Multi-client Cloud-based Symmetric Searchable Encryption

We propose a multi-client Symmetric Searchable Encryption (SSE) scheme based on the single-user protocol (Cash et al., CRYPTO 2013). The scheme allows any user to generate a search query by interacting with any θ-1 (θ is a threshold parameter) ‘helping’ users. It preserves the privacy of a database content against the server assuming a leakage of up to θ-1 users' keys to the server while hiding the query from the θ-1 ‘helping users’. To achieve the query privacy, we design a new distributed key-homomorphic pseudorandom function (PRF) that hides the PRF input (search keyword) from the ‘helping’ users. We present a concrete construction of our randomizable distributed PRF. By distributing the utilized keys among the users, the need for a constant online presence of the data owner to provide services to the users is eliminated, while providing resilience against a user key exposure. We extended our scheme to support user revocation in two different scenarios. In addition, we give a solution for fast update of the encryption key with the overhead significantly smaller than the re-encryption and re-uploading the database. Moreover, our scheme is secure against passive and active collusion between the server and a subset of users.