Perfect Keyword Privacy in PEKS Systems

This paper presents a new security notion, called perfect keyword privacy (PKP), for non-interactive public-key encryption with keyword search (PEKS) [5]. Although the conventional security notion for PEKS guarantees that a searchable ciphertext leaks no information about keywords, it gives no guarantee concerning leakage of a keyword from the trapdoor. PKP is a notion for overcoming this fatal deficiency. Since the trapdoor has verification functionality, the popular concept of “indistinguishability” is inadequate for capturing the notion of keyword privacy from the trapdoor. Hence, our formalization of PKP depends on the idea of formalizing a perfectly one-way hash function [10, 11]. We also present IND-PKP security as a useful notion for showing that a given PEKS scheme has PKP. Furthermore, we present PKP+ and INDPKP+ as enhanced notions of PKP and IND-PKP, respectively. Finally, we present several instances of an IND-PKP or IND-PKP+ secure PEKS scheme, in either the random oracle model or the standard model.