Threshold Broadcast Encryption with Keyword Search

Many users store their data in a cloud, which might not be fully trusted, for the purpose of convenient data access and sharing. For efficiently accessing the stored data, keyword search can be performed by the cloud server remotely with a single query from the user. However, the cloud server cannot directly search the data if it is encrypted. One of solutions could be to allow the user to download the encrypted data, in order to carry out a search; however, it might consume huge network bandwidth. To solve this problem, the notion of keyword search on encrypted data (searchable encryption) has been proposed. In this paper, a special variant of searchable encryption with threshold access is studied. Unlike some previous proposals which have fixed group and fixed threshold value, we define a new notion named Threshold Broadcast Encryption with Keyword Search (TBEKS) for dynamic groups and flexible threshold values. We formalize the security of a TBEKS scheme via a new security model named IND-T-CKA which captures indistinguishability against chosen keyword attacks in the threshold setting. We also propose the first practical TBEKS scheme with provable security in our IND-T-CKA security model, assuming the hardness of the Decisional Bilinear DiffieHellman problem.