Forward-Secure multi-user and verifiable dynamic searchable encryption scheme within a zero-trust environment

Abstract

Privacy-preserving searchable encryption can allow clients to encrypt the data for secure cloud storage, enabling subsequent data retrieval while preserving the privacy of data. In this paper, we initialize the study of constructing a secure dynamic searchable symmetric encryption (DSSE) scheme in a zero-trust environment characterized by the threat model of honest-but-curious data owner (DO) + honest-but-curious data user (DU) + fully malicious cloud server (CS). To tackle these challenges, we introduce a multi-user DSSE scheme that emphasizes verifiability and privacy while integrating forward security. Our contributions include: Employing the oblivious pseudo-random function (OPRF) protocol for secure DO-DU interactions, ensuring the privacy of DO’s keys and DU’s queried keywords from each other, And maintaining the secure separation of data ownership and usage, Utilizing a multiset hash function-based state chain to achieve forward privacy and support DO updates of encrypted cloud data with verifiable query results Proposing a novel hash-based file encryption and authentication approach to protect file privacy and verify query results. additionally, We provide a comprehensive security analysis and experimental evaluation demonstrating the efficacy and efficiency of our approach. these advancements enhance DSSE schemes under a zero-trust environment, Addressing critical challenges of privacy, Verifiability, And operational efficiency