Keyword guessing attacks on a public key encryption with keyword search scheme without random oracle and its improvement

Public key encryption with keyword search (PEKS) is a useful paradigm that enables a user to delegate searching capabilities on publicly encrypted data to an untrusted third party without revealing the data contents. In 2013, Fang et al. proposed a secure channel free PEKS (SCF-PEKS) scheme without random oracle and asserted that their scheme can withstand the keyword guessing (KG) attacks by outsider attackers. Later, Shao and Yang presented an improvement of Fang et al.'s SCF-PEKS scheme so as to obtain the security against KG attacks by malicious insider servers. In this paper, we demonstrate that both Fang et al.'s SCF-PEKS scheme and the improved scheme proposed by Shao and Yang fail in achieving their security goal. Our cryptanalysis shows that the former is vulnerable to the KG attacks by outsider attackers while the latter is vulnerable to the KG attacks by malicious insider servers. To overcome the security weaknesses in these two schemes, we present a new improvement of Fang et al.'s SCF-PEKS scheme. The analysis indicates that the improved scheme provides resistance against KG attacks by either outsider attackers or malicious insider servers. (C) 2018 Elsevier Inc. All rights reserved.