^{1, 2}

^{1}

^{1}

^{2}

Data stored in the cloud servers, keyword search, and access controls are two important capabilities which should be supported. Public-keyword encryption with keyword search (PEKS) and attribute based encryption (ABE) are corresponding solutions. Meanwhile, as we step into postquantum era, pairing related assumption is fragile. Lattice is an ideal choice for building secure encryption scheme against quantum attack. Based on this, we propose the first mathematical model for lattice-based authorized searchable encryption. Data owners can sort the ciphertext by specific keywords such as time; data users satisfying the access control hand the trapdoor generated with the keyword to the cloud sever; the cloud sever sends back the corresponding ciphertext. The security of our schemes is based on the worst-case hardness on lattices, called learning with errors (LWE) assumption. In addition, our scheme achieves attribute-hiding, which could protect the sensitive information of data user.

Nowadays, more and more people use service from cloud server [

In order to address the problem of secure and decentralized access control, Sahai and Waters [

All the schemes mentioned above are constructed from pairings. But unluckily, if we move into the era of postquantum, pairing related assumption is fragile. Lattice is an ideal choice for building secure encryption scheme according to two facts: firstly, there is no known algorithm even with the help of quantum computer that can efficiently solve lattice hard problems; secondly, lattice-based cryptographic constructions enjoy several potential advantages: asymptotic efficiency, conceptual simplicity, and security proof based on worst-case hard problem. Recently, ABE from lattice assumptions are ascendant. J. Zhang and Z. Zhang [

ABE resolves the problem of fine-grained access control and provides a one-to-many encryption which can improve the efficiency of the data owner; however, data utilization is still a challenging problem. For example, in order to search some relevant documents amongst an encrypted data set stored in the cloud, one may have to download and decrypt the entire data set. This is apparently impractical when the data volume is large. Thus, mechanisms that allow users to search directly on the encrypted data are of great interest in the era of cloud computing. Based on the traditional plaintext keyword search data services will result in bad quality of service because the data are encrypted. Boneh et al. [

There are also many existing searchable encryption schemes from parings. Lai et al. [

Meanwhile, by setting the keyword such as year, month, and day, data owners can sort ciphertext. If data users want to extract the ciphertext from some time point, they only need to submit trapdoor corresponding to keyword the cloud server.

Therefore, there are two main contributions of our scheme in detail as follows.

(1) To the best of our knowledge, this is the first work that addresses ASE from lattice assumptions.

(2) In contrast to previous solutions [

The rest of the paper is organized as follows. Section

We consider ASE in cloud computing. The system architecture is similar to that in [

System architecture of ASE in cloud computing.

In our setting, a user will be identified by a set of attributes; let

In this subsection, we introduce the functionality of PEKS and CP-ABE independently.

A

The general security property of

A PEKS scheme is

The scheme consists of four algorithms [

A CP-ABE scheme with hiding attributes is selective CPA secure if all polynomial-time adversaries have at most a negligible advantage

Let

For a basis

Given a matrix

For any prime

For any

Gentry et al. [

The preimage sampleable function is defined as follows.

Our construction can be reduced to learning with errors

For an integer

For an

In this section, we put forward our ASE scheme where the access structures include positive and negative attributes based on AND-gates. Define some symbols simply as follows: let the set of attributes be

Finally, return ciphertext

Observe that if we let

In this section, we discuss the security proof of our ASE scheme. Comparing ASE scheme with CP-ABE with attribute-hiding and PEKS scheme, we divide our ASE scheme into two parts. If we only choose setup, ABE-KeyGen, encrypt (do not take over the keyword ciphertext

If

Algorithm

For each

Finally

Since

Let

Finally,

On one hand, if

Assuming the

In the random oracle mode, suppose there is a polynomial-time adversary

Notice that if

We now analyze the reduction. The probability of

We propose an authorized searchable encryption with attribute-hiding from lattices, which only enables authorized users to perform keyword search and then decrypt ciphertext. We are the first to integrate PEKS with CP-ABE based lattices assumption. In contrast to previous solutions [

The authors declare that there is no conflict of interests regarding the publication of this paper.

This work is supported by the National Natural Science Foundation of China (Grant nos. 61272525 and 61370203) and Science and Technology on Communication Security Laboratory Foundation (no. 9140C110301110C1103).