PPSEB: A Postquantum Public-Key Searchable Encryption Scheme on Blockchain for E-Healthcare Scenarios

Xu, Gang; Xu, Shiyuan; Cao, Yibo; Yun, Fan; Cui, Yu; Yu, Yiying; Xiao, Ke

doi:https://doi.org/10.1155/2022/3368819

Security and Communication Networks

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Advances in Security and Performance of Blockchain Systems

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 3368819 | https://doi.org/10.1155/2022/3368819

PPSEB: A Postquantum Public-Key Searchable Encryption Scheme on Blockchain for E-Healthcare Scenarios

Gang Xu,^1,2Shiyuan Xu,¹Yibo Cao,¹Fan Yun,¹Yu Cui,¹Yiying Yu,¹and Ke Xiao¹

Academic Editor: A. Peinado

Received17 Nov 2021

Revised11 Dec 2021

Accepted09 Mar 2022

Published29 Mar 2022

Abstract

In the current E-healthcare scenarios, medical institutions are used to encrypt the information and store it in an Electronic Health Record (EHR) system in order to ensure the privacy of medical information. To realize data sharing, a Public-key Encryption with Keyword Search (PEKS) scheme is indispensable, ensuring doctors search for medical information in the state of ciphertext. However, the traditional PEKS scheme cannot resist the keyword guessing quantum computing attacks, and its security depends on the confidentiality of the secret key. In addition, classical PEKS hand over the search process to a third party, affecting the search results’ accuracy. Therefore, we proposed a postquantum Public-key Searchable Encryption scheme on Blockchain (PPSEB) for E-healthcare scenarios. Firstly, we utilized a lattice-based cryptographic primitive to ensure the security of the search process and achieve forward security to avoid key leakage of medical information. Secondly, we introduced blockchain technology to solve the problem of third-party untrustworthiness in the search process. Finally, through security analysis, we prove the correctness and forward security of the solution in the E-healthcare scenarios, and the comprehensive performance evaluation demonstrates the efficiency of our scheme compared with other existing schemes.

1. Introduction

In the current medical scenarios, medical institutions generate a large amount of patient medical data. These data are difficult to supervise, lack necessary technical support, and cost medical institutions many resources. To solve this problem, many medical institutions have adopted EHR systems to reduce the burden and cost of maintaining medical information [1]. The EHR system is a digital health file with medical information as the main body and information sharing as the core. It aims to realize that patients can manage their medical data, and doctors can also access the patient’s medical data if they have permission. However, outsourcing management of the EHR system is not an ideal choice. Because the third-party organization responsible for storing the EHR system has too much power, once a malicious attacker buys it, it can launch a collision attack on the medical data in the system to threaten the privacy of medical data. To avoid this situation, medical institutions usually encrypt medical data through various encryption schemes [2] and store it in the EHR system. Therefore, how to realize the sharing of medical data between patients and doctors in the ciphertext state is a problem to be solved. Thus, Public Key Encryption with Keyword Search (PEKS) [3]is a marvelous candidate in cloud-assisted E-healthcare scenarios, realizing medical data retrieval without privacy leakage. As efficient encryption primitive, it ensures searchable encrypted medical data through keywords.

Although the existing proposed PEKS schemes [4–6]have brought significant benefits to the Internet of Things, there are four significant obstacles to the widespread PEKS in systems in recent decades. Initially, most PEKS schemes were established based on traditional hardness cryptography problems. Nevertheless, with the advent of quantum computers [7] and quantum information [8], the PEKS scheme will be threatened exponentially. Recent breakthrough articles [7] indicate that shortly, it is possible to adopt quantum computers in a realistic view, putting forward higher requirements for postquantum cryptographic searchable encryption schemes than before. Secondly, the most computational cost of cloud servers is to search target data from the third-party service agency since cloud servers need to execute a verification procedure for the corresponding keyword. Due to the exorbitant public-key encryption operations, the existing PEKS scheme introduces a significant calculation overhead. In the E-healthcare scenarios, the cloud server can work with medical data from mobile medical detection devices simultaneously to retrieve the data of multiple doctors. Therefore, it has a performance bottleneck on the medical cloud servers. Thirdly, with the explosive utilization of mobile medical detection equipment, most schemes have key exposure problems [9]. The existing PEKS scheme cannot guarantee the forward privacy of the key. The existing PEKS scheme cannot guarantee the forward privacy of the key. Once the doctor’s secret key is compromised, the attacker can trace the trapdoor content previously submitted by the doctor, thereby further infringing on the confidentiality of the outsourced data [10]. In this regard, we optimize the lattice cryptography in our scheme to make the key have relations with period to ensure that the key exposure at the previous period will not affect the medical data confidentiality at the later period and achieve the forward security of the key [11]. Last but not least, the search function of the traditional PEKS scheme is generally delivered to the service party. However, the untrustworthiness of the service party will cause attackers to generate Keyword Guess Attacks (KGA) on medical information. Fortunately, blockchain can effectively solve this problem [12–17]. Blockchain is a new database technology that can realize decentralized distributed architecture design. Its core technical concept was proposed by Satoshi Nakamoto [18] in 2008. Blockchain, as a distributed public ledger, records all transactions packaged in the block without the need for third-party control and ensures the safety and traceability of each transaction record [19]. After a single block is generated, all nodes in the blockchain network use a consensus algorithm to determine whether the block is on the chain, and each block is connected by a hash function, thereby effectively ensuring the immutability of transaction information. Therefore, using blockchain technology to replace the service party in PEKS is an effective way to solve the problem of the untrustworthiness of the service party. For example, [20] replaces the traditional centralized server with a decentralized blockchain system, supports forward and backward privacy, and realizes privacy protection. [21] proposed a novel PEKS scheme, which eliminates the reliance on third-party institutions and makes the entire program completely decentralized. Therefore, to solve the above-mentioned hindrances, we propose a postquantum public-key searchable encryption on blockchain for cloud-assisted E-healthcare scenarios, called PPSEB, based on lattice cryptography [22, 23], one of the postquantum cryptographic primitives, ensuring a robust security level. In addition, we reduce the security of PPSEB to the Learning WithError (LWE) hardness assumption, which can oppose keyword guessing attacks based on quantum computing launched by malicious attackers effectively.

In our proposed scheme, the patient initially encrypts medical data and its keywords under the public key of the doctor and transmits the corresponding ciphertext to the cloud server for storage. Then, the medical doctor will utilize his/her secret key to compute a trapdoor corresponding to the keyword and then uploads it to the blockchain. Further, the smart contracts on blockchain search for the keyword ciphertext corresponding to the trapdoor and return its number to the cloud server. Finally, the cloud server sends the ciphertext of medical information matching the keyword to the doctor. In summary, we elaborate our main contributions as follows:(1)We propose a postquantum Public-key Searchable Encryption on Blockchain (PPSEB) for the E-healthcare scenarios. PPSEB is constructed on lattice-based public-key searchable encryption based on the LWE hardness assumption.(2)We then introduce blockchain technology into our proposed scheme in response to the untrustworthiness of third parties during the search process. Therefore, we achieve the decentralization architecture of the PPSEB oracle and enhance the security level.(3)PPSEB achieves forward security in order to solve the key leakage of various existing public-key searchable encryption algorithms.(4)We give the computational proof of the correctness and forward security of PPSEB. Furthermore, the comprehensive implementation performance evaluation represents that our scheme is efficient in terms of testing time and computational cost compared with existing outperforming E-healthcare schemes and is suitable for medical scenarios.

The structure of our paper is organized as follows. In Section 2, we propose the design goals and security models of our scheme, considering three existing challenges for the proposed PPSEB scheme and the solution to make PPSEB work better in the medical scenarios. In Section 3, we propose our preliminaries of lattice and trapdoor. In Section 4, we present our PPSEB scheme and the main steps of our scheme, including, , , , , , , and . In Section 5, we provide the security analysis of PPSEB based on correctness and provable security. In Section 6, a precise performance evaluation is proposed by our paper. Finally, we conclude this paper in Section 7.

2. Design Goals and Security Models

2.1. Design Goals

In this paper, we propose three existing challenges for the proposed PPSEB scheme:(1)How to make PPSEB resistant to the untrustworthy problem of the service party. In the traditional searchable encryption scheme, a third-party organization is generally responsible for searching medical information, which makes malicious attackers collude with third-party organizations to provide unreliable search results. Therefore, we use blockchain to replace traditional third-party agencies.(2)How to achieve the forward security of PPSEB. Key exposure is a thorny problem faced by existing searchable encryption schemes. Once the private key of the doctor is lost, the attacker can forge the doctor to initiate an inquiry for medical information, and the privacy of medical information cannot be guaranteed. Therefore, how to use lattice-based cryptography to ensure that the leakage of the master key used at this time will not result in the leakage of the past session key is a problem to be solved.(3)How to realize PPSEB to resist KGA under quantum computing. The existing searchable encryption scheme cannot guarantee the security of the search process under the attack of quantum computing, and there is a significant commonality between the keywords of medical information. Once the attacker is equipped with a quantum computer, it is possible to launch KGA on medical information through quantum computing, which severely threatens the blockchain system based on traditional cryptography and then exposes the private information contained in the medical information. Consequently, resisting KGA launched by quantum opponents is also a challenging problem. In order to make PPSEB work better in the medical scenarios, the solution in this article should have the following characteristics:

(1)Postquantum KGA: PPSEB can resist KGA attacks under quantum computing.(2)Forward security: PPSEB achieves forward security to solve the problem of private key exposure.(3)Efficiency: PPSEB has a higher computational efficiency by reducing the size of the trapdoor.

2.2. Security Model

In this section, we show the ciphertext indistinguishability of our scheme. We can describe several scenarios through games between challenger S and adversary A, in which S generates system security public parameters, initializes the public keys of patient and doctor. A will receive them from S and is permitted to access the oracles as below. Hash Oracle(HO): A has been permitted to access all values of HO in time t, where and is the total number in the period. Then, A will receive the corresponding hash value. Break-in phase: After obtaining the query about of the doctor in time t by A, S will return the corresponding in t time to A. We note that is the break-in period, which satisfies . Trapdoor Oracle(TO): A inputs a keyword to ask S for a trapdoor . Then, we make the restriction in order to make sure the forward security, where is break-in period. Challenge phase: A takes in and then submits them to S to be the challenge keywords. S then selects b at random and obtains . Consequently, S returns to A. Guess phase: At last, A will output . It wins the game iff .We define , which means the benefit of A to distinguish ciphertexts in successfully.

3. Preliminary

Definition 1 (Lattice). Let be n linearly independent vectors in m-dimensional space. A lattice is composed of the linear combination of all integer coefficients of , and we can define: , is known as a basis of . Given a prime number , a matrix , we define , .

Definition 2 (LWE). Assume be a prime number, given a random matrix , vector and the error distribution on , find that the vector satisfies , where .

Definition 3 (Statistical Distance). Given two variables , over a domain , we define the statistical distance of and : .

Definition 4 (Discrete Gaussian Distribution). Let be the standard
The Gaussian function represents the center and represents the standard deviation. Then we define: , which is a Gaussian Distribution over Lattice .

Lemma 1 (TrapGen) [24]. Let , . There is a polynomial-time algorithm TrapGen, which outputs a matrix statistically close to the uniform distribution and a trapdoor base , such that and .

Lemma 2 (SamplePre) [25]. Given , a trapdoor base , a parameter , and a vector . Then, the SamplePrealgorithm outputs a vector statistically close to , such that .

Lemma 3 (SampleL) [26]. Set a positive integer , . Given and its trapdoor base , matrix , parameter , and vector . The Sample Lalgorithm computes statistically close to such that .

Lemma 4 (SampleR) [26]. Set a positive integer , . Given and its trapdoor base , matrix , , and vector . The SampleRalgorithm outputs a vector over and satisfies , where .

Lemma 5 (NewBasisDel) [27]. Set a positive integer , . Given and a trapdoor base , an invertible matrix , is invertible on , . The NewBasisDel algorithm outputs and a trapdoor base responding to , where .

Lemma 6 (SampleRwithBasis) [27]. Given a positive integer , , and a random matrix , its column vector can generate . The Sample R with Basis algorithm outputs an invertible matrix , a lattice and its trapdoor base , where , satisfies .

Definition 5. (PEKS scheme): One general PEKS scheme includes five algorithms as , these algorithms are defined in the following sentences: : In this step, it generally initializes some security parameters , and parameters regard to the Gaussian Distribution in one time period . The output is just these parameters which will utilize in the next step. : After inputting the parameter , it will output the public key and secret key , which consist . :The algorithm takes a public key and one keyword as input, and outputs a ciphertext of . : Having input the secret key and one keyword , it outputs one trapdoor in this algorithm. : With the input of a trapdoor and a searchable ciphertext , this algorithm designs to output the comparison decision bit 1 if , or 0 otherwise.

4. Our Proposed Scheme

4.1. Blockchain Architecture

Blockchain is essentially a decentralized database, which is a string of blocks that are associated using cryptography methods. Each transaction includes hash function, Merkle tree, and so on. In this paper, we replace the search party in searchable encryption with blockchain to ensure the credibility of the search process. As shown in Figure 1, our paper optimizes and adjusts the five-layer architecture of the original blockchain and adds a data retrieval function to the application layer to ensure that the blockchain network can base on the algorithm written in the smart contract realizing the retrieval of the keyword ciphertext.

4.2. System Model

In this section, we give an introduction to the system model of our PPSEB scheme in Figure 2, with four main entities, including patient, doctor, a cloud server, and blockchain network.(1)Patient: The patient integrates Electronic Health Record (EHR), including various medical information such as drug-using records as a patient. Moreover, the patient encrypts the EHR and uploads it to the Cloud Server. Then the patient generates a set of keywords related to the specified keyword and adds blocks to the blockchain.(2)Doctor: The doctor needs to generate a trapdoor to search for information about patients. The doctor submits the corresponding trapdoor to the blockchain.(3)Blockchain: After receiving the trapdoor from the doctor, the blockchain network will start chain code retrieval to search the corresponding sequence number and submit it to the CloudServer.(4)Cloud Server: After receiving the query request, the Cloud Server can use trapdoor to search for all encrypted data and return the query results of the ciphertext corresponding to the keywords to the doctor. During the entire process, the server is unable to obtain any information about the data and keywords.

4.3. The Scheme of PPSEB

In this section, we present our proposed scheme in detail. There are mainly seven steps of our scheme, including , , , , , , and , which are elaborated in the following paragraphs and algorithms.

: Firstly, we have to input one security parameter k, the discrete Gaussian Distribution and its parameters , in one period , where . After that, the initialization step is shown as follows.

: After inputting the set Algorithm 1.

Input: security parameter k, discrete Gaussian Distribution , security Gaussian Distribution , .
Output: The set
(1)	Select one uniform vector randomly
(2)	Assume that and compute and
(3)	Set these two hash functions: and
(4)	Call TrapGen(q,n) algorithm to generate and , where and are public key and secret key of patient, respectively
(5)	Call TrapGen(q,n) algorithm to generate and , where and are public key and secret key of doctor, respectively
(6)	Return the set

obtained from the Initialization step, we also have to input the current period together with the secret key in the previous period . Then, the doctor will procedure the following operations, which shows in Algorithm 2.

Input: set , current time period , secret key in previous time period
Output: and , where is the secret key during this period
(1)	Compute
(2)	Set
(3)	Compute
(4)	Set
(5)	Compute
(6)	Set
(7)	Call NewBasisDel to compute , where is the secret key during this period
(8)	Compute
(9)	Set
(10)	Return and

: Firstly, the patient divides the medical data into groups, named , and generates an index for each group. After that, the patient extracts keywords from each group of medical data and records them as . Finally, the patient encrypts each group of medical data with the doctor’s public key at time , obtains a ciphertext set , and generates an index set of the medical data ciphertext , and it will be stored in the cloud server.

: The patient will procedure algorithm and input the set , the public key , the current time , and keyword . This Probabilistic Polynomial Time (PPT) algorithm shows in detail as below. For each keyword , the patient executes algorithm, obtains , and pairs each keyword ciphertext with the number to generate keyword index set . When we get , the patient calculates the hash value of with his own private key to generate a digital signature, writes down the transaction and timestamp, generates the corresponding transaction, and submits it to the master node for verification. After that, all nodes of the blockchain network execute the consensus algorithm, and the master node jointly packs the transaction orders in a period of time to form a block and then sends it to the affiliate node. Then, the affiliate node receives the block sent by the master node and verifies the transaction slip contained in the block. Firstly, the affiliate node extracts the public key of the patient stored in the transaction sheet from the node and decrypts the digital signature and get the hash value of . If , the affiliate node declares that the verification is successful. Otherwise, it means that the data may be tampered with and return this transaction to the patient. Assuming that the maximum number of malicious nodes that can exist in the consensus algorithm is , if the number of verifications passes , the block will be stored in each node of the blockchain network Algorithm 3.

Input: set , current time period , secret key in current period
Output:
(1)	Set a binary string , where is the security level of test in medical data cloud storage
(2)	Select a unitive matrix of dimension
(3)	Select noise through
(4)	Set
(5)	Select each noise vector on the basis of
(6)	Set the noise vector matrix
(7)	Assume and then compute and as ciphertext
(8)	Set ciphertext
(9)	Return to doctor

: The doctor will procedure this algorithm after inputting the set , the public key and secret key pair of the medical doctor during this period , and one keyword . The detailed description is shown in Algorithm 4.

Finally, the doctor will send to the blockchain through an efficient and secure communication channel.

Input: set , current period , public-secret key pair , one keyword
Output: and
(1)	Compute
(2)	Set
(3)	Call NewBasisDel to generate one short lattice basis in random
(4)	Call SamplePre to generate the trapdoor
(5)	Return

: This PPT algorithm produced by the blockchain inputs including the set , the ciphertext , one trapdoor in this period of the doctor. If it outputs true; it means that the trapdoor and the ciphertext contain the uniform keyword . Then, the blockchain returns the number of the ciphertext corresponding to the keyword to the cloud server. The cloud server finds the ciphertext of the keyword according to and returns it to the doctor Algorithm 5.

Input: set , ciphertext , current period , trapdoor
Output:
(1)	Compute
(2)	Set
(3)	Select integer satisfies
(4)	fordo
(5)	ifthen
(6)	The medical cloud sever will abort it and Return False.
(7)	else
(8)	Set up to
(9)	end if
(10)	endfor
(11)	ifthen
(12)	Return
(13)	else
(14)	Return False
(15)	end if

: After the doctor obtains the ciphertext of the medical data returned by the cloud server, he/she decrypts it with his at time to obtain the plaintext of medical data .

5. Security Analysis

In this section, we will demonstrate our scheme’s correctness and provable security to achieve the security of the keyword ciphertext in our scheme under random oracle.

5.1. Correctness

In this section, we suppose that the key pair at time of doctors and patients are , , respectively. Then, we set as the keyword of the ciphertext and then is a keyword that matches the trapdoor . It is well known that the cloud server can use at a time to recover in . Since the relationship between and is uncertain, we divide the discussion into the following two situations: Case 1: If , then , so we can decrypt the ciphertext and obtain that: for , there must be . Case 2: If , then there is . Among them, is a noise vector. According to [25], we need to ensure that the error vector is less than , so that the decryption process does not make mistakes. Consequently, we can compute that: for , .

So, the cloud server can ensure that the keyword can correspond to the ciphertext and the trapdoor ; that is, PPSEB can achieve correctness. Last but not least, the cloud server sends the encrypted medical data corresponding to the keyword w to the doctor, and the doctor obtains the corresponding plaintext data after decrypting it according to its key.

5.2. Provable Security

Theorem 1. In the PPSEB, the difficulty of the attacker to crack the indistinguishability of the ciphertext can be reduced to the difficulty of the LWE problem.

Proof. Suppose that there is an attacker A under the random oracle model, which can crack the indistinguishability of the ciphertext in polynomial time. On this basis, we have created a challenger C having the ability to solve the LWE problem.

5.2.1. Setup

To begin with, challenger C sends , from a random oracle machine. Then, C guesses as a point in time when A breaks the indistinguishability of the ciphertext. After that, C creates two lists, named and . Finally, C interacts with attacker A. The steps are as follows:(1)Challenger C runs the SampleR algorithm to obtain R, then C selects vectors from and assembles it into a matrix , making the -th column of .(2)Challenger C obtains . Because is independent of and are irreversible matrices, is independent of . Then, C selects a matrix as and sets to get a set . Last but not least, C sends to attacker A.After receiving the set , A executives query and query.

query: A initiates an inquiry to each , where . C computes and sends to A. Case 1: . Challenger C gets and runs Sample R with Basis algorithm to get and the basis of lattice , where . Then, C appends to the list . Consequently, C transmits to attacker A. Case 2: . Challenger C finds from the . Then, C selects a matrix , and carries out the New Basis Del algorithm to compute as the basis of , where . Consequently, C appends to , and transmits to attacker A.

query: The attacker A queries , at the same time challenger C performs the following operations: Case 1: and . The challenger C calculates and sends to A. Case 2: or . The challenger C looks for in , selects a matrix , and executes the NewBasisDel algorithm to generate a basis of . Finally, C saves in , and sends to A.

5.2.2. Trapdoor Query

When C receives a query for a keyword from A, C first looks at , and if there is no in ; then this process will be restarted. Otherwise, C gets the private key , runs the SamplePre algorithm to generate a trapdoor , and sends it to A.

5.2.3. Break-In Phase

In this process, attacker A can query the private key of the doctor in the period, and is set a break-in time. After A queries on , C sends the private key to A.

In time , which is the prior period, we can find from because the attacker A will perform queries on . Further, we calculate , which is the basis of the lattice . After that, challenger C calculates and runs the NewBasisDel algorithm to obtain and in time . Consequently, C sends to attacker A.

5.2.4. Challenge Phase

Assuming that and are two keywords, challenger C randomly selects a quantity from and assigns it to . Then we need to divide into the following cases according to the value of . Case 1: . The challenger C sends ciphertext of to A. Case 2: . We create , , and . Then, and can be obtained. Consequently, C sends the ciphertext of to A.

5.2.5. Guess Phase

In this process, attacker A outputs or as the response of theChallenge phase.

Analysis: To begin with, according to the basic probability knowledge, the probability of C outputting the ciphertext of the keyword is 1/2.

Suppose that A can break the indistinguishability of the ciphertext with the probability . In addition, the probability that challenger C can correctly obtain the break time is 1/m. Consequently, C can solve the LWE hardness with the probability of . In a nutshell, the difficulty of the attacker to crack the indistinguishability of the ciphertext can be reduced to the difficulty of the LWEhardness.

6. Performance Evaluation

In this section, to guarantee the forward security, antiquantum KGA, and suitability in the medical scenarios of our PPSEB scheme, we analyze the computational expense, security property, and network communication costs of our scheme and compare our scheme with existing PEKS schemes [3, 5, 28, 29]on the actual performance in the medical background through experiments and numerical simulation technique. The experiments evaluating and testing the actual performance of our scheme are operated on a MacOS with an Intel Core i7 CPU and 16 GB RAM. The implementation of schemes is based on the C++ language, and we use medical data extremely close to actual applications of daily life to complete the experiments. Meanwhile, in order to realize the security of the -arylattices, the parameters satisfy , , since the algorithms counting on lattice-based cryptography are relied on , , . The notations of the following specific descriptions in the experiments are provided in Table 1. The accurate experimental data of 200 trials on average are shown in the following figures, and the results accord with our design objective extremely.

Our PPSEB is highly efficient compared with other PEKS schemes. As is illustrated in Table 2, the theoretical communication costs of each scheme are listed accurately.

We prove the theoretical value, and the experimental result reflects in Figure 3, demonstrating that the trapdoor size of the PPSEB scheme is the least one among the whole schemes. Along with the stabilizing growth in communication costs, our algorithm is superior to the others, indicating a hidden potential to reduce network resource consumption.

As to the actual performance, Figure 3 indicates that the PPSEB scheme reveals a considerable efficiency advantage. The PEKS size of PPSEB is relatively close to the scheme [3, 5, 28]and much less than the scheme [29]. The trapdoor size in our scheme is a quarter of [29]. However, in terms of postquantum, our proposed PPSEB is more secure than the scheme [3, 5, 28] while being applied in medical data encryption protection. Thus, it is pretty sound and acceptable for PPSEB to increase the nominal communication costs corresponding to PEKS size.

In addition, we not only analyze the computational expense and security property of our scheme but also compare it with existing PEKS schemes [3, 5, 28] through experimental medical data. As shown in Figure 4, the testing time of our scheme is also much shorter than the other existing PEKS schemes. Significantly, the more the number of retrieving keywords increases, the more apparent the superiority becomes.

Besides, we test the testing time and computational expense of the PEKS schemes and record the results in Table 3.

Our scheme realizes nearly the same as a scheme [3] in saving the computational expense and searching efficiency according to the comparison in Figure 5. When the number of retrieving keywords is 180, the testing time of [5] is 7.2s, and ours is 0.477s, which is 15.09 times that of PPSEB. As a result, our scheme is not only advantageous in terms of postquantum property, but also relatively efficient than the other schemes. Consequently, although the introduction of blockchain technology has brought a certain amount of complexity and extra overhead to our system, it is certified that our PPSEB scheme can realize the property of postquantum, forward security on maintaining the confidentiality of medical data and superiority in the applications of medical scenarios. From a more practical view, it is both convenient and swift for doctors to master the patient’s physical condition, obtain the patient’s medical records, and make the correct diagnosis promptly in practical medical scenarios. In addition, the more profound performance of PPSEB on managing medical data of Electronic Health Records systems, such as electronic medical record and electronic prescription, need to be tested experimentally and further study in development.

In Figure 6, we compared the PEKS computational expense of PPESB with [3, 5, 28, 29]. Among them, the PEKS computational expense of our scheme is much smaller than other schemes, which shows that our scheme has higher efficiency under the same number of retrieving keywords.

7. Conclusion

In our paper, we proposed postquantum Public-key Searchable Encryption on Blockchain (PPSEB) for E-healthcare scenarios. PPSEB is capable of resisting keyword-guessing quantum computing attacks. Moreover, our proposed scheme combines public-key searchable encryption and blockchain, avoiding turning over the searching process to a third party and enhancing the security level. Furthermore, we assure forward security, maintaining the confidentiality of medical data. Both security analysis and comprehensive performance evaluation demonstrate that PPSEB can achieve the property of searching efficiency and lightweight of lower computational cost in retrieving keywords and generating trapdoor compared with other existing E-healthcare schemes.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by the Open Fund of Advanced Cryptography and System Security Key Laboratory of Sichuan Province (Grant No. SKLACSS-202101), NSFC (Grant nos. 62176273, 61962009, U1936216, and 62076042), the Foundation of Guizhou Provincial Key Laboratory of Public Big Data (Nos. 2019BDKFJJ010 and 2019BDKFJJ014), the Fundamental Research Funds for Beijing Municipal Commission of Education, Beijing Urban Governance Research Base of North China University of Technology, the Natural Science Foundation of Inner Mongolia (2021MS06006), Baotou Kundulun District Science and technology plan project (YF2020013), and Inner Mongolia discipline inspection and supervision big data laboratory open project fund (IMDBD2020020).

References

I. M. Baytas, K. Lin, F. Wang, A. K. Jain, J. Zhou, and J. Zhou, “PhenoTree: interactive visual analytics for hierarchical phenotyping from large-scale electronic health records,” IEEE Transactions on Multimedia, vol. 18, no. 11, pp. 2257–2270, 2016.
View at: Publisher Site | Google Scholar
Y. Chen, S. Dong, T. Li, Y. Wang, and H. Zhou, “Dynamic multi-key FHE in asymmetric key setting from LWE,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 5239–5249, 2021.
View at: Publisher Site | Google Scholar
D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in Proceedings of the 23th Annual International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT 2004), vol. 3027, pp. 506–522, Springer, Berlin, Heidelberg, May 2004.
View at: Google Scholar
Q. Huang and H. Li, “An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks,” Information Sciences, vol. 403-404, pp. 1–14, 2017.
View at: Publisher Site | Google Scholar
M. Ma, D. He, N. Kumar et al., “Certificateless searchable public key encryption scheme for industrial Internet of Things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 2, pp. 759–767, 2017.
View at: Google Scholar
R. Chen, Y. Mu, G. Yang et al., “Dual-server public-key encryption with keyword search for secure cloud storage,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 4, pp. 789–798, 2016.
View at: Publisher Site | Google Scholar
T. D. Ladd, F. Jelezko, R. Laflamme et al., “Quantum computers,” Nature, vol. 464, no. 7285, pp. 45–53, 2012.
View at: Google Scholar
A. Galindo and M. A Martín-Delgado, “Information and computation: classical and quantum aspects,” Reviews of Modern Physics, vol. 74, no. 2, pp. 347–423, 2002.
View at: Publisher Site | Google Scholar
W. Li, X. Li, J. Gao, and H. Wang, “Design of secure authenticated key management protocol for cloud computing environments,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 3, pp. 1276–1290, 2021.
View at: Publisher Site | Google Scholar
E. Uchiteleva, A. R. Hussein, A. Shami, and A. Shami, “Lightweight dynamic group rekeying for low-power wireless networks in IIoT,” IEEE Internet of Things Journal, vol. 7, no. 6, pp. 4972–4986, 2020.
View at: Publisher Site | Google Scholar
Y. Cheng, S. Xu, M. Zang et al., “LPPA: a lightweight privacy-preserving authentication scheme for the Internet of drones,” in Proceedings of the 21st International Conference on Communication Technology(ICCT 2021), pp. 656–661, IEEE, Tianjin, China, October 2021.
View at: Google Scholar
T. Li, Z. Wang, G. Yang, Y. Cui, Y. Chen, and X. Yu, “Semi‐selfish mining based on hidden Markov decision process,” International Journal of Intelligent Systems, vol. 36, no. 7, pp. 3596–3612, 2021.
View at: Publisher Site | Google Scholar
T. Li, Z. Wang, Y. Chen et al., “Is semi-selfish mining available without being detected?” International Journal of Intelligent Systems, early access, vol. 33, no. 1, 2021.
View at: Google Scholar
Y. Chen, J. Sun, Y. Yang, T. Li, X. Niu, and H. Zhou, “PSSPR: a source location privacy protection scheme based on sector phantom routing in WSNs,” International Journal of Intelligent Systems, vol. 37, no. 2, pp. 1204–1221, 2022.
View at: Publisher Site | Google Scholar
X. Liu, R. Zhang, G. Xu, X.-B. Chen, and N. N. Xiong, “Confidentially judging the relationship between an integer and an interval against malicious adversaries and its applications,” Computer Communications, vol. 180, pp. 115–125, 2021.
View at: Publisher Site | Google Scholar
G. Xu, Y. Cao, S. Xu et al., “A novel post-quantum blind signature for log system in blockchain,” Computer Systems Science and Engineering, vol. 41, no. 3, pp. 945–958, 2022.
View at: Publisher Site | Google Scholar
T. Li, Y. Chen, Y. Wang et al., “Rational protocols and attacks in blockchain system,” Security and Communication Networks, vol. 2020, Article ID 8839047, pp. 1–11, 2020.
View at: Publisher Site | Google Scholar
S. Nakamoto, “Bitcoin: a peer-to-peer electronic cash system,” 2008, https://bitcoin.org/bitcoin.pdf.
View at: Google Scholar
S. Xu, X. Chen, and Y. He, “EVchain: an anonymous blockchain-based system for charging-connected electric vehicles,” Tsinghua Science and Technology, vol. 26, no. 6, pp. 845–856, 2021.
View at: Publisher Site | Google Scholar
B. Chen, L. Wu, H. Wang, L. Zhou, and D. He, “A blockchain-based searchable public-key encryption with forward and backward privacy for cloud-assisted vehicular social networks,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 5813–5825, 2020.
View at: Publisher Site | Google Scholar
C. Liu, Y. Xiao, V. Javangula, Q. Hu, S. Wang, and X. Cheng, “NormaChain: a blockchain-based normalized autonomous transaction settlement system for IoT-based E-commerce,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4680–4693, 2019.
View at: Publisher Site | Google Scholar
D. Micciancioand and O. Regev, “Lattice-based cryptography,” in Proceedings of the 26th Annual International Cryptology Conference (CRYPTO 2006), vol. 4117, pp. 131–141, Springer, Berlin, Heidelberg, May 2006.
View at: Google Scholar
S. Xu, X. Chen, C. Wang et al., “A lattice-based ring signature scheme to secure automated valet parking,” in Proceedings of the International Conference on16th Wireless Algorithms, Systems, and Applications (WASA 2021), vol. 12938, pp. 70–83, Springer, Nanjing, China, September 2021.
View at: Google Scholar
J. Alwen and C. Peikert, “Generating shorter bases for hard random lattices,” Theory of Computing Systems, vol. 48, no. 3, pp. 535–553, 2011.
View at: Publisher Site | Google Scholar
C. Gentry, C. Peikert, and V. Vaikuntanathan, “Trapdoors for hard lattices and new cryptographic constructions,” in Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC 2008), vol. 14, pp. 197–206, ACM, Victoria, British Columbia, May 2008.
View at: Google Scholar
S. Agrawal, D. Boneh, and X. Boyen, “Efficient lattice (H)IBE in the standard model,” in Proceedings of the 29th Annual International Conference on the Theoryand Application of CryptographicTechniques (EUROCRYPT 2010, vol. 6110, pp. 553–572, Springer, Riviera, France, June 2010.
View at: Google Scholar
S. Agrawal, D. Boneh, and X. Boyen, “Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE,” in Proceedings of the 30th Annual International Cryptology Conference (CRYPTO 2010), vol. 6223, pp. 98–115, Springer, Santa Barbara, CA, USA, May 2010.
View at: Google Scholar
M. Ma, D. He, M. K. Khanand, and J. Chen, “Certificateless searchable public key encryption scheme for mobile healthcare system,” Computers & Electrical Engineering, vol. 65, pp. 413–424, 2017.
View at: Google Scholar
Z.-Y. Shao, B. Yang, and B. Yang, “On security against the server in designated tester public key encryption with keyword search,” Information Processing Letters, vol. 115, no. 12, pp. 957–961, 2015.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Gang Xu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

738

Downloads

702

Citations