Cross-user Leakage Mitigation for Authorized Multi-user Encrypted Data Sharing

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

View graph of relations


Original languageEnglish
Pages (from-to)1213-1226
Journal / PublicationIEEE Transactions on Information Forensics and Security
Online published15 Nov 2023
Publication statusPublished - 2024


Cloud computing has been a research focus in both academic and industrial communities for decades. Along with this trend, Searchable Encryption (SE) technology emerged and developed as data privacy concerns increased. Many schemes are proposed to solve the privacy-preserving data-sharing problem in multi-user scenarios. Most existing solutions are based on the assumption that all users are trusted. However, there will be cross-user leakage when there are malicious or compromised ones. This is because of the inherent linkability of authorization information and the search result when multiple users request data from the same database. To this end, we propose a cross-user leakage mitigation scheme for authorized encrypted data sharing in a two-server model. We utilize a blinding factor to delink authorizations based on Symmetric Multi-Key Searchable Encryption (SMKSE). To break the linkability of query results, we combine the zero-sum garbled Bloom filter with the oblivious transfer technique, where each of the two servers can only know partial information. We devise a group-based Bloom filter structure in indices to improve efficiency. We perform formal security analysis and also demonstrate the efficiency through comparative experiments. © 2023 IEEE.

Research Area(s)

  • Authorization, Computer science, cross-user leakage, Databases, Encryption, garbled Bloom filter, Indexes, oblivious transfer, Searchable encryption, Servers, Urban areas