We present a construction for searchable symmetric encryption (SSE). We consider a wide range of attacks and hardness assumptions and fulfill the strongest security requirements.
The "standard" privacy requirement against searchable encryption is message indistinguishability under an adaptively chosen keyword attack (IND-CKA2). We consider to protect the data and the keyword(s) together, i.e. privacy of the data is not considered as a separate problem (as the latter is typical in research papers). Beside the CKA model, we consider also the adaptively chosen trapdoor attack (CTA). Against active attacks (such as swapping attack) we add integrity protection for the (data, keyword) pair. By guaranteeing existential unforgeability (EU) for trapdoor keys we give protection against Keyword Guessing Attack (KGA). Attacks via searching for patterns in the database is prevented by randomized keyword encryption and trapdoor generation. Our construction is secure in the standard model of computation assuming bilinear groups with the widely used Symmetric eXternal Diffie Hellmann (SXDH) assumption.

In post-quantum approach, we consider classical (non-quantum) protocols and primitives which are run by honest parties on classical computers and our aim is to keep their security in an environment where the adversary can rely on quantum computers [3]. In particular, even a harder goal is set by requiring provable security guaranties in a concurrent running environment as we aim computational UC-security.
Unruh [16] conjectured that classical arguments of computational UC-security remain usable in a post-quantum world as long as the underlying computational UC-secure primitives are also computationally quantum UC-secure. Our proposed technique (full factorization) aims at reducing the original protocol into a statistically-secure protocol by turning the protocol into a hybrid one where all cryptographic primitives are substituted by appropriate ideal functionalities. The considered set of primitives consists of secret key and public key encryption as well as digital signature. This way and by applying the Unruh’s Quantum Lifting Theorem as well as the Quantum Universal Composition Theorem we gain a computationally quantum UC-secure protocol from a classical UC-secure protocol. We consider quantum standard-security, where the adversary can send only classical inputs to honest algorithms, i.e. honest machines cannot receive quantum superposition of inputs
If we add also the practical need of efficiency our example is the class of protocols built from symmetric key primitives. A practical (fast) implementation could be based on AES encryption algorithm with appropriate key size as long as we live with the wide belief that this algorithm is secure against a quantum adversary.

Statistical independence of instances of primitives and protocols is a clear-cut approach for guaranteeing protection against harmful interactions in concurrent and multi-execution environment. Therefore it is surprising that computational indistinguishability of independence from dependence between two or several random variables received no attention since the introduction of classic binary pseudorandom sequences. In this work we propose the use of the notion of computational independence (CI) in the analysis and design of provably secure cryptographic protocols. We generalize the classic result on equivalence of unpredictability and CI to general non-binary random variables. An application of this result is the use of unpredictability-based standard secure primitives in supporting the achievement of CI. This work is inherently related to Canetti’s universal composition framework [4], [5].

The Universal Composability (UC) framework provides provable security guaranties for harsh application environment, where we want to construct protocols which keep security guarantees even when they are concurrently composed with arbitrary number of arbitrary (even hostile) protocols. This is a very strong guarantee. The UC-framework inherently supports the modular design, which allows secure composition of arbitrary number of UC-secure components with an arbitrary protocol. In contrast, traditional analysis and design is a stand alone analysis where security of a single instance is considered, i.e. an instance which is not in potential interaction with any concurrent instances. Furthermore, a typical traditional analysis is informal, i.e. without a formal proof. In spite of these facts, beyond the task of key-exchange this technology have not really took the attention of the community of applied cryptography. From practitioner's point of view the UC-world may seem more or less an academic interest of theoretical cryptographers. 
Accordingly we take a pragmatic approach, where we concentrate on meaningful compromises between the assumed adversarial strength, ideality wishes and realization complexity while keeping provable security guarantees within the UC-framework. We believe that even modest but provable goals (especially, if tunable to application scenarios) are interesting if a wider penetration of the UC-technology is desired into the daily-practice of protocol applications.