Attribute-based encryption (ABE) is a technique that allows data owners to declare their access policies such as: “(Doctor OR Researcher) AND (Chest OR Surgery)”. Only data users who meet the policy’s attribute requirements are qualified to access the files. For instance, users with the attributes “Doctor and Surgery” can read the text, but ones with “Doctor and Researcher” cannot. Most ABE schemes can be categorized into the following two classes: ciphertext-policy attribute-based encryption (CP-ABE) and key-policy attribute-based encryption (KP-ABE). Wang et al. [27] proposed a constant-size ciphertext KP-ABE scheme, while Water et al. [4] proposed the first practical CP-ABE scheme. The main difference between KP-ABE and CP-ABE is that CP-ABE puts the access policy into ciphertexts while KP-ABE puts it into the users’ secret keys. In CP-ABE schemes, data owners can easily decide who can access the files, so it is more suitable for cloud storage applications. Hence, we adopted it to construct our systems. Over time, more powerful ABE schemes have been developed. Li [7] proposed an attribute-revocable scheme, and Chi et al. [5] proposed a policy-hiding scheme to protect data owners’ privacy further. In addition, most ABE schemes involve bilinear pairing operations, which are very time-expensive, especially for resource-restricted devices such as mobiles and IoT devices. Han et al. [6] proposed a decentralized scheme to reduce the burden of data users by outsourcing the corresponding computational tasks.

The main characteristic of searchable encryption (SE) is it allows users to search over many encrypted data without the decrypting of the documents in the dataset. High-level concepts of SE are that data owners extract keywords from plaintext files to build a “Secure Index” and then encrypt plaintexts with symmetric encryption schemes. Data owners transform searching keywords into corresponding trapdoors afterward. Finally, cloud servers match the Secure Indexes with the trapdoors to produce search results containing the target keywords the user longs for.

For this purpose, there are many ways to build the pre-described Secure Index. Most of the existing SE schemes involve calculating the term frequency-index document frequency (TF-IDF) values of keywords. Cao et al. [28] and Tzouramanis et al. [12] both use the K-nearest neighbors (KNN) method to build the Secure Index. It is effective; however, the associated neighborhood-related matrix will be too large, and therefore, the associated operations become time-consuming when too many keywords are involved in the system. Other methods include secure random masking, tree-based, and secure linked-list ones. The scheme proposed by Zhang et al. [25] used the secure linked-list method to build an index table, which we also adopted in our work for its efficiency.

Many functional search schemes have been developed to provide a more powerful search capability. For example, Wang et al. [13] proposed a tree-based method to provide range search. It is especially suitable for numerical datasets such as financial records. Aritomo et al. [29] and Fu et al. [10] both achieved semantic-based searching, while Zhang et al. [15] provided an efficient predicate search. Liu et al. [11] proposed a robust scheme combining semantic and fuzzy searches using fingerprint methods, which will also be adopted in our schemes. However, this scheme did not take any access control mechanism into account. They used fully homomorphic encryption (FHE) schemes [30,31,32] to encrypt the index table instead. Due to complexity considerations, our work has not considered FHE schemes in our current system implementation. However, FHE schemes have lots of potential for constructing effective ABE schemes if the required complexity can be handled properly. An FHE-based ABE approach is exciting and can reduce the storage requirement of ciphertexts. We choose to put it into our future investigations.

Many ABE schemes have searching abilities. For this kind of scheme, it is crucial to allow only the qualified files to be searched. Otherwise, malicious users may launch keyword attacks to guess the contents of files and breach privacy. On the other hand, it is a waste of time for users to decrypt those unqualified files with failure. Sun et al. [22] proposed a famous searchable attribute scheme (ABKS) to hide the access policy. However, they use AND GATE as the access structure for policy hiding, which limits the access policy’s expressiveness. Wang et al. [23] proposed a scheme that is aimed at E-health applications. They achieve a constant computational overhead, constant storage overhead, and policy hiding by hashing user attributes and keywords. However, the access policy’s flexibility and searching are restricted due to its data structures. Moreover, they directly embed keyword hashes into ciphertexts, so it takes much time to match search results when there are many files in the dataset or only a single keyword can be used at a time. Miao et al. [21] and Sun et al. [33] proposed ABKS schemes with the ability for attribute revocations. Nevertheless, the searching capabilities of these schemes are weak because users can only use a single keyword once without any modifications to protocols.