Unus pro omnibus: Multi-Client Searchable Encryption via Access Control

—Searchable encryption lets an untrusted cloud server store keyword-document tuples encrypted by writers and conduct keyword searches with tokens from readers . Multi-writer schemes naturally offer broad applicability; however, it is unclear how to achieve the distinctive features of single-writer systems, namely, optimal search traversing only the result set and forward privacy invalidating old search tokens against any new data. Cutting-edge results by Wang and Chow (Usenix Security 2022) incur extra traversal over existing keywords and weaken forward privacy that only invalidates previous-issued search tokens periodically. We propose delegatable searchable encryption (DSE) with optimal search time for the multi-writer multi-reader setting. Beyond forward privacy, DSE supports security measures countering new integrity threats by malicious clients and keyword-guessing attacks inherent to public-key schemes. These are simultaneously made conceivable via one-time delegations of updating and/or searching power from the data owner and our tailored notion of shiftable multi-recipient counter encryption. DSE also benefits from the hybrid searchable encryption idea of Wang and Chow but at a microscopic level. Our evaluation confirms the order-of-magnitude improvement in search time over real-world datasets.