Public Key Encryption with Keyword Search (PEKS) is a common cryptographic primitive that facilitates secure keyword search over encrypted data so that the keywords hidden inside are concealed from unauthorized parties. For facilitating more complex search operations, Expressive PEKS (EPEKS) generalizes the fundamental PEKS to accommodate expressive queries like conjunctive and disjunctive keyword search. Provision of these expressive features is usually facilitated by Attribute-Based Encryption (ABE). With additional features, though, current EPEKS systems are susceptible to keyword guessing attacks that compromise the confidentiality of the search queries. This work examines Shen et al.\'s (2019) modified expressive PEKS scheme from a keyword guessing attack vulnerability perspective. To mitigate such security attacks, we present a new improved encryption-decryption model with expressive search functionality but improved guessing attack resistance. Our approach employs a secure means of key sharing, e.g., Diffie-Hellman or Elliptic Curve Diffie-Hellman (ECDH), to facilitate secure communication. We deploy the suggested framework and evaluate its performance and security attributes, demonstrating its capacity to provide expressive search ability as well as resist keyword inference attacks successfully.
Introduction
The rapid rise of cloud computing has increased the need for secure and efficient methods of searching encrypted data. Public Key Encryption with Keyword Search (PEKS) allows users to search encrypted data without decrypting it, ensuring data privacy. To support complex search queries (e.g., AND/OR/Boolean), Expressive PEKS (EPEKS) was introduced. However, EPEKS schemes are vulnerable to keyword guessing attacks, which can expose private search terms.
This work identifies security flaws in Shen et al.’s (2019) EPEKS model and proposes a more secure and efficient alternative using Diffie-Hellman (DH) or Elliptic Curve DH (ECDH) key exchange. The new approach improves keyword privacy while maintaining search performance. It uses techniques such as randomized trapdoor generation, non-deterministic encryption, and hash obfuscation to resist adversarial attacks.
Key Contributions:
A secure EPEKS framework combining Attribute-Based Encryption (ABE) and secure key exchange.
Real-time, session-based encryption to prevent static trapdoor reuse.
Defenses against keyword guessing through obfuscation and randomness.
Scalable and privacy-preserving design suitable for cloud environments.
Literature Insights:
A broad survey of 20 related works highlights:
Most current PEKS/EPEKS models suffer from scalability, performance, or security limitations.
Several approaches lack protection against side-channel and keyword-guessing attacks.
Others are constrained by computational complexity, key management challenges, or lack of real-world implementation.
Recent advancements introduce lattice-based, blockchain-integrated, and multi-identity encryption schemes, but many remain theoretical or limited in scope.
Proposed Methodology:
System Initialization & Key Generation:
Generate RSA/ECC key pairs using PyCryptodome.
Establish a secure session key via DH or ECDH.
Keyword Encryption & Trapdoor Generation:
Encrypt keywords using the user’s public key.
Generate secure, randomized trapdoors for search queries.
Secure Communication:
Use session keys for encrypted transmission between users and the server.
Protect trapdoors and queries from exposure to prevent inference attacks.
Conclusion
With the age of cloud-based data storage and retrieval, the balance between data privacy and effective search functionality is more important now. While advanced query functionalities such as conjunctive and disjunctive searches have been made possible by Expressive Public Key Encryption with Keyword Search (EPEKS), current models are still susceptible to keyword guessing attacks that violate user privacy. The suggested methodology, with the backing of robust testing and deployment, illustrates that expressive and secure keyword search over encrypted content is feasible. This work is a major improvement towards constructing practical, privacy-enhancing searchable encryption systems applicable to contemporary cloud setting.
References
[1] “Secure and Efficient Fuzzy Keyword Search Over Encrypted Data in Cloud Computing”– Xinyu Liu et al.– 2021
[2] “A compact ciphertext-policy attribute-based encryption scheme for the information-centric IoT” – Jing wang 1,2, Neal Naixue Xiong3, Jinhai Wang4 -2018
[3] “Expressive CP-ABE Scheme for Mobile Devices in IoT Satisfying Constant-Size Keys and Ciphertexts” – Vanga Odelu1, Ashok Kumar Das2, Muhammad Khurram Khan3 (senior member, IEEE), Kim-Kwang Raymond choo4 (senior member, IEEE), and Minho Jo5, (senior member, IEEE)– 2017
[4] “Efficient and Expressive Access Control With Revocation for Privacy of PHR Based on OBDD Access Structure” – KENNEDY EDEMACU, BEAKCHEOL JANG, AND JONG WOOK KIM, (Member, IEEE)– 2020
[5] “Multi-Keyword Searchable and Data Verifiable Attribute-Based Encryption Scheme for Cloud Storage” – JIN SUN, LILI REN , SHANGPING WANG, AND XIAOMIN YAO– 2019
[6] “Blockchain-Assisted Searchable Encryption for Decentralized Storage” – Yuan Zhang .- 2023
[7] “Leakage-Resilient PEKS Using Post-Quantum Cryptography” – Jinghui Tsu – 2024
[8] “Medical Image Encryption Through Chaotic Asymmetric Cryptosystem” – TUTU RAJA NINGTHOUKHONGJAM, SURSITA DEVI HEISNAM, AND MANGLEM SINGH KHUMANTHEM– 2024
[9] “A Pairing-Free Provable Public Key Dual Receiver Encryption Scheme” – EMAN ABOUELKHEIR 1,2 AND SHAMIA EL-SHERBINY2. – 2024
[10] “Concise and Efficient Multi-Identity Fully Homomorphic Encryption Scheme”– GUANGSHENG TU 1 , WENCHAO LIU 2,3, TANPING ZHOU 2,3 , XIAOYUAN YANG2,3, AND FAN ZHANG1– 2024
[11] “Data Secure De-Duplication and Recovery Based on Public Key Encryption With Keyword Search” – LE LI 1 , DONG ZHENG 1,2, HAOYU ZHANG 1 , AND BAODONG QIN 1. – 2023
[12] “Cybersecurity-Enhanced Encrypted Control System Using Keyed-Homomorphic Public Key Encryption” –MASAKI MIYAMOTO 1 , (Graduate Student Member, IEEE), KAORU TERANISHI 1,2, (Graduate Student Member, IEEE), KEITA EMURA 3 , AND KIMINAO KOGISO 1 , (Member, IEEE) – 2023
[13] 13. “Trapdoor Privacy in Public Key Encryption With Keyword Search: A Review” – KOON-MING CHAN 1 , SWEE-HUAY HENG 1 , WEI-CHUEN YAU 2 , (Member, IEEE), AND SHING-CHIANG TAN 1– 2022
[14] 14.“Privacy-Preserving Preselection for Protected Biometric Identification Using PEKS” – Pia Bauspieß, Jascha Kolberg, Pawel Drozdowski, Christian Rathgeb, and Christoph Busch– 2023
[15] 15.“A Pairing-Free Certificateless Searchable Public Key Encryption Scheme for IIoT” – XIAOGUANG LIU 1,2,3, HAO DONG 2,3, NEHA KUMARI4, AND JAYAPRAKASH KAR. – 2023
[16] “IPO-PEKS: Effective Inner Product Outsourcing Searchable Encryption From Lattice in IoT” – MIAO WANG 1 , LIWANG SUN1 , ZHENFU CAO1,-2024
[17] “Achieving Secure, Verifiable, and Efficient Boolean Keyword Searchable Encryption for Cloud Data Warehouse” – SOMCHART FUGKEAW, (Member, IEEE), LYHOUR HAK, AND THANARUK THEERAMUNKONG– 2024
[18] “A New 12-Bit Chaotic Image Encryption Scheme Using a 12 × 12 Dynamic S-Box” – SALEH IBRAHIM 1,2, ALAA M. ABBAS 1,3, AYMAN A. ALHARBI 4 , AND MARWAN ALI ALBAHAR. – 2024
[19] “Efficient and Expressive Public Key Authenticated Encryption with Keyword Search in Multi-user Scenarios” – Jiayin Cai – 2025
[20] “Blockchain-based Privacy-Preserving Public Key Searchable Encryption”- Yue Han et al .- 2023
[21] “Lattice-based Public Key Encryption with Authorized Keyword Search” - Shiyuan Xu et al. - 2023
[22] “Authenticated Encryption with Keyword Search Improved” - Guiquan Yang et al. - 2024
[23] “Hierarchical Identity-Based Authenticated Encryption” - Dorsa Shiraly - 2024
[24] “PAEKS Made Easy” - Qinyi Li, Xavier Boyen - 2024
[25] “Query-Recovery Attack on Searchable Encryption” - Marc Damie - 2023
[26] “Key-Updatable PEKS with Ciphertext Sharing”- Fen Wang - 2022
[27] “PAEKS Construction Based on LWE”- Ziqing Wang. - 2024
[28] “Efficient and Expressive Public Key Authenticated Encryption with Keyword Search in Multi-user Scenarios (v11)”- Jiayin Cai - 2025
[29] “Blockchain-based Privacy-Preserving Public Key Searchable Encryption (v12)”- Yue Han et al.- 2023
[30] “Public Key Authenticated Encryption with Keyword Search Improved (v14)” – Guiquan Yang -2024
[31] “Hierarchical Identity-Based Authenticated Encryption (v15)” –Dorsa Shiraly et al.- 2024
[32] “Query-Recovery Attack on Searchable Encryption (v17)” – Marc Damie – 2023
[33] “Key-Updatable PEKS with Ciphertext Sharing (v18)” – Fen Wang et al.– 2022
[34] “PAEKS Construction Based on LWE (v19)” –Ziqing Wang – 2024
[35] “Survey on PEKS in Cloud (v20)” – Zhang – 2023