Public-Key Encryption with Delegated Search

In a public key setting, Alice encrypts an email with the public key of Bob, so that only Bob will be able to learn the contents of the email. Consider a scenario where the computer of Alice is infected and unbeknown to Alice it also embeds a malware into the message. Bob’s company, Carol, cannot scan his email for malicious content as it is encrypted so the burden is on Bob to do the scan. This is not efficient. We construct a mechanism that enables Bob to provide trapdoors to Carol such that Carol, given an encrypted data and a malware signature, is able to check whether the encrypted data contains the malware signature, without decrypting it. We refer to this mechanism as public-key encryption with delegated search (PKEDS). We formalize PKEDS and give a construction based on ElGamal publickey encryption (PKE). The proposed scheme has ciphertexts which are both searchable and decryptable. This property of the scheme is crucial since an entity can search the entire content of the message, in contrast to existing searchable public-key encryption schemes where the search is done only in the metadata part. We prove in the standard model that the scheme is ciphertext indistinguishable and trapdoor indistinguishable under the Symmetric External Diffie-Hellman (SXDH) assumption. We prove also the ciphertext one-wayness of the scheme under the modified Computational Diffie-Hellman (mCDH) assumption. We show that our PKEDS scheme can be used in different applications such as detecting encrypted malware and forwarding encrypted email.