Dynamic symmetric searchable encryption from constrained functional encryption

Abstract

Searchable symmetric encryption allows a party to encrypt data while maintaining the ability to partially search for over it. We present a scheme that balances efficiency, privacy, and the set of admissible operations: Our scheme searches in time logarithmic in the size of the word dictionary (i.e., it is independent of the number of files), satisfies the strong security notion of search pattern privacy against adaptive attacks, supports complex search queries over a Boolean algebra (including conjunctions of multiple search words), provides the full functionality of addition and deletion of search words and identifiers, and is provably secure in the standard model. At the heart of our system lies a novel cryptographic tool called constrained functional encryption (CFE) over the message plaintext. In a CFE system, the decryptability of ciphertexts is constrained to particular ciphertexts having been evaluated in a very concrete way. We give a definitional framework including a relaxed indistinguishability-based security notion. Our construction is proved secure based on the subgroup decision problem in bilinear groups for the class of inner products functions.