On the Security of Privacy-Preserving Attribute-Based Keyword Search in Shared Multi-Owner Setting

Recently in the IEEE Transactions on Dependable and Secure Computing (doi: 10.1109/TDSC.2019.28976752019), Miao et al. proposed a novel construction of Privacy-Preserving Attribute-Based Keyword Search in Shared Multi-owner Setting (ABKS-SM), which can delegate keyword search tasks to cloud server provider (CSP) without revealing any useful information. Although the authors claimed that the offline keyword guessing attacks can be resisted in ABKS-SM scheme, we show that this scheme indeed suffers from four types of offline keyword guessing attacks and hence fails to gain the claimed security property, which is an important goal to be achieved in searchable encryption schemes. Specifically, given the concrete attacks, we demonstrate that the underlying keyword information can be extracted from both encrypted keyword indexes and trapdoors by any malicious user and any adversarial CSP. We hope that the similar security vulnerabilities could be avoided in the future design of related searchable encryption schemes.