Comment on an Attribute-Based Searchable Encryption Scheme With Receiver Anonymity
Guangao Zu, Yang Lu, Jiguo Li
Abstract
Privacy protection of search keywords is one of the challenges in building keyword-based searchable encryption schemes. In IEEE Transactions on Services Computing (Vol. 15, No.2, March/April 2022), Chaudhari <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al</i> . proposed an attribute-based searchable encryption (ABSE) scheme (named KeySea), which was claimed to provide an effective solution to solve the problem of privacy-preserving search over cloud encrypted data. However, we demonstrate that the scheme fails to protect the privacy of search keywords by proposing three attacks on it. Our attacks show that an adversary (an untrusted cloud server or a malicious user) can successfully extract the keyword from a search trapdoor by keyword guessing in an offline or online manner. After analyzing the reasons that cause such attacks, we provide the potential solutions to overcome similar security vulnerabilities in the ABSE schemes.