Multi-Client Verifiable Encrypted Keyword Search Scheme With Authorization Over Outsourced Encrypted Data

Data outsourcing is a key service of cloud computing. While data encryption ensures confidentiality, it limits the ability to search encrypted data. Recently, ciphertext-policy attribute-based keyword search (CP-ABKS) schemes, which combine symmetric searchable encryption (SSE) and ciphertext-policy attribute-based encryption (CP-ABE), have gained attention. However, most CP-ABKS schemes depend on an independent key management server (KMS) for key distribution, risking key leakage if the KMS is compromised. Additionally, these schemes lack secure update operations and efficient search result verification. To address these issues, we propose VKSA, a verifiable encrypted keyword search scheme with authorization for cloud-based multi-client environments. VKSA features a novel policy-hidden index for proxy-free authorized searches, a state-based secure update strategy for forward and backward security, and a delegated search result verification mechanism to ensure efficient and privacy-preserving verification. We further optimize VKSA for improved computational and enclave-storage efficiency. Security analysis and experiments confirm the security and efficiency of our schemes.