QPASE: Quantum-Resistant Password-Authenticated Searchable Encryption for Cloud Storage
Jingwei Jiang, Ding Wang
Abstract
Searchable encryption is a powerful tool that enables secure and private searches of encrypted data. It allows users to outsource their data to cloud servers while maintaining the confidentiality and privacy of their data. Password-authenticated symmetric searchable encryption (PASE) can help users avoid the complexity and security risks associated with key management while maintaining the advantages of searchable encryption. To the best of our knowledge, none of the existing PASE schemes can resist security threats in the post-quantum era, and there is an urgent need to design quantum-resistant solutions. However, post-quantum cryptography (e.g., lattice-based cryptography) varies significantly from traditional cryptography, and it is challenging to design a quantum-resistant PASE for cloud storage. In this work, we take the first step towards this challenge by proposing QPASE, a quantum-resistant password-authenticated symmetric searchable encryption for cloud storage. We employ lattice-based threshold oblivious pseudorandom function (TOPRF) to achieve password re-randomization and formally prove that QPASE is authentication secure and indistinguishability against chosen keyword attacks (IND-CKA) secure under quantum computers. QPASE can be extended to multi-keyword search and allows servers to update keys without affecting the users. The comparison results show that QPASE outperforms its foremost counterparts in security and computation overhead.