SPKSE: Secure Public Key Searchable Encryption withstand Keyword Guessing Attacks

Public Key Searchable Encryption (PKSE) enables secure keyword searches over encrypted data, making it a critical tool for outsourced storage systems. However, existing PKSE schemes remain vulnerable to two types of keyword guessing attacks: offline attacks, where adversaries leverage the public key to systematically generate and test indices for potential keywords, and online attacks, where attackers inject spurious documents to infer queried keywords based on server responses. While most schemes focus on mitigating offline attacks, they often fail to address online threats, leaving the system susceptible to query inference attacks. To address these limitations, we propose a PKSE scheme that simultaneously defends against both offline and online keyword guessing attacks. Our design introduces two key mechanisms: first, by embedding the sender’s private key into the index ciphertext generation, we prevent adversaries from forging valid ciphertexts, effectively mitigating offline guessing attacks; second, through a re-randomization mechanism applied to matched ciphertexts, we eliminate query response patterns, preventing online attackers from linking ciphertexts to keywords. We formally define the security model, rigorously prove the scheme’s resilience against both attacks, and conduct a comprehensive performance evaluation. Experimental results demonstrate that our approach achieves a strong balance between security and efficiency, making it well-suited for real-world encrypted search applications.