Contents 1 Introduction
With the prosperity of the Internet and cloud storage, outsourcing large-scale data to an intermediary such as a cloud server has been a popular paradigm for minimizing local data storage and maintenance burden [1]. However, due to the separation of data ownership and data control, it would suffer from various issues, such as privacy leakage, unauthorized access, illegal tampering and deletion [2]. The most common way is to encrypt the data before outsourcing, which would subsequently raise the critical issue of how to search on encrypted data. Searchable encryption (SE) as a promising, cryptographic primitive has emerged, which guarantees data confidentiality while not sacrificing searchability [3], [4]. Specifically, there are three entities in a typical SE system, where a data owner (DO) extracts a set of keywords, encrypts them into indexes and sends them with the encrypted data to a cloud server (CS), and then a data user (DU) creates a trapdoor associated with the query keywords and submits it to the CS responsible for searching. Nowadays, SE has been widely used in various fields such as healthcare [5], smart grid [6], and the Internet of Things [7].
