Abstract

In consideration of feasibility, searchable encryption schemes in multi-user setting have to handle the problem of dynamical user injection and revocation, especially to make sure that user revocation will not cause security issues, such as secret key leakage. Recently, fine-grained access control using trusted third party is proposed to resolve this issue, however, it increases the management complexity for maintaining massive authentication information of users. In this paper, we for the first time present new concept of coarse-grained access control and use it to construct a multi-user searchable encryption model in hybrid cloud. In our construction, two typical schemes are used, one is broadcast encryption (BE) scheme to simplify access control, and the other is single-user searchable encryption scheme, which can support two-phase operation and be secure when untrusted server colludes with the adversary. Furthermore, we implement such a practical scheme using an improved searchable symmetric encryption scheme, and security analysis shows that our scheme is secure.