Lattice-based proxy-oriented identity-based encryption with keyword search for cloud storage

Public-key encryption with keyword search (PEKS) enables users to search over encrypted data and retrieve target data efficiently. However, most of existing PEKS schemes are vulnerable to adversaries equipped with quantum computers in the near future, and even incur complex certificate management procedures due to the public key infrastructure (PKI). To this end, we propose a proxy-oriented identity-based encryption with keyword search (PO-IBEKS) scheme from lattices for cloud storage, which is post-quantum secure. In PO-IBEKS, an original data owner authorizes a proxy to encrypt sensitive data as well as corresponding keywords and upload ciphertexts to clouds, which alleviates the data processing burden on the original data owner. Besides, PO-IBEKS can resist inside keyword guessing attacks (IKGA) from misbehaved cloud servers by integrating the learning with errors (LWE) encryption and preimage sampleable function. Each entity in PO-IBEKS is identified with her/his recognizable information, thereby eliminating managing certificates. Formal security analysis proves that PO-IBEKS can achieve ciphertext indistinguishability, existential unforgeability, and delegation security. Experimental results demonstrate PO-IBEKS is much more practical when compared with existing schemes.