On these days, users tend to access to online content via mobile devices, for example, e-mails. Because these devices have constrained resources, users may wish to instruct e-mail gateways to search through new e-mails and only download those corresponding to particular keywords, such as "urgent." Yet, this searching should not compromise the user's privacy. A public key encryption with keyword search (PEKS) scheme achieves both these requirements. Most PEKS schemes are constructed on the basis of bilinear pairings. Recently, Khader proposed the first PEKS scheme that does not require bilinear pairings and is provably indistinguishable chosen-keyword attack (IND-CKA) secure in the standard model. Such a scheme is more efficient than pairing-based ones. In this paper, we show a drawback of Khader's scheme in that it depends on an unnecessary security assumption: Its IND-CKA security requires its underlying identity-based encryption building block to be indistinguishable chosen-ciphertext attack secure. We construct a more efficient PEKS scheme that achieves the same level of PEKS security as Khader's but that only requires the underlying identity-based encryption to be indistinguishable chosen-plaintext attack secure. We give a direct proof that the proposed scheme is IND-CKA secure. Our scheme outperforms other recent PEKS schemes in literature.
- Keyword search
- Underlying assumption