1.2.1. Public Key Encryption With Keyword Search (PEKS)

As far as we know, PEKS [4] has undergone significant development and improvement since they were proposed by Boneh et al. The initial design was intended to address the limitations of symmetric searchable encryption (SSE) [18–21] by developing a unique mechanism. This mechanism allows the generation of searchable ciphertext using the user’s public key and specific keywords. This innovation makes it not only feasible to search on encrypted data, but it can be very efficient. This innovation began the history of SE, which later researchers introduced many improvements and tweaks aimed at enhancing security and enhancing functionality. The advent of secure channel-free PEKS (SCF-PEKS) scheme [22–25] is a big development in preventing keyword guessing attacks on cloud servers. The untrustworthiness of cloud servers can compromise search confidentiality. Functionality enhancements were not left behind. The advancement in multi-keyword search capabilities is significantly enhanced by the integration of public-key encryption with conjunctive keyword search (PECKS) [26–30]. The introduction of public-key cryptography with temporary keyword searches (PETKS) [31] by Abdalla et al. is another important research result, as it not only significantly improves the usability of database systems but also enables the flexibility of keyword searches. The transformation protocol connects identity-based encryption (IBE) [32] to encrypted data to enable search under ciphertext, further enriching the field of cryptography. The attribute-based encryption (ABE) scheme [33–35] provides subtle control over data search and enhanced privacy protection in the cloud environment [36, 37].

1.2.2. Oblivious Transfer

The origins of inadvertent diversion (OT) [38] can be traced back to Rabin’s seminal work. In the framework of the oblivious transfer protocol, the procedure is marked by an interaction between a sender, denoted as $$, and a receiver, indicated as $$. This interaction facilitates a transaction where the sender is unaware of which specific bit the receiver chooses, and the receiver is equally uninformed about the unselected bit. This approach to ensuring the privacy of both parties during transmission has led to the emergence of many OT variants [39–41], all of which contribute to enhanced security and functional diversity.

1.2.3. OKS

The design of OKS [16] is focused on ensuring rigorous privacy safeguards. It is meticulously designed to mask all informative traces, including access patterns, ensuring a user’s query and retrieval activities remain concealed. The pioneering OKS protocol, elucidated by Ogata and Kurosawa, is anchored in the oblivious polynomial evaluation and the oblivious transfer methodologies. The protocol facilitates a user’s engagement with a database in a manner that allows data acquisition without revealing any details about the search keywords or content to the data provider.

Ogata and Kurosawa developed two separate protocols. The first relies on the intricacies of the one-more RSA inversion problem, while the second depends on the difficulties inherent in polynomial reconstruction. Nonetheless, a constraint is manifested in these initial models, and the search is confined to a singular keyword per query. Rhee et al. advanced the narrative by unveiling an oblivious conjunctive keyword search (OCKS) protocol [42]. Rooted in the RSA known target inversion complexity, this enhancement expanded the search capacity. Simultaneously, Freedman and colleagues tackled the issue of privacy-preserving database access by proposing an efficient framework [43]. This structure links keyword search activities with the oblivious evaluation of pseudorandom functions, creating a cohesive framework. Zhu and Bao further enriched this dialog, leveraging enhanced OPEs [44] to craft an OKS protocol, and validated its security credentials. Notwithstanding these advancements, an inefficiency permeates previous OKS protocols; they are confined to a one-keyword-to-one-document architecture. This limitation amplifies both storage requisites and search durations, particularly pronounced when a document is tagged with multiple keywords, necessitating the replication of the document for each associated keyword. Jiang and Liu confronted this challenge, proposing an adept OKS protocol characterized by sublinear time search efficiency and compact ciphertexts [45]. However, it is circumscribed to disjunctive keyword search and is not configured for conjunctive keyword search applications. In this context, OKS continues to evolve, enhancing privacy while facing inherent operational constraints. Since Ogata and Kurosawa first introduced the OKS concept, new protocols have been developed to emphasize the need for coordination between strict privacy protection and operational efficiency. The exploration and resolution of these challenges are not only intrinsic to OKS’ progress but also a necessity in an era when data are ubiquitous and privacy is often under attack. Future research is expected to further address this complex problem, seeking innovative solutions for data privacy, search efficiency, and functional versatility in the OKS field. Zhang et al. introduced an advanced oblivious multiple keyword search (OMKS) service [46], designed to provide users and cloud storage providers with strong privacy protection while enabling efficient multi-keyword search. Jiang et al. introduced an innovative cryptographic primitive known as OKSA [17]. Specifically, OKSA streamlines the verification of search keywords, confirming their inclusion in the user’s authorized set prior to activating the OKS protocol. This feature enables user authorization and extends the level of privacy and security of traditional OKS.

1.2.4. The Integration of ML and SE

The combination of ML and SE is an emerging field that combines the efficient data processing of ML with the privacy protection principles of SE. In the era of big data, concerns about privacy are escalating, prompting people to seek solutions that can efficiently process data while protecting privacy. ML models can extract and process valuable information from massive datasets. However, when applied to sensitive data, a privacy-security conundrum emerges. SE has emerged as a viable solution that allows searching of encrypted data, thus ensuring data privacy [47]. One of the seminal works in this domain is CryptoNets [48], which explores the use of neural networks in encrypting data to make predictions about it while protecting data privacy. This method uses homomorphic encryption technology to convert data into encrypted form and realizes the calculation in ciphertext state. However, homomorphic encryption, while revolutionary, is computationally expensive. This leads to some solutions, such as personal data collection (PATE) [49]. It uses different private learning methods, aggregating the results of multiple models to protect privacy.

Kamil Khudhair et al. optimized image steganography [50–52] to support multiple scenes, high efficiency, and high security. This inspired us to improve the OKS scheme, combining it with deep learning to further achieve high efficiency and enable multi-scenario application. Raghunandan et al. used chaotic behavior [53] to encrypt data for greater security. How to easily access the encrypted data needs to be fully considered, and our scheme can achieve searchability in the encrypted state. Asmitha et al. perfected the problems of computer vision and deep learning in human authentication [54]. This further reinforces the need for ML and SE. ML needs to invoke a lot of private data, and our solution ensures the safe use of private data. Ramesh et al. introduced false modulus in the public key encryption process to improve the security of Rabin cryptosystem [55]. This is a very interesting study and encourages us to continue to investigate how to implement the security of SE on ML.

More recent advancements have broached efficient protocols like SecureML [56], which enhances scalability and efficiency, which improves the computational challenges inherent in privacy-protecting ML. Furthermore, innovations like oblivious neural network predictions (MiniONN) [57] have facilitated privacy-preserving by transforming existing neural network models into oblivious counterparts. With the convergence of ML and SE, the focus is shifting to ensuring data privacy without compromising the quality of ML predictions. The future trajectory may be to explore enhanced computing efficiency, robust security protocols, and common applications that span different data domains.

2.3.1. Setup

Commencing the procedure, the entity $$ provides a security parameter denoted by 1^λ and an integer value n, subsequently generating the master key pair (MPK, MSK) for cryptographic system configuration. Furthermore, in collaboration with each user, $$ establishes a distinct keyword set X, ensuring that the size of X does not exceed n².

2.3.2. Commit

$$ processes a message m_i, a designated keyword x_i, and the MPK to produce the corresponding encrypted data C_i. Notably, each message m_i is coupled with a distinct keyword array $$. Subsequently, $$ securely transmits the collection of ciphertexts {C_i} to the cloud storage $$.

2.3.3. Transfer

2.3.4. Correctness

For an OMKSA to be deemed effective, it is essential that the recipient accurately acquires the specified message, provided all involved parties comply with the outlined protocol. Furthermore, the authenticity is validated when accountability checks confirm that the trapdoor created from the acquired token corresponds exclusively to specific keywords. It is also crucial that these keywords fall within the scope of the authorized keyword collection.

2.4.1. User Privacy

The advantage of $$ is quantified as Adv = |Pr[θ^′ = θ] − 0.5|.

2.4.2. Indistinguishability

The advantage of $$ is defined as Adv = |Pr[θ^′ = θ] − 0.5|.

2.4.3. Accountability

The edge of $$ in this scenario is determined as Adv in the formulation of (K(X^′), Γ).

3.1.1. Setup

Entity $$ makes the MPK available to everyone and maintains the confidentiality of K.

3.1.2. Commit

Subsequently, $$ securely transmits the collection of ciphertexts {C_i} to the receiver $$.

3.1.3. Transfer

It is assumed that $$ establishes a distinct keyword set X for each receiver, with $$ and the size of X is denoted as |X| = k not exceeding n².

Then $$ sends $$ and $$ to $$.

Then $$ returns the trapdoor D₁, D₂ to $$.

$$ adds $$ to a list L⁽¹⁾ and adds $$ to a list L⁽²⁾, and $$ has L = L⁽¹⁾ ∪ L⁽²⁾ as final calculation.

3.1.4. Extension to D Keywords

The outlined OMKSA protocol, initially configured for disjunctive keyword search, is readily expandable to encompass D keywords. The data receiver $$ computes $$ for each $$ where $$, subsequently recovering $$ and compiling the list $$ for every keyword. The final step entails $$ aggregating the lists corresponding to all D keywords to yield the comprehensive disjunctive search outcome.

3.1.5. Correctness

3.2.1. Setup

Entity $$ makes the MPK publicly available while ensuring the confidentiality of MSK.

3.2.2. Commit

$$ securely transfers the set of ciphertexts {C_i} to the recipient $$.

3.2.3. Transfer

It is assumed that $$ establishes a distinct set of keywords, X, for each receiver. This set X, a subset of $$, is characterized by having a maximum size denoted as X, where |X| = k and does not exceed n².

Then $$ sends $$ to $$.

Subsequently, $$ hands over the trapdoor D to $$.

3.2.4. Correctness

4.2.1. Setup

4.2.2. H-Query

Selections for $$ are made randomly from the binary set $$. Subsequently, $$ incorporates (a_i, X_i, hⁱ) into the list and furnishes hⁱ back to $$.

4.2.3. Phase 1

In this phase, $$ selects a set of keywords X, confined within the bounds of $$, and limited to a maximum size of |X| not more than n. For a trapdoor request corresponding to any keyword x_i from $$ opts for a random $$ as sk = s, and communicates (x_i, s) to $$.

Should x_i matches x_θ, the process is terminated.

In contrast, if x_i differs from $$ delivers $$ to $$, with q_i(α) defined as (q(α))/(α + x_i).

It becomes apparent that the expression $$ can be computed from elements $$, $$ as provided in the instance.

4.2.4. Challenge

When $$ presents the pairs (m₀, x₀) and (m₁, x₁) as a challenge to $$, and assuming no prior trapdoor queries have been made for x₀ or x₁, the protocol proceeds as follows.

If x_θ is neither x₀ nor x₁, the process halts.

Hence, the ciphertext C^∗ constitutes an appropriate challenge.

In the scenario where Z represents a random variable within $$, from the perspective of $$, C^∗ emerges as a random ciphertext.

4.2.5. Phase 2

$$ seeks further trapdoor queries for x_i, adhering to the constraint x_i ≠ x₀, x₁. In response, $$ acts in accordance with the guidelines of Phase 1.

4.2.6. Guess

From this, the advantage of $$ in resolving the (f, q) − MSE − DDH Problem is calculated to be at least $$, thus finalizing the proof of Theorem 2.

4.3.1. Setup

4.3.2. Challenge

4.3.3. Win

Let $$; then Γ = h^f(a). Given that the function f(x) is classified as a polynomial with a degree, deg f(x), surpassing n, it follows that $$ furnishes the pair (f(x), Γ) as the resolution of the (f, n)-DHE Challenge. The conclusion of this proof of Theorem 3 leads to the deduction that the magnitude of X^′ is singular, |X^′| = 1, and correspondingly, the token K(X^′) also possesses a singular count, |K(X^′)| = 1.