Comment on "An Efficient Privacy-Preserving Ranked Multi-Keyword Retrieval for Multiple Data Owners in Outsourced Cloud"

TL;DR

The paper critiques Li et al.'s PRMKR scheme for privacy-preserving ranked multi-keyword retrieval in outsourced cloud settings. It identifies vulnerabilities to offline keyword-guessing attacks on both index and trapdoor and reveals document privacy exposure due to a public document key, underlining weak key-management. It then proposes concrete remedies, including introducing a master secret key (MSK), hiding random components, separating index and trapdoor randomness, and removing the document key from public parameters, with a view toward integrating attribute-based encryption. The work highlights the need for rigorous key-management and suggests AB keyword search as a promising direction for secure multi-owner SE.

Abstract

Protecting the privacy of keywords in the field of search over outsourced cloud data is a challenging task. In IEEE Transactions on Services Computing (Vol. 17 No. 2, March/April 2024), Li et al. proposed PRMKR: efficient privacy-preserving ranked multi-keyword retrieval scheme, which was claimed to resist keyword guessing attack. However, we show that the scheme fails to resist keyword guessing attack, index privacy, and trapdoor privacy. Further, we propose a solution to address the above said issues by correcting the errors in the important equations of the scheme.