Efficient and Verifiable Ciphertext Retrieval Scheme Based on Trusted Execution Environment

WU Axin; FENG Dengguo; ZHANG Min; CHI Jialin; YI Yuling

doi:10.11999/JEIT251358

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2026 >

WU Axin, FENG Dengguo, ZHANG Min, CHI Jialin, YI Yuling. Efficient and Verifiable Ciphertext Retrieval Scheme Based on Trusted Execution Environment[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT251358

Citation:

WU Axin, FENG Dengguo, ZHANG Min, CHI Jialin, YI Yuling. Efficient and Verifiable Ciphertext Retrieval Scheme Based on Trusted Execution Environment[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT251358

Citation:

PDF( 1319 KB)

Efficient and Verifiable Ciphertext Retrieval Scheme Based on Trusted Execution Environment

doi: 10.11999/JEIT251358 cstr: 32379.14.JEIT251358

WU Axin¹,
FENG Dengguo^{1, 2, 3},
ZHANG Min^{2
,
,},
CHI Jialin²,
YI Yuling^{2, 3}

1.
State Key Laboratory of Cryptology, Beijing 100878, China
2.
Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
3.
University of Chinese Academy of Sciences, Beijing 100049, China

Funds: The National Key R&D Program of China (2022YFB4501500, 2022YFB4501503)

Accepted Date: 2026-02-12
Rev Recd Date: 2026-02-12

Available Online: 2026-03-04

Abstract

Abstract

The ciphertext retrieval mechanism enables retrieval functionality over encrypted data. Symmetric Searchable Encryption (SSE) is a critical branch of ciphertext retrieval. However, due to considerations such as saving computing power, cloud servers may return incorrect or incomplete results. Moreover, attackers can also exploit these leaked information from search and access patterns to reconstruct the keyword details. Therefore, it is necessary and meaningful to protect the privacy of search and access patterns while achieving result verifiability. Nevertheless, existing verifiable SSE schemes that support search and access pattern privacy typically rely on keyword traversal mechanisms and their verification mechanisms are inefficient, which impose high computational and communication overheads on users. To address the above performance bottlenecks, this paper introduces an efficient and verifiable ciphertext retrieval scheme based on Trusted Execution Environment (TEE). To improve the efficiency of ciphertext retrieval, this scheme employs the collaborative implementation of hardware-level security isolation and oblivious data rearrangement to achieve keyword trapdoor size independent of the size of the keyword dictionary. Meanwhile, the correctness of the returned results is verified by embedding random numbers and blinding polynomial constant terms. Thanks to these designs, the scheme achieves significant efficiency improvements. Specifically, firstly, this scheme ensures that the size of keyword trapdoors depends solely on the number of query keywords, not the global dictionary size, effectively minimizing communication and computational costs. Secondly, this scheme requires storing only two random numbers to enable verifiability, substantially minimizing local storage overhead for users. Thirdly, the adoption of techniques, such as enabling data users to retrieve results via single-server and single-round interaction and leveraging symmetric homomorphic encryption, further enhances operational efficiency. Additionally, confidential computing within TEE weakens the security assumptions and trust level towards TEE. After formally proving the security of the proposed scheme using simulation-based methods, this paper has conducted a comprehensive performance evaluation. The evaluation results confirm that this scheme is significantly more efficient than other schemes with the same functionalities.
- Ciphertext Retrieval,
- Symmetric Searchable Encryption,
- Verifiability,
- Search and Access Pattern Privacy,
- Trusted Execution Environment.

FullText(HTML)

References(40)

References

[1]	SINGH A and CHATTERJEE K. Cloud security issues and challenges: A survey[J]. Journal of Network and Computer Applications, 2017, 79: 88–115. doi: 10.1016/j.jnca.2016.11.027.
[2]	张玉清, 王晓菲, 刘雪峰, 等. 云计算环境安全综述[J]. 软件学报, 2016, 27(6): 1328–1348. doi: 10.13328/j.cnki.jos.005004. ZHANG Yuqing, WANG Xiaofei, LIU Xuefeng, et al. Survey on cloud computing security[J]. Journal of Software, 2016, 27(6): 1328–1348. doi: 10.13328/j.cnki.jos.005004.
[3]	RAGHAVENDRA S, REDDY C S, GEETA C M, et al. Survey on data storage and retrieval techniques over encrypted cloud data[J]. International Journal of Computer Science and Information Security, 2016, 14(9): 718. (查阅网上资料, 未找到本条文献信息, 请确认).
[4]	王祥宇, 马鑫迪, 梁岩荣, 等. 开放大数据安全存储与检索系统[J]. 网络空间安全科学学报, 2024, 2(3): 13–26. doi: 10.20172/j.issn.2097-3136.240302. WANG Xiangyu, MA Xindi, LIANG Yanrong, et al. Secure storage and retrieval system for open big data[J]. Journal of Cybersecurity, 2024, 2(3): 13–26. doi: 10.20172/j.issn.2097-3136.240302.
[5]	迟佳琳, 冯登国, 张敏, 等. 隐私保护密文检索技术研究进展[J]. 电子与信息学报, 2024, 46(5): 1546–1569. doi: 10.11999/JEIT231300. CHI Jialin, FENG Dengguo, ZHANG Min, et al. Advances in privacy-preserving ciphertext retrieval[J]. Journal of Electronics & Information Technology, 2024, 46(5): 1546–1569. doi: 10.11999/JEIT231300.
[6]	LI Feng, MA Jianfeng, MIAO Yinbin, et al. A survey on searchable symmetric encryption[J]. ACM Computing Surveys, 2024, 56(5): 119. doi: 10.1145/3617991.
[7]	WANG Na, ZHOU Wen, HAN Qingyun, et al. A lightweight privacy-preserving ciphertext retrieval scheme based on edge computing[J]. IEEE Transactions on Cloud Computing, 2024, 12(4): 1273–1290. doi: 10.1109/TCC.2024.3461732.
[8]	DOU Haochen, DAN Zhenwu, XU Peng, et al. Dynamic searchable symmetric encryption with strong security and robustness[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 2370–2384. doi: 10.1109/TIFS.2024.3350330.
[9]	GAO Nan, FAN Kai, WANG Haoyang, et al. Dynamic multi-user authorization in ciphertext retrieval with proxy re-encryption[J]. IEEE Transactions on Dependable and Secure Computing, 2025, 22(6): 5918–5930. doi: 10.1109/TDSC.2025.3577208.
[10]	WU Axin, YANG Anjia, LUO Weiqi, et al. Enabling traceable and verifiable multi-user forward secure searchable encryption in hybrid cloud[J]. IEEE Transactions on Cloud Computing, 2023, 11(2): 1886–1898. doi: 10.1109/tcc.2022.3170362.
[11]	OYA S and KERSCHBAUM F. Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption[C]. Proceedings of the 30th USENIX Security Symposium, 2021. (查阅网上资料, 未找到对应的出版地信息, 请确认).
[12]	CASH D, GRUBBS P, PERRY J, et al. Leakage-abuse attacks against searchable encryption[C]. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver Colorado, USA, 2015: 668–679. doi: 10.1145/2810103.2813700.
[13]	LIU Chang, ZHU Liehuang, WANG Mingzhong, et al. Search pattern leakage in searchable encryption: Attacks and new construction[J]. Information Sciences, 2014, 265: 176–188. doi: 10.1016/j.ins.2013.11.021.
[14]	WANG Yunling, SUN Shifeng, WANG Jianfeng, et al. Achieving searchable encryption scheme with search pattern hidden[J]. IEEE Transactions on Services Computing, 2022, 15(2): 1012–1025. doi: 10.1109/TSC.2020.2973139.
[15]	SONG Qiyang, LIU Zhuotao, CAO Jiahao, et al. SAP-SSE: Protecting search patterns and access patterns in searchable symmetric encryption[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 1795–1809. doi: 10.1109/tifs.2020.3042058.
[16]	SHANG Zhiwei, OYA S, PETER A, et al. Obfuscated access and search patterns in searchable encryption[C]. Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021: 1–18. (查阅网上资料, 未找到对应的出版地信息, 请确认).
[17]	YANG Yunbo, HU Yiwei, DONG Xiaolei, et al. OpenSE: Efficient verifiable searchable encryption with access and search pattern hidden for cloud-IoT[J]. IEEE Internet of Things Journal, 2024, 11(8): 13793–13809. doi: 10.1109/jiot.2023.3337336.
[18]	WU Axin, FENG Dengguo, ZHANG Min, et al. Efficient verifiable searchable encryption with search and access pattern privacy[J]. Security and Safety, 2025, 4: 2024022. doi: 10.1051/sands/2024022.
[19]	JI Licheng, LI Jiguo, ZHANG Yicheng, et al. Verifiable searchable symmetric encryption over additive homomorphism[J]. IEEE Transactions on Information Forensics and Security, 2025, 20: 1320–1332. doi: 10.1109/TIFS.2025.3526062.
[20]	LI Mengyuan, YANG Yuheng, CHEN Guoxing, et al. SoK: Understanding design choices and pitfalls of trusted execution environments[C]. Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Singapore, Singapore, 2024: 1600–1616. doi: 10.1145/3634737.3644993.
[21]	SUN H and JAFAR S A. The capacity of private information retrieval[J]. IEEE Transactions on Information Theory, 2017, 63(7): 4075–4088. doi: 10.1109/TIT.2017.2689028.
[22]	FERREIRA B, PORTELA B, OLIVEIRA T, et al. Boolean searchable symmetric encryption with filters on trusted hardware[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(2): 1307–1319. doi: 10.1109/TDSC.2020.3012100.
[23]	FUHRY B, BAHMANI R, BRASSER F, et al. HardIDX: Practical and secure index with SGX[C]. Proceedings of the 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXI, Philadelphia, USA, 2017. doi: 10.1007/978-3-319-61176-1_22.
[24]	JIANG Qin, CHANG E C, QI Yong, et al. Rphx: Result pattern hiding conjunctive query over private compressed index using Intel SGX[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1053–1068. doi: 10.1109/TIFS.2022.3144877.
[25]	WU Haotian, PENG Zhe, XIAO Jiang, et al. HeX: Encrypted rich queries with forward and backward privacy using trusted hardware[J]. IEEE Transactions on Dependable and Secure Computing, 2025, 22(4): 3751–3765. doi: 10.1109/TDSC.2025.3540958.
[26]	JIANG Qin, QI Yong, QI Saiyu, et al. Pbsx: A practical private boolean search using Intel SGX[J]. Information Sciences, 2020, 521: 174–194. doi: 10.1016/j.ins.2020.02.031.
[27]	TINOCO A, GAO Sixiang, and SHI E. ENIGMAP: External-memory oblivious map for secure enclaves[C]. Proceedings of the 32nd USENIX Conference on Security Symposium, Anaheim, USA, 2023: 226.
[28]	YE Zikai, WANG Xiangyu, LIU Zesen, et al. OBIR-tree: An efficient oblivious index for spatial keyword queries on secure enclaves[J]. Proceedings of the ACM on Management of Data, 2025, 3(1): 58. doi: 10.1145/3709708.
[29]	WANG Tao, WANG Jingyi, YANG Qiliang, et al. An efficient verifiable searchable encryption scheme with aggregating authorization for blockchain-enabled IoT[J]. IEEE Internet of Things Journal, 2022, 9(20): 20666–20680. doi: 10.1109/JIOT.2022.3175859.
[30]	黄一才, 李森森, 郁滨. 云环境下对称可搜索加密研究综述[J]. 电子与信息学报, 2023, 45(3): 1134–1146. doi: 10.11999/JEIT211572. HUANG Yicai, LI Sensen, and YU Bin. A survey of symmetric searchable encryption in cloud environment[J]. Journal of Electronics & Information Technology, 2023, 45(3): 1134–1146. doi: 10.11999/JEIT211572.
[31]	WANG Jiafan and CHOW S S M. Unus pro omnibus: Multi-client searchable encryption via access control[C]. Proceedings of the 31st Annual Network and Distributed System Security Symposium, San Diego, USA, 2024: 1–18.
[32]	ZHU Xiaojie, ZHOU Jiancong, DAI Yueyue, et al. A verifiable and efficient symmetric searchable encryption scheme for dynamic dataset with forward and backward privacy[J]. IEEE Transactions on Dependable and Secure Computing, 2025, 22(3): 2741–2755. doi: 10.1109/TDSC.2024.3521423.
[33]	ZHANG Yupeng, KATZ J, and PAPAMANTHOU C. All your queries are belong to us: The power of file-injection attacks on searchable encryption[C]. Proceedings of the 25th USENIX Conference on Security Symposium, Austin, USA, 2016: 707–720.
[34]	QUAN Yue, FAN Kai, WANG Haoyang, et al. DMASP: Dynamic multi-keyword searchable encryption for protected access and search patterns with differential privacy[C]. Proceedings of 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications, Sanya, China, 2024: 1423–1429. doi: 10.1109/TrustCom63139.2024.00197.
[35]	LIU Gang, XIAO Zheng, LI Kenli, et al. HM-ORAM: A lightweight crash-consistent ORAM framework on hybrid memory system[J]. ACM Transactions on Storage, 2025, 21(2): 16. doi: 10.1145/3715009.
[36]	PAPADIMITRIOU A, BHAGWAN R, CHANDRAN N, et al. Big data analytics over encrypted datasets with seabed[C]. Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation, Savannah, USA, 2016: 587–602.
[37]	SAVVAS S, KHANDELWAL D, and EUGSTER P. Efficient confidentiality-preserving data analytics over symmetrically encrypted datasets[J]. Proceedings of the VLDB Endowment, 2020, 13(8): 1290–1303. doi: 10.14778/3389133.3389144.
[38]	STEFANOV E, VAN DIJK M, SHI E, et al. Path ORAM: An extremely simple oblivious RAM protocol[J]. Journal of the ACM (JACM), 2018, 65(4): 18. doi: 10.1145/3177872.
[39]	KISSNER L and SONG D. Privacy-preserving set operations[C]. Proceedings of the 25th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 2005: 241–257. doi: 10.1007/11535218_15.
[40]	YANG Lei, MEI Qiaozhu, ZHENG Kai, et al. Query log analysis of an electronic health record search engine[J]. AMIA Annual Symposium Proceedings, 2011, 2011: 915–924. (查阅网上资料, 请核对文献类型及格式).