Blockchain-based searchable encryption with efficient result verification and fair payment

doi:10.1016/j.jisa.2021.102791

Journal of Information Security and Applications

Volume 58, May 2021, 102791

https://doi.org/10.1016/j.jisa.2021.102791 Get rights and content

Abstract

Data outsourcing has become a popular application. Searchable encryption (SE) can provide data retrievability as well as keep data privacy. In the threat model of SE schemes, the cloud server is usually assumed to be Honest-But-Curious, but this may not be true in reality. The blockchain-based SE makes malicious cloud servers dare not to deviate from the protocol, and search results are validated by miners. However, rational miners would skip the validation step and accept the block directly to save computational resources. This situation is called the Verifier’s Dilemma which will make the blockchain-based SE scheme not real verifiable. Therefore, this paper proposes a verifiable blockchain-based public-key encryption scheme that outsources the verification to the TrueBit network. This design makes our scheme achieves effective verifiability which will minimize the computational cost of miners. Furthermore, our scheme also establishes a fair payment protocol between the multiple data owners and data users. Also, the data owner can revoke the permission of the document he/she shared before. We also present security proofs and analysis of the proposed scheme. Performance evaluation presents the overheads of performing search operations on the cloud server and conducting transactions on smart contracts in Ethereum. The experiment results demonstrate the practicability of our proposed scheme.

Introduction

With the growth of data storage demands, personal users and institutional users would outsource their data to cloud service providers (CSP). For data privacy concerns, data outsourced to the cloud is typically encrypted. However, a regular encryption scheme makes the encrypted data unsearchable, which hinders the application of cloud storage service industry. Searchable encryption (SE) is a promising technique allowing users to retrieve ciphertext data [1], [2]. SE tradeoffs data privacy and data availability, but there are still many problems that need to be resolved. For example, there are potential risks if the data owner trusts the CSP completely. For financial benefit, the CSP has the incentive not to follow the protocol truthfully. So in this setting, the retrieving results returned by the CSP need to be verified to make sure he/she did what he/she claimed to do. And the realization of fair payments between users and CSP in insecure public communication networks [3] should also be considered.

Song et al. [4] first proposed a symmetric searchable encryption (SSE) scheme. After that, a large number of researches have been carried out, including the multi-keyword symmetric searchable encryption schemes [5], [6], [7] and the schemes that support dynamic updates [8], [9]. As those works are all based on symmetric cryptography primitives, Boneh [10] first formalized the notion of public-key encryption with keyword search (PEKS), and defined the security of this system. In 2007, Boneh and Waters [11] proposed a scheme that supports conjunctive and range queries based on their previous work. Rhee et al. [12] also proposed a public-key searchable encryption scheme that introduces the concept of “trapdoor indistinguishability”, which is against keyword-guessing attacks. Public-key encryption with keyword search scheme avoids the key distribution problem in symmetric searchable encryption, but it also brings difficulties such as key leakage [13] and low efficiency.

In many previous searchable encryption schemes, the remote server is modeled as an Honest-But-Curious entity that always performs search queries correctly for users, which is hardly true in reality. In fact, a malicious server may return searching results that do not match the search query to the user. To verify searching results, some works have focused on the verifiable searchable encryption schemes [14], [15], [16]. Zheng et al. [15] proposed a verifiable attribute-based searchable encryption scheme that can verify if the cloud server has performed the correct search operation. Sun et al. [16] proposed a verifiable conjunctive keyword search scheme and its tree index structure greatly improves efficiency. However, the malicious behaviors on cloud servers can only be detected without penalty in most schemes. Thus, a verifiable searchable encryption scheme that can constrain the behavior of all parties is needed in practice.

Recently, the research of combining searchable encryption with blockchain technology has realized the punishment to the malicious server. Hu et al. [17] proposed a blockchain-based symmetric searchable encryption scheme, which realized the fairness of data sharing system. On this basis, Chen et al. [18] proposed a blockchain-based search scheme for electronic health records in which the index is constructed by complex logical expressions. Yang et al. [19] constructed a fair searchable encryption scheme in the single-owner setting that the correctness of search results is verified in the blockchain.

Blockchain can solve the trust problem of data sharing system with the cloud involved. In our proposed scheme, all parties will be treated fairly and incentivized to do the right computations. We also adopt the key-aggregate method in [20], which makes it easy for the data owner to share search and verification permissions on document sets selectively. Different from [20], we explore the potential of blockchain technology in public-key encryption with keyword search scheme via smart contract. The contributions of this paper are summarized as follows:

–
A blockchain-based public-key encryption with keyword search scheme is proposed, which can achieve decentralized and fair searchable encryption. We have improved Liu’s scheme [20] to realize publicly verifiable and adopted the key-aggregate method to reduce the cost of holding keys. Furthermore, our proposed scheme solves the Verifier’s Dilemma by introducing the TrueBit protocol [21] then enables secure outsourced verification and minimizes execution cost.
–
In our proposed scheme, the data owner can update the private key and revoke the permission of the document shared before. Key update property and data revocability have not been realized in [20]. We believe this merit makes our scheme achieve Forward Secrecy which means data users whose document access permission was revoked cannot retrieve the revoked document by submitting an old token to search.
–
Our proposed scheme achieves fair finance and access control between the data user and data owners through smart contract. As long as the data owner grants access to the data user and the cloud server provides the searching results honestly, they will be paid by the data user automatically.
–
In the multi-owner setting, our proposed scheme implements fine-grained payments with smart contract. Especially, the data user pays the actual search fee based on the percentage of results returned by the cloud server that pass the verification, with the rest refunded to his/her account. Also, data owners are paid fairly for the number of documents they share.

The remainder of this paper is organized as follows. Our Motivation is expounded in Section 2. Preliminaries are described in Section 3. The system model and design goals are presented in Section 4. We present the concrete construction of our proposed scheme in Section 5, and its security proof is presented in Section 6. The performance evaluation is presented in Section 7 and the conclusion is drawn in Section 8.

Section snippets

The verifier’s dilemma

Ethereum [22] is a public blockchain platform that can execute smart contracts and enable fair transactions without the existence of a trusted third party. To alleviate Denial-of-Service attack (DoS), Ethereum introduced the gas system (described in Section 3.2.3) which can reduce the number of invalid transactions to some extent. Every transaction or smart contract code in Ethereum needs to be calculated by the entire blockchain network to realize Proof-of-Work (PoW) consensus. However, there

Bilinear map

Let $G_{1}$ be a cyclic group whose order is a prime $p$ , and $G_{2}$ be a cyclic group with the same order. Let $e : G_{1} \times G_{1} \to G_{2}$ be a bilinear map with the following properties:

$•$
Bilinearity: for all $x, y \in G_{1}$ and $a, b \in Z_{p}$ , we have $e (x^{a}, y^{b}) = e {(x, y)}^{a b}$ ;
$•$
Computability: for any $x, y \in G_{1}$ , there is an efficient polynomial time algorithm to compute $e (x, y)$ ;
$•$
Non-degeneracy: there are $g_{1}, g_{2} \in G_{1}$ that make $e (g_{1}, g_{2})$ $\neq 1_{G_{2}}$ .

Bloom filter

A Bloom filter is a data structure consisting of an array of $l$ bits and $k$ independent hash functions ${H_{1}, \dots, H_{k}}$ . At

System model

Fig. 1 gives a system model of our proposed scheme in the multi-owner setting. It consists mainly of the following four entities.

$•$
Data Owner (DO). The data owner can build secure index and ciphertext files that are outsourced to the cloud platform.
$•$
Data User (DU). The data user with search privilege can generate a token and submit a search query to the system.
$•$
Cloud Platform (CP). The cloud platform that stores secure index and ciphertext files can provide search service to the data user.
$•$
Smart

The construction

In this section, the concrete construction and smart contracts of our scheme are introduced.

Security analysis

In this section, we show the security analysis of our proposed scheme. The properties of confidentiality, soundness, fairness, and forward secrecy are analyzed respectively and the corresponding proofs are given.

Performance evaluation

The performance evaluation is described in this section. The overhead of our proposed scheme comes mainly from the search process and the execution of smart contract. Before introducing our experiments, we compare the features of different schemes in Table 2.

Hu et al. [17] proposed a symmetric searchable encryption scheme based on blockchain, which innovatively guarantees the fairness of the scheme through smart contracts. However, the search operation is performed by miners in the blockchain,

Conclusion

The blockchain-based privacy protection searchable encryptionscheme has a broad application prospect, which can guarantee reliability, fairness, and other properties. Each participant in the network can be motivated to perform the correct computation. We combine the verifiable searchable encryption scheme of the aggregate key with blockchain technology, which not only introducing fairness to protect the interests of participants in the multi-owner setting but also realizing key update property

CRediT authorship contribution statement

Haiyu Li: Methodology, Writing - original draft preparation. Tao Wang: Conceptualization, Methodology, Supervision. Zirui Qiao: Methodology, Visualization, Investigation. Bo Yang: Supervision. Yueyang Gong: Software, Validation. Jingyi Wang: Software, Visualization. Guoyong Qiu: Writing - reviewing and editing.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgments

This work is supported by National Key R&D Program of China (no. 2017YFB0802000), the National Natural Science Foundation of China (U2001205, 61772326, 61802241, 61802242), National Cryptography Development Fund during the 13th Five-year Plan Period (MMJJ20180217), the Fundamental Research Funds for the Central Universities (GK202007031).

References (28)

IqbalS. et al.
On cloud security attacks: A taxonomy and intrusion detection and prevention as a service
J Netw Comput Appl
(2016)
RheeH.S. et al.
Trapdoor security in a searchable public-key encryption scheme with a designated tester
J Syst Softw
(2010)
ChenL. et al.
Blockchain based searchable encryption for electronic health record sharing
Future Gener Comput Syst
(2019)
LiuZ. et al.
Verifiable searchable encryption with aggregate keys for data sharing system
Future Gener Comput Syst
(2018)
JuliadotterN.V. et al.
Cloud attack and risk assessment taxonomy
IEEE Cloud Comput
(2015)
QiaoZ. et al.
Improved secure transaction scheme with certificateless cryptographic primitives for IoT-based mobile payments
IEEE Syst J
(2021)
SongD.X. et al.
Practical techniques for searches on encrypted data
WangB. et al.
Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud
ChenL. et al.
Improving file locality in multi-keyword top-k search based on clustering
Soft Comput
(2018)
ChenL. et al.
A secure multi-keyword ranked search over encrypted cloud data against memory leakage attack
J Internet Technol
(2018)

HahnF. et al.

Searchable encryption with secure and efficient updates

DaiX. et al.

An efficient and dynamic semantic-aware multikeyword ranked search scheme over encrypted cloud data

IEEE Access

(2019)

BonehD. et al.

Public key encryption with keyword search

BonehD. et al.

Conjunctive, subset, and range queries on encrypted data

Cited by (25)

Blockchain-assisted multi-keyword fuzzy search encryption for secure data sharing
2023, Journal of Systems Architecture
Cloud-based data sharing has become a significant technology trend thanks for its convenience and economy. Data owners are suggested to encrypt data before outsourcing for data security and users’ privacy. This approach makes it a challenging problem to implement the retrieval of encrypted data while enforcing fine-grained access control over the ciphertext. In this paper, we propose a blockchain-assisted multi-keyword fuzzy search encryption (BCFSE) scheme for secure data sharing which supports fine-grained access control and attribute revocation. The BCFSE scheme maps the attributes in the ciphertext policy attribute-based encryption (CP-ABE) to attribute tokens on the blockchain, which provides lightweight, secure and trusted attribute management. Moreover, we construct a keyword search scheme based on CP-ABE by using searchable symmetric encryption algorithm in the keyword encryption and retrieval phases, effectively reducing computational cost. BCFSE combines the advantages of CP-ABE and searchable encryption based on blockchain, which implements authorization and search with the assistance of smart contracts to ensure the reliability of the search process. In addition, the BCFSE scheme supports multi-keyword fuzzy search with both AND and OR semantics. Extensive experiments have been performed on real datasets to validate the effectiveness and efficiency of our BCFSE scheme.
VMSE: Verifiable multi-keyword searchable encryption in multi-user setting supporting keywords updating
2023, Journal of Information Security and Applications
Since the powerful storage capacity of the cloud platform, more and more people are willing to store their files on the cloud service provider (CSP). In order to prevent the privacy of outsourced files from being leaked, data owners will encrypt files before uploading. However, encryption will significantly limit the accurate location of the files. Therefore, this paper mainly introduces a verifiable multi-keyword searchable encryption scheme supporting keywords updating (VMSE). First of all, our proposed VMSE scheme can achieve multiple keywords search while protecting the privacy of the outsourced files and users. Then, our VMSE scheme can also implement the integrity verification and decryption of search results, which are not considered in many existing multi-keyword searchable encryption schemes. Currently, the dynamics in search schemes mostly refer to the dynamic update of outsourced files or user’s search permissions. We consider the keyword dynamic update of outsourced files in this paper, which is a design challenge for searchable encryption schemes and achieved by few searchable encryption schemes. Finally, performance evaluation shows our scheme is efficient and feasible in practical application.
Block verifiable dynamic searchable encryption using redactable blockchain
2023, Journal of Information Security and Applications
To solve the problems of low efficiency, inflexible updates and the high storage cost of existing result verifiable searchable encryption schemes, we propose a dynamic searchable encryption scheme with block verification using redactable blockchain. First, the inverted index is divided into blocks, the verification tag corresponding to the block index is uploaded to the redactable blockchain, and smart contracts are used to perform block verification of the query results to improve the query and verification performance. Furthermore, we use the blockchain rewriting technology to update the tags in the result checklist, improving the data update performance and scalability of the blockchain, and ensuring the constant storage overhead of the blockchain. Security analysis confirms that our proposals guarantee the correctness and completeness of the query results. Experimental results show that our proposed approach can improve the query efficiency and result verification efficiency under the premise of the low-speed growth of the blockchain data scale. In particular, the advantages become more significant as the data collection scale grows.
Blockchain-Enabled decentralized Attribute-Based access control with policy hiding for smart healthcare
2022, Journal of King Saud University - Computer and Information Sciences
Citation Excerpt :
Belguith et al. (Belguith et al., 2018) proposed a multi-authority CP-ABE scheme based on (Lewko et al., 2011), which can simultaneously achieve policy concealment and resist users' collusion attacks. The issue of fair payment in cloud computing has been extensively studied in many schemes (Wang et al., 2020; Huang et al., 2018; Chen et al., 2012; Li et al., 2021; Dorsala et al., 2020). Zhang et al. (Zhang et al., 2018) proposed a blockchain-based fair payment scheme for cloud computing outsourcing services for the first time, but complete robust fairness is not achieved because the solution needs to return the value of the adjacent node in the Merkle tree to the worker.
With the rapid development of edge computing technologies, smart healthcare significantly improves people’s lives by collecting and analyzing health data in real time. However, security and privacy issues impede the wide deployment of smart healthcare systems (SHS). Most of existing solutions still have drawbacks with respect to computation efficiency and users’ privacy. In this paper, a blockchain-enabled attribute-based access control scheme with hidden policies is proposed for SHS. The scheme introduces multiple authorities to avoid single point failure. Especially, the mode of online-offline encryption relieves users’ online computation burden by transferring computation tasks to the idle time of users, and policy hiding protects users’ sensitive information. Furthermore, fair payments are realized based on blockchain and smart contracts to support the outsourcing of decryption between users and mobile edge computing servers. Finally, the proposed scheme is proven secure in the random oracle model, and experimental results show that it is computationally efficient and hence can be used in the edge computing environment.
BCVSE: Verifiable Searchable Encryption Scheme With Blockchain Supporting Fuzzy Query
2024, Arabian Journal for Science and Engineering
Review on searchable encryption based on blockchains
2024, Nanjing Youdian Daxue Xuebao (Ziran Kexue Ban)/Journal of Nanjing University of Posts and Telecommunications (Natural Science)

View all citing articles on Scopus

View full text

Blockchain-based searchable encryption with efficient result verification and fair payment

Abstract

Introduction

Section snippets

The verifier’s dilemma

Bilinear map

Bloom filter

System model

The construction

Security analysis

Performance evaluation

Conclusion

CRediT authorship contribution statement

Declaration of Competing Interest

Acknowledgments

J Netw Comput Appl

J Syst Softw

Future Gener Comput Syst

Future Gener Comput Syst

Cloud attack and risk assessment taxonomy

IEEE Cloud Comput

Improved secure transaction scheme with certificateless cryptographic primitives for IoT-based mobile payments

IEEE Syst J

Practical techniques for searches on encrypted data

Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud

Improving file locality in multi-keyword top-k search based on clustering

Soft Comput

A secure multi-keyword ranked search over encrypted cloud data against memory leakage attack

J Internet Technol

Searchable encryption with secure and efficient updates

An efficient and dynamic semantic-aware multikeyword ranked search scheme over encrypted cloud data

IEEE Access

Public key encryption with keyword search

Conjunctive, subset, and range queries on encrypted data