Highly scalable verifiable encrypted search

In encrypted search, a server holds an encrypted database of documents but not the keys under which the documents are encrypted. The server answer keyword queries from a client with the list of documents matching the query. In this paper we present two highly scalable protocols to search over encrypted data which achieve full security against a possibly malicious server and supports conjunctive queries where the client submits many keywords and is asking the server to identify the documents that match all the keywords. The first protocol we present works in the single client model, where the party searching the data is also the data owner who originally stored with the server. The second protocol works in the more challenging multi-client model, where a data owner stores encrypted data with a server, and the allows a client to search the data via a query-based token. To be truly scalable, previous solutions for conjunctive queries do not require the server to look at every document in the encrypted database, but assume an honest but curious server. There are, however, realistic situations in which this assumption might not hold: for example when the software running on the server has been infected by malware. In this case the protocols above may not offer any meaningful security guarantee. Our solution removes this limitation without substantially increasing the computational cost compared to the honest-but-curious protocols. Therefore we are able to obtain full security against malicious servers basically ”for free”.