Trapdoor Privacy in Public Key Encryption With Keyword Search: A Review

The public key encryption with keyword search (PEKS) scheme allows searches to be performed over ciphertext by a server in a public-key setting. The PEKS scheme suffers from a major drawback which is keyword guessing attack. A keyword guessing attack (KGA) allows the attacker to successfully guess the correct keyword encrypted in a searchable ciphertext and trapdoor. To overcome this vulnerability, security notions, such as keyword privacy and trapdoor privacy were introduced. Keyword privacy prevents any information leaked from the keyword itself, and similarly trapdoor privacy prevents any information leaked from the trapdoor side. A PEKS scheme that is secure against KGA should satisfy trapdoor privacy. In this paper, we compare various types of PEKS schemes in terms of their underlying computational hardness, system model, search function, security properties of keyword privacy and trapdoor privacy, and security against offline KGA and online KGA. From the comparison analysis, we highlight that trapdoor privacy and keyword privacy are essential for a PEKS scheme to be secure against KGA. Lastly, we draw some potential research directions.