanSCrypt

- KeyGen(λ) → K: The KeyGen algorithm takes security parameter λ as input and generates the public/private key pair (PK, SK) for the receiver based on difficulty/complexity level proportional to parameter λ.
- PEKS(PublicKey PK, Keyword w) → PEKS ciphertext: The PEKS algorithm takes the public key PK of the receiver along with an extracted keyword w as inputs and generates the PEKS ciphertext (or PEKS in short) of w. This algorithm runs on the sender side.
- Trapdoor(PrivateKey SK, Keyword w) → ${\mathrm{Trapdoor}}_{w}$: The trapdoor algorithm takes the private key of the receiver and query keyword w as inputs and returns the trapdoor of w, ${\mathrm{Trapdoor}}_{w}$. The receiver runs this algorithm.
- Test(${\mathrm{Trapdoor}}_{w}$, PEKS) → [0,1]: The test algorithm takes a trapdoor and a PEKS as inputs and returns 1 if the keyword residing in ${\mathrm{Trapdoor}}_{w}$ and that of PEKS are similar, or 0 otherwise. This algorithm runs on the server side.

- Index Keyword Indistinguishability: PEKS generates ciphertext using the following algorithm: PEKS(public_key, keyword).

- 2.
- Trapdoor Indistinguishability: A trapdoor, along with its result, will expose the search pattern [13]. In order to counteract an attacker, the trapdoor should be randomized and should not be linkable (i.e., it needs to be irreversible) to its originating keyword. Similar to index keywords, the trapdoor also needs to be indistinguishable, irreversible, and support the search facility.
- 3.
- Result Perplexity: RanSCrypt provides the server with noisy search results wherein the results contain an erroneous result along with the accurate result. While the receiver searches with a trapdoor of a keyword, documents (or emails) containing that keyword should be accompanied by some documents not containing the keyword. That means that the result should include some false positive results. The receiver can amend the result by decrypting the documents so it will not affect the final result of a query. This will cost extra communication and computation overhead. Noise in the result is necessary to thwart the revealing of an access pattern [13].

## 4. RanSCrypt: Random Searchable enCryption

- Setup(Parameter λ): This algorithm takes a security parameter λ and generates a public/private key pair for the receiver ($Publi{c}_{RECEIVER}$, $Privat{e}_{RECEIVER}$), base number b of the receiver, two large primes p, q to generate the modulus n = p * q, a secret key k, and a hash key ${k}_{H}$. All of these parameters are chosen based on the complexity level defined by the input parameter λ.
- OPAC($Publi{c}_{RECEIVER}$, keyword): One Plaintext Assorted Ciphertexts (OPAC) is a randomized algorithm in an asymmetric key setting that returns different ciphertexts in different runs for the same plaintext. OPAC introduces opacity in the extracted keyword while the sender sends an email to a receiver but provides the receiver a way to retrieve the exact keyword. The OPAC algorithm takes the receiver’s public key and a keyword as input and returns indistinguishable OPAC ciphertext. To generate an OPAC of a keyword, the algorithm encrypts the keyword prepending a fixed-length random string with it. Thus, different ciphertexts result for different runs with the same keyword. To retrieve the original keyword, we decrypt the OPAC ciphertext and then remove the (prepended) fixed-length random string from it.

- $OPAC{1}_{SECURE}$ = $Encryp{t}_{PublicKey}$(“wpOuFrvb87hn” || “secure”),
- $OPAC{2}_{SECURE}$ = $Encryp{t}_{PublicKey}$(“xc5mb9rhpZBi” || “secure”).

- $Decryp{t}_{PrivateKey}$ ($OPAC{1}_{SECURE}$) = “wpOuFrvb87hn” || “secure”,
- Remove_First_12_Characters (“wpOuFrvb87hn” || “secure”) = “secure”.

- 3.
- REST(keyword w): REST stands for Randomly Encrypted and Searchable Text. It is a randomized algorithm that allows the user to transform a keyword randomly but provides a way to match with a trapdoor of the same keyword. REST makes it difficult to revert back to the original keyword. To construct REST for a keyword w,
- Generate a random number R.
- Compute hash digest of the keyword w (i.e., ${d}_{w}$ = $Has{h}_{{k}_{H}}$(w)).
- Multiply the random number (R) and a secret key (k) with the square of the hash digest of w (i.e., ${d}_{w}{}^{2}k$R).
- Raise the power of base number b to the multiplication of ${d}_{w}$, secret key (k), and the random number R (i.e., ${b}^{{d}_{w}kR}$).
- All computations are conducted as operations modulo n.
- The REST of the keyword w is [${d}_{w}{}^{2}k$R, ${b}^{{d}_{w}R}$].

- 4.
- Trapdoor(keyword w): The trapdoor algorithm takes a keyword and generates a randomized trapdoor. The trapdoor algorithm is similar to the REST of a keyword but with a slight difference in construction. Like REST, Trapdoor is also a randomized algorithm that hides its original keyword while supporting finding similarity with a REST of the same keyword. To generate a trapdoor, we use the same base number b as in REST. Trapdoor construction of a keyword w is as follows:
- Generate a random number R.
- Compute hash digest of the keyword w (i.e., ${d}_{w}$ = $Has{h}_{{k}_{H}}$(w)).
- Multiply the random number (R), secret key (k) and the hash digest of keyword w (i.e., ${d}_{w}$kR).
- Raise the power of b to the random number R (i.e., ${b}^{R}$).
- All computations are computed in modular operations.
- The trapdoor of the keyword w is [${d}_{w}$kR, ${b}^{R}$].

- 5.
- Test(REST, Trapdoor): The Test algorithm takes the REST of a keyword and the Trapdoor of another keyword as input and returns whether two keywords are the same. Suppose that the REST of a keyword ${w}_{1}$ is [A, B] and that the Trapdoor of a keyword ${w}_{2}$ is [C, D]. Then Test algorithm returns “true” if$${B}^{C}={D}^{A}$$

#### 4.1. RanSCrypt Workflow

- When a sender sends an email to a receiver, the sender extracts keywords which the receiver can use to search the email. Then, the sender encrypts the body of the email using a regular cryptosystem (i.e., RSA, AES, etc.) and generates OPAC ciphertext for each keyword. After that, the sender sends the email along with OPAC ciphertexts to the server for the receiver.
- The server stores the email with its OPAC ciphertexts and sets the “Searchable” status to “NO” as the email with OPAC ciphertext is no longer searchable.
- The server sends the OPAC ciphertexts to the receiver to get the searchable REST keyword for each OPAC ciphertext. The server can send the OPAC ciphertexts immediately or later in some feasible moments as per policy.
- For each OPAC ciphertext, the receiver decrypts it and retrieves the original keyword. After that, the receiver computes the REST keyword for each of the original keywords. The receiver generates extra REST keywords and sends back all the REST keywords (including extra REST keywords) back to the server. Extra REST keywords are added for a false positive result, ensuring result perplexity. If the server sends ${L}_{o}$-many OPAC keywords, then the receiver should return ${L}_{r}$-many REST keywords where ${L}_{o}$ < ${L}_{r}$ and (${L}_{r}$ − ${L}_{o}$) will be defined by some predefined error percentage.
- The server stores all the REST keywords in place of the OPAC ciphertexts and updates the “Searchable” status to “YES” for that particular mail. This time, the corresponding email is searchable using these REST keywords. Each time the receiver searches for email, he can only search those emails which have “Searchable” status set to “YES”.
- The receiver can search anytime with the keyword of his choice. For this purpose, the receiver generates a Trapdoor of the keyword and sends to the server for the relevant email(s).
- Once the server gets a Trapdoor from the receiver, it searches all the REST keywords of emails for which the “Searchable” status is “YES”. The similarity between a REST keyword and trapdoor is obtained using the Test algorithm. Finally, the server sends the relevant email(s) back to the receiver.
- Getting a result, the receiver decrypts and removes false positive results from the result locally.

#### 4.2. Security Analysis

**Theorem**

**1.**

**Proof.**

**Theorem**

**2.**

**Proof.**

**Theorem**

**3.**

**Proof.**

REST: [${d}_{w}{}^{2}k\mathrm{R},\cdots {b}^{{d}_{w}R}$] Trapdoor: [${d}_{w}k\mathrm{R},\cdots {b}^{R}$] | Here, w = keyword, ${d}_{w}=Has{h}_{{k}_{H}}\left(\mathrm{w}\right),$ k = secret key, R = random number, b = base number. |

**Theorem**

**4.**

**Proof.**

**Theorem**

**5.**

**Proof.**

## 5. Performance Analysis

#### 5.1. Efficiency

#### 5.2. Overhead to Transform from Public Key to Symmetric Key

## 6. Keyword Luring Attack (KLA)

**Theorem**

**6.**

**Proof.**

## 7. Concluding Remark

- Multikeyword search: To enable RanSCrypt to support multiple query keyword search.
- Ranked result: Ranked resulting document list according to relevance score between query keyword and document.
- Fuzzy keyword search: To simulate real-life search capability, RanSCrypt needs to support fuzzy keyword search.
- Efficient searchable encryption: More efficient index and query keyword transformation and searching algorithms need to be investigated.
- Prioritizing encrypted data: Data searcher needs to be equipped with comparison capability among encrypted data, i.e., a doctor should be able to find emergency patients from many patients’ data based on severity of diseases.

## Author Contributions

## Acknowledgments

## Conflicts of Interest

## References

- Mell, P.; Grance, T. The NIST Definition of Cloud Computing; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2011. [Google Scholar]
- Armbrust, M.; Fox, A.; Griffith, R.; Joseph, A.D.; Katz, R.; Konwinski, A.; Lee, G.; Patterson, D.; Rabkin, A.; Stoica, I. A view of cloud computing. Commun. ACM
**2010**, 53, 50–58. [Google Scholar] [CrossRef] - Feng, D.-G.; Zhang, M.; Zhang, Y.; Xu, Z. Study on cloud computing security. J. Softw.
**2011**, 22, 71–83. [Google Scholar] [CrossRef] - Takabi, H.; Joshi, J.B.; Ahn, G.-J. Security and privacy challenges in cloud computing environments. IEEE Secur. Priv.
**2010**, 8, 24–31. [Google Scholar] [CrossRef] - Ali, M.; Khan, S.U.; Vasilakos, A.V. Security in cloud computing: Opportunities and challenges. Inf. Sci.
**2015**, 305, 357–383. [Google Scholar] [CrossRef] - Kamara, S.; Lauter, K. Cryptographic cloud storage. In Proceedings of the International Conference on Financial Cryptography and Data Security, Tenerife, Spain, 25–28 January 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 136–149. [Google Scholar]
- Wei, L.; Zhu, H.; Cao, Z.; Dong, X.; Jia, W.; Chen, Y.; Vasilakos, A.V. Security and privacy for storage and computation in cloud computing. Inf. Sci.
**2014**, 258, 371–386. [Google Scholar] [CrossRef] - Yan, Z.; Li, X.; Wang, M.; Vasilakos, A. Flexible data access control based on trust and reputation in cloud computing. IEEE Trans. Cloud Comput.
**2017**, 5, 485–498. [Google Scholar] [CrossRef] - Goldreich, O.; Ostrovsky, R. Software protection and simulation on oblivious RAMs. J. ACM (JACM)
**1996**, 43, 431–473. [Google Scholar] [CrossRef] - Ding, W.; Yan, Z.; Deng, R.H. Encrypted data processing with homomorphic re-encryption. Inf. Sci.
**2017**, 409, 35–55. [Google Scholar] [CrossRef] - Han, F.; Qin, J.; Hu, J. Secure searches in the cloud: A survey. Future Gener. Comput. Syst.
**2016**, 62, 66–75. [Google Scholar] [CrossRef] - Boneh, D.; Di Crescenzo, G.; Ostrovsky, R.; Persiano, G. Public key encryption with keyword search. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 506–522. [Google Scholar]
- Abdalla, M.; Bellare, M.; Catalano, D.; Kiltz, E.; Kohno, T.; Lange, T.; Malone-Lee, J.; Neven, G.; Paillier, P.; Shi, H. Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. J. Cryptol.
**2008**, 21, 350–391. [Google Scholar] [CrossRef] - Baek, J.; Safavi-Naini, R.; Susilo, W. Public key encryption with keyword search revisited. In Proceedings of the International Conference on Computational Science and Its Applications (ICCSA 2008), Perugia, Italy, 30 June–3 July 2008; pp. 1249–1259. [Google Scholar]
- Park, D.J.; Kim, K.; Lee, P.J. Public key encryption with conjunctive field keyword search. In Proceedings of the International Workshop on Information Security Applications, Jeju Island, Korea, 23–25 August 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 73–86. [Google Scholar]
- Rhee, H.S.; Park, J.H.; Susilo, W.; Lee, D.H. Trapdoor security in a searchable public-key encryption scheme with a designated tester. J. Syst. Softw.
**2010**, 83, 763–771. [Google Scholar] [CrossRef] - Xu, P.; Jin, H.; Wu, Q.; Wang, W. Public-key encryption with fuzzy keyword search: A provably secure scheme under keyword guessing attack. IEEE Trans. Comput.
**2013**, 62, 2266–2277. [Google Scholar] [CrossRef] - Byun, J.W.; Rhee, H.S.; Park, H.-A.; Lee, D.H. Off-line keyword guessing attacks on recent keyword search schemes over encrypted data. In Proceedings of the Workshop on Secure Data Management, Seoul, Korea, 10–11 September 2006; Springer: Berlin/Heidelberg, Germany, 2006; pp. 75–83. [Google Scholar]
- Mish, F. Merriam-Webster’s Collegiate Dictionary, 11th ed.; Merriam-Webster. Inc.: Springfield, MA, USA, 2003. [Google Scholar]
- Jeong, I.R.; Kwon, J.O.; Hong, D.; Lee, D.H. Constructing PEKS schemes secure against keyword guessing attacks is possible? Comput. Commun.
**2009**, 32, 394–396. [Google Scholar] [CrossRef] - Shen, E.; Shi, E.; Waters, B. Predicate privacy in encryption systems. In Proceedings of the Theory of Cryptography Conference, San Francisco, CA, USA, 15–17 March 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 457–473. [Google Scholar]
- Song, D.X.; Wagner, D.; Perrig, A. Practical techniques for searches on encrypted data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P 2000), Berkeley, CA, USA, 14–17 May 2000; pp. 44–55. [Google Scholar]
- Goh, E.-J. Secure indexes. IACR Cryptol. ePrint Arch.
**2003**, 2003, 216. [Google Scholar] - Curtmola, R.; Garay, J.; Kamara, S.; Ostrovsky, R. Searchable symmetric encryption: Improved definitions and efficient constructions. J. Comput. Secur.
**2011**, 19, 895–934. [Google Scholar] [CrossRef] - Chang, Y.-C.; Mitzenmacher, M. Privacy preserving keyword searches on remote encrypted data. In Proceedings of the International Conference on Applied Cryptography and Network Security, New York, NY, USA, 7–10 June 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 442–455. [Google Scholar]
- Ali, M.; Dhamotharan, R.; Khan, E.; Khan, S.U.; Vasilakos, A.V.; Li, K.; Zomaya, A.Y. SeDaSC: Secure data sharing in clouds. IEEE Syst. J.
**2017**, 11, 395–404. [Google Scholar] [CrossRef] - Swaminathan, A.; Mao, Y.; Su, G.-M.; Gou, H.; Varna, A.L.; He, S.; Wu, M.; Oard, D.W. Confidentiality-preserving rank-ordered search. In Proceedings of the 2007 ACM Workshop on Storage Security and Survivability, Alexandria, VA, USA, 29 October 2007; ACM: New York, NY, USA, 2007; pp. 7–12. [Google Scholar]
- Wang, C.; Cao, N.; Ren, K.; Lou, W. Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE Trans. Parallel Distrib. Syst.
**2012**, 23, 1467–1479. [Google Scholar] [CrossRef] - Zerr, S.; Olmedilla, D.; Nejdl, W.; Siberski, W. Zerber
^{+R}: Top-k retrieval from a confidential index. In Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, Saint Petersburg, Russia, 24–26 March 2009; ACM: New York, NY, USA, 2009; pp. 439–449. [Google Scholar] - Intille, S.; Jones, K.S. Simple, Proven Approaches to Text Retrieval; Technical Report UCAM-CL-TR-356; University of Cambridge, Computer Laboratory, CiteSeerX: Cambridge, UK, 1997. [Google Scholar]
- Witten, I.H.; Moffat, A.; Bell, T.C. Managing Gigabytes: Compressing and Indexing Documents and Images; Morgan Kaufmann: Burlington, MA, USA, 1999. [Google Scholar]
- Boldyreva, A.; Chenette, N.; Lee, Y.; O’neill, A. Order-preserving symmetric encryption. In Proceedings of the 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), Cologne, Germany, 26–30 April 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 224–241. [Google Scholar]
- Cao, N.; Wang, C.; Li, M.; Ren, K.; Lou, W. Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst.
**2014**, 25, 222–233. [Google Scholar] [CrossRef] - Sun, W.; Wang, B.; Cao, N.; Li, M.; Lou, W.; Hou, Y.T.; Li, H. Verifiable privacy-preserving multi-keyword text search in the cloud supporting similarity-based ranking. IEEE Trans. Parallel Distrib. Syst.
**2014**, 25, 3025–3035. [Google Scholar] [CrossRef] - Xia, Z.; Wang, X.; Sun, X.; Wang, Q. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst.
**2016**, 27, 340–352. [Google Scholar] [CrossRef] - Wong, W.K.; Cheung, D.W.-L.; Kao, B.; Mamoulis, N. Secure kNN computation on encrypted databases. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, Providence, RI, USA, 29 June–2 July 2009; ACM: New York, NY, USA, 2009; pp. 139–152. [Google Scholar]
- Fu, Z.; Wu, X.; Guan, C.; Sun, X.; Ren, K. Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans. Inf. Forensics Secur.
**2016**, 11, 2706–2716. [Google Scholar] [CrossRef] - Huang, Q.; Li, H. An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks. Inf. Sci.
**2017**, 403, 1–14. [Google Scholar] [CrossRef] - Borg, C.W.; Dackebro, E. A Comparison of Performance between a CPU and a GPU on Prime Factorization Using Eratosthene’s Sieve and Trial Division. Bachelor’s Thesis, School of Computer Science and Communication (CSC), Stockholm, Sweden, 2017. [Google Scholar]
- Kleinjung, T.; Aoki, K.; Franke, J.; Lenstra, A.; Thomé, E.; Bos, J.; Gaudry, P.; Kruppa, A.; Montgomery, P.; Osvik, D.A. Factorization of a 768-bit RSA modulus. In Proceedings of the 30th Annual Cryptology Conference (CRYPTO), Santa Barbara, CA, USA, 15–19 August 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 333–350. [Google Scholar]
- Kiviharju, M. On the fog of RSA key lengths: Verifying public key cryptography strength recommendations. In Proceedings of the 2017 International Conference on Military Communications and Information Systems (ICMCIS), Oulu, Finland, 15–16 May 2017; pp. 1–8. [Google Scholar]
- Koblitz, N.; Menezes, A.J. A survey of public-key cryptosystems. SIAM Rev.
**2004**, 46, 599–634. [Google Scholar] [CrossRef]

Component of SE | Attack | Security Requirement | Other Requirement | Requirement Name |
---|---|---|---|---|

Data | Information leakage | Modern cryptosystem | ||

Index keyword | - KGA - Association Attack | - Irreversible - Random | Search facility with trapdoor | Index keyword indistinguishability |

Trapdoor | - KGA - Search pattern | - Irreversible - Random | Search facility with index keyword | Trapdoor indistinguishability |

Search result | - Access pattern | - Deterministic noisy result | Result perplexity |

**Table 2.**Number of operations required for different algorithms of different schemes. PEKS: Public key Encryption with Keyword Search; PAEKS: Public-key-Authenticated Encryption with Keyword Search.

Algorithm | RanSCrypt | PEKS | PEFKS | PAEKS | ||||
---|---|---|---|---|---|---|---|---|

Modular Exponentiation | Hash Digest Computation | Modular Exponentiation | Hash Digest Computation | Modular Exponentiation | Hash Digest Computation | Modular Exponentiation | Hash Digest Computation | |

Index | 1 | 1 | 3 | 2 | 6 | 4 | 3 | 1 |

Trapdoor | 1 | 1 | 1 | 1 | 4 | 2 | 2 | 1 |

Test | 2 | 0 | 1 | 1 | 4 | 4 | 2 | 1 |

© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Ahsan, M.A.M.; Idna Bin Idris, M.Y.; Bin Abdul Wahab, A.W.; Ali, I.; Khan, N.; Al-Garwi, M.A.; Rahman, A.U.
Searching on Encrypted E-Data Using Random Searchable Encryption (RanSCrypt) Scheme. *Symmetry* **2018**, *10*, 161.
https://doi.org/10.3390/sym10050161

**AMA Style**

Ahsan MAM, Idna Bin Idris MY, Bin Abdul Wahab AW, Ali I, Khan N, Al-Garwi MA, Rahman AU.
Searching on Encrypted E-Data Using Random Searchable Encryption (RanSCrypt) Scheme. *Symmetry*. 2018; 10(5):161.
https://doi.org/10.3390/sym10050161

**Chicago/Turabian Style**

Ahsan, M A Manazir, Mohd Yamani Idna Bin Idris, Ainuddin Wahid Bin Abdul Wahab, Ihsan Ali, Nawsher Khan, Mohammed Ali Al-Garwi, and Atiq Ur Rahman.
2018. "Searching on Encrypted E-Data Using Random Searchable Encryption (RanSCrypt) Scheme" *Symmetry* 10, no. 5: 161.
https://doi.org/10.3390/sym10050161