PAEWS: Public-Key Authenticated Encryption With Wildcard Search Over Outsourced Encrypted Data

Public-key Encryption with Keyword Search (PEKS) is a promising cryptographic mechanism that enables a semi-trusted cloud server to perform (on-demand) keyword searches over encrypted data for data users. Existing PEKS schemes are limited to precise or fuzzy keyword searches, creating a gap given the widespread use of wildcards for rapid searches in real-world applications. To address this issue, several wildcard keyword search schemes have been proposed to support wildcard searches in the public-key setting. However, these schemes suffer from inefficiency and/or inflexibility. Worse yet, they are all vulnerable to (insider) keyword guessing attacks (KGA), which is highly effective when the keyword space is polynomial in size. To address these vulnerabilities, this paper first proposes a new wildcard keyword search scheme called Public-key Encryption with Wildcard Search (PEWS), which is built based on the standard Decisional Diffie-Hellman (DDH) assumption. The complexity of all algorithms in PEWS increases linearly with the keyword length, while remaining almost constant or even decreasing linearly with the number of wildcards. To resist against (insider) KGA, we further extend PEWS into the first Public-key Authenticated Encryption with Wildcard Search (PAEWS) scheme. Our PEWS and PAEWS schemes are highly flexible, supporting searches for any number of wildcards positioned anywhere within the keyword. We conduct a comprehensive performance evaluation of our PEWS and PAEWS, while also comparing PEWS with the state-of-the-art scheme in the public-key setting. The experimental results demonstrate that both PEWS and PAEWS are efficient and practical, and the experimental comparisons illustrate that PEWS achieves approximately 2x faster computation and reduces communication by at least 50%.