{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T23:27:35Z","timestamp":1780615655278,"version":"3.54.1"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2020,11,22]],"date-time":"2020-11-22T00:00:00Z","timestamp":1606003200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,11,22]],"date-time":"2020-11-22T00:00:00Z","timestamp":1606003200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003513","name":"University of Surrey","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100003513","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2021,10]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>We introduce<jats:italic>Password Authenticated Searchable Encryption (PASE)<\/jats:italic>, a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PASE ensures that only the legitimate user who knows the initially registered password can perform these operations. In particular, PASE guarantees that no single server can mount an offline attack on the user\u2019s password or learn any information about the encrypted keywords. The concept behind PASE protocols extends previous concepts behind searchable encryption by removing the requirement on the client to store high-entropy keys, thus making the protocol device-agnostic on the user side. In this paper, we model the functionality of PASE along with two security requirements (indistinguishability against chosen keyword attacks and authentication) and propose an efficient direct construction in a two-server setting those security we prove in the standard model under the Decisional Diffie\u2013Hellman assumption. Our constructions support outsourcing and retrieval procedures based on multiple keywords and allow users to change their passwords without any need for the re-encryption of the outsourced data. Our theoretical efficiency comparisons and experimental performance and scalability measurements show that the proposed scheme is practical and offers high performance in relation to computations and communications on the user side. The practicality of our PASE scheme is further demonstrated through its implementation within a JavaScript-based web application that can readily be executed on any (mobile) browser and remains practical for commodity user devices such as laptops and smartphones.<\/jats:p>","DOI":"10.1007\/s10207-020-00524-5","type":"journal-article","created":{"date-parts":[[2020,11,22]],"date-time":"2020-11-22T03:02:28Z","timestamp":1606014148000},"page":"675-693","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Password-authenticated searchable encryption"],"prefix":"10.1007","volume":"20","author":[{"given":"Liqun","family":"Chen","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kaibin","family":"Huang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1512-9670","authenticated-orcid":false,"given":"Mark","family":"Manulis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Venkkatesh","family":"Sekar","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,11,22]]},"reference":[{"key":"524_CR1","unstructured":"2020 data breach investigations report, https:\/\/enterprise.verizon.com\/en-gb\/resources\/reports\/dbir\/. Accessed 31 Aug 2020"},{"issue":"3","key":"524_CR2","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1007\/s00145-007-9006-6","volume":"21","author":"M Abdalla","year":"2008","unstructured":"Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: consistency properties, relation to anonymous IBE, and Extensions. J. Cryptol. 21(3), 350\u2013391 (2008)","journal-title":"J. Cryptol."},{"key":"524_CR3","first-page":"65","volume-title":"PKC\u201905. LNCS","author":"M Abdalla","year":"2005","unstructured":"Abdalla, M., Fouque, P., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC\u201905. LNCS, vol. 3386, pp. 65\u201384. Springer, Berlin (2005)"},{"key":"524_CR4","doi-asserted-by":"crossref","unstructured":"Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: CCS\u201911. ACM, pp. 433\u2013444 (2011)","DOI":"10.1145\/2046707.2046758"},{"key":"524_CR5","doi-asserted-by":"crossref","unstructured":"Ballard, L., Kamara, S., Monrose, F.: Achieving efficient conjunctive keyword searches over encrypted data. In: ICICS\u201905. LNCS, vol. 3783, Springer, pp. 414\u2013426 (2005)","DOI":"10.1007\/11602897_35"},{"key":"524_CR6","doi-asserted-by":"publisher","unstructured":"Bellare, M., Boldyreva, A., O\u2019Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) Advances in Cryptology\u2014CRYPTO 2007, In: 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings. LNCS, vol. 4622, pp. 535\u2013552. Springer (2007).https:\/\/doi.org\/10.1007\/978-3-540-74143-5_30","DOI":"10.1007\/978-3-540-74143-5_30"},{"key":"524_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: CRYPTO\u201996. LNCS, vol. 1109, Springer, pp. 1\u201315 (1996)","DOI":"10.1007\/3-540-68697-5_1"},{"key":"524_CR8","doi-asserted-by":"publisher","unstructured":"Bellare, M., Keelveedhi, S., Ristenpart, T.: Message-locked encryption and secure deduplication. In: Advances in Cryptology \u2013 EUROCRYPT 2013, pp. 296\u2013312. Springer, Berlin, Heidelberg (2013), https:\/\/doi.org\/10.1007\/978-3-642-38348-9_18","DOI":"10.1007\/978-3-642-38348-9_18"},{"key":"524_CR9","doi-asserted-by":"crossref","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: EUROCRYPT\u201900. LNCS, vol. 1807, Springer, pp. 139\u2013155 (2000)","DOI":"10.1007\/3-540-45539-6_11"},{"key":"524_CR10","doi-asserted-by":"crossref","unstructured":"Boneh, D., Crescenzo, G.D., Ostrovsky, R., Persiano, G.: Public Key Encryption with Keyword Search. In: EUROCRYPT\u201904. pp. 506\u2013522 (2004)","DOI":"10.1007\/978-3-540-24676-3_30"},{"key":"524_CR11","doi-asserted-by":"crossref","unstructured":"Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: TCC\u201907. LNCS, vol. 4392, Springer, pp. 535\u2013554 (2007)","DOI":"10.1007\/978-3-540-70936-7_29"},{"key":"524_CR12","doi-asserted-by":"crossref","unstructured":"Camenisch, J., Enderlein, R.R., Neven, G.: Two-server password-authenticated secret sharing uc-secure against transient corruptions. In: PKC\u201915. LNCS, vol. 9020, Springer, pp. 283\u2013307 (2015)","DOI":"10.1007\/978-3-662-46447-2_13"},{"key":"524_CR13","doi-asserted-by":"crossref","unstructured":"Camenisch, J., Lehmann, A., Lysyanskaya, A., Neven, G.: Memento: How to reconstruct your secrets from a single password in a hostile environment. In: CRYPTO\u201914. LNCS, vol. 8617, Springer, pp. 256\u2013275 (2014)","DOI":"10.1007\/978-3-662-44381-1_15"},{"key":"524_CR14","unstructured":"Camenisch, J., Lysyanskaya, A., Neven, G.: Practical yet universally composable two-server password-authenticated secret sharing. In: CCS\u201912. pp. 525\u2013536 (ACM, 2012)"},{"key":"524_CR15","doi-asserted-by":"publisher","unstructured":"Canard, S., Fuchsbauer, G., Gouget, A., Laguillaumie, F.: Plaintext-checkable encryption. In: Dunkelman, O. (ed.) Topics in Cryptology\u2014CT-RSA 2012\u2014The Cryptographers\u2019 Track at the RSA Conference 2012, San Francisco, CA, USA, February 27\u2014March 2, 2012. Proceedings. LNCS, vol. 7178, pp. 332\u2013348. Springer (2012), https:\/\/doi.org\/10.1007\/978-3-642-27954-6-21","DOI":"10.1007\/978-3-642-27954-6-21"},{"key":"524_CR16","doi-asserted-by":"crossref","unstructured":"Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Ro\u015fu, M.C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Annual Cryptology Conference. Springer, pp. 353\u2013373 (2013)","DOI":"10.1007\/978-3-642-40041-4_20"},{"key":"524_CR17","doi-asserted-by":"publisher","unstructured":"Chase, M., Kamara, S.: Structured encryption and controlled disclosure. In: Advances in Cryptology \u2014ASIACRYPT 2010, pp. 577\u2013594. Springer, Berlin, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_33","DOI":"10.1007\/978-3-642-17373-8_33"},{"issue":"4","key":"524_CR18","doi-asserted-by":"crossref","first-page":"789","DOI":"10.1109\/TIFS.2015.2510822","volume":"11","author":"R Chen","year":"2016","unstructured":"Chen, R., Mu, Y., Yang, G., Guo, F., Wang, X.: Dual-server public-key encryption with keyword search for secure cloud storage. IEEE Trans. Inf. For. Sec. 11(4), 789\u2013798 (2016)","journal-title":"IEEE Trans. Inf. For. Sec."},{"issue":"5","key":"524_CR19","doi-asserted-by":"publisher","first-page":"895","DOI":"10.3233\/JCS-2011-0426","volume":"19","author":"R Curtmola","year":"2011","unstructured":"Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895\u2013934 (2011)","journal-title":"J. Comput. Secur."},{"issue":"5","key":"524_CR20","doi-asserted-by":"publisher","first-page":"895","DOI":"10.3233\/JCS-2011-0426","volume":"19","author":"R Curtmola","year":"2011","unstructured":"Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comp. Secur. 19(5), 895\u2013934 (2011)","journal-title":"J. Comp. Secur."},{"key":"524_CR21","unstructured":"Dawn Xiaoding Song, Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceeding 2000 IEEE Symposium on Security and Privacy. S P 2000. pp. 44\u201355 (2000)"},{"key":"524_CR22","doi-asserted-by":"publisher","unstructured":"Fuhr, T., Paillier, P.: Decryptable searchable encryption. In: Provable Security, pp. 228\u2013236. Springer, Berlin, Heidelberg, https:\/\/doi.org\/10.1007\/978-3-540-75670-5_17","DOI":"10.1007\/978-3-540-75670-5_17"},{"key":"524_CR23","unstructured":"Goh, E.J.: Secure indexes. Cryptology ePrint Archive, Report 2003\/216 (2003), http:\/\/eprint.iacr.org\/2003\/216\/. Accessed 31 Aug 2020"},{"issue":"4","key":"524_CR24","doi-asserted-by":"publisher","first-page":"1364","DOI":"10.1137\/S0097539793244708","volume":"28","author":"J H\u00e5stad","year":"1999","unstructured":"H\u00e5stad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364\u20131396 (1999)","journal-title":"SIAM J. Comput."},{"key":"524_CR25","doi-asserted-by":"crossref","unstructured":"Ibraimi, L., Nikova, S., Hartel, P., Jonker, W.: Public-key encryption with delegated search. In: International Conference on Applied Cryptography and Network Security. Springer, pp. 532\u2013549 (2011)","DOI":"10.1007\/978-3-642-21554-4_31"},{"key":"524_CR26","doi-asserted-by":"crossref","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H.: Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In: ASIACRYPT\u201914. LNCS, vol. 8874, Springer, pp. 233\u2013253 (2014)","DOI":"10.1007\/978-3-662-45608-8_13"},{"key":"524_CR27","doi-asserted-by":"crossref","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: Highly-efficient and composable password-protected secret sharing (or: How to protect your bitcoin wallet online). In: EuroS&P\u201916. pp. 276\u2013291. IEEE (2016)","DOI":"10.1109\/EuroSP.2016.30"},{"key":"524_CR28","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF. IACR Cryptology ePrint Archive 2017, 363 (2017), http:\/\/eprint.iacr.org\/2017\/363. Accessed 31 Aug 2020"},{"key":"524_CR29","unstructured":"Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: CCS\u201912. pp. 965\u2013976 (ACM, 2012)"},{"key":"524_CR30","doi-asserted-by":"crossref","unstructured":"Kiefer, F., Manulis, M.: Blind Password Registration for Two-Server Password Authenticated Key Exchange and Secret Sharing Protocols. In: ISC\u201916. LNCS, vol. 9866, Springer, pp. 95\u2013114 (2016)","DOI":"10.1007\/978-3-319-45871-7_7"},{"key":"524_CR31","doi-asserted-by":"crossref","unstructured":"Kiefer, F., Manulis, M.: Universally Composable Two-Server PAKE. In: ISC\u201916. LNCS, vol. 9866, Springer, pp. 147\u2013166 (2016)","DOI":"10.1007\/978-3-319-45871-7_10"},{"key":"524_CR32","doi-asserted-by":"crossref","unstructured":"Krawczyk, H.: Cryptographic extraction and key derivation: The HKDF scheme. In: CRYPTO\u201910. LNCS, vol. 6223, Springer, pp. 631\u2013648 (2010)","DOI":"10.1007\/978-3-642-14623-7_34"},{"issue":"2","key":"524_CR33","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1137\/0217022","volume":"17","author":"M Luby","year":"1988","unstructured":"Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373\u2013386 (1988)","journal-title":"SIAM J. Comput."},{"issue":"3","key":"524_CR34","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/s10207-015-0294-9","volume":"15","author":"C \u00d6rencik","year":"2016","unstructured":"\u00d6rencik, C., Selcuk, A., Savas, E., Kantarcioglu, M.: Multi-keyword search over encrypted data with scoring and search pattern obfuscation. Int. J. Inf. Sec. 15(3), 251\u2013269 (2016)","journal-title":"Int. J. Inf. Sec."},{"key":"524_CR35","unstructured":"Ostrovsky, R.: Software protection and simulation on oblivious RAMs. Ph.D. thesis, Massachusetts Institute of Technology (1992)"},{"key":"524_CR36","doi-asserted-by":"crossref","unstructured":"Park, D.J., Kim, K., Lee, P.J.: Public key encryption with conjunctive field keyword search. In: WISA\u201904. LNCS, vol. 3325, Springer, pp. 73\u201386 (2004)","DOI":"10.1007\/978-3-540-31815-6_7"},{"key":"524_CR37","doi-asserted-by":"crossref","unstructured":"Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: CRYPTO\u201991. LNCS, vol. 576, Springer, pp. 129\u2013140 (1991)","DOI":"10.1007\/3-540-46766-1_9"},{"key":"524_CR38","unstructured":"Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. IACR Cryptology ePrint Archive 2013, 832 (2013), http:\/\/eprint.iacr.org\/2013\/832. Accessed 31 Aug 2020"},{"key":"524_CR39","doi-asserted-by":"publisher","unstructured":"Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: Empirical analysis of user passwords across online services. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. p. 196-203. CODASPY \u201918, Association for Computing Machinery, New York, NY, USA (2018), https:\/\/doi.org\/10.1145\/3176258.3176332","DOI":"10.1145\/3176258.3176332"},{"key":"524_CR40","doi-asserted-by":"crossref","unstructured":"Yi, X., Hao, F., Chen, L., Liu, J.K.: Practical threshold password-authenticated secret sharing protocol. In: ESORICS\u201915. LNCS, vol. 9326, Springer, pp. 347\u2013365 (2015)","DOI":"10.1007\/978-3-319-24174-6_18"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00524-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-020-00524-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00524-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,13]],"date-time":"2023-10-13T05:57:14Z","timestamp":1697176634000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-020-00524-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,22]]},"references-count":40,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2021,10]]}},"alternative-id":["524"],"URL":"https:\/\/doi.org\/10.1007\/s10207-020-00524-5","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,22]]},"assertion":[{"value":"22 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"All authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}