This work addresses the limitations of existing searchable symmetric encryption (SSE) schemes in multi-client settings, which struggle to enforce fine-grained access control and suffer from metadata leakage and inefficient dynamic authorization updates. To overcome these challenges, we propose MASSE, a novel SSE scheme built upon the OXT framework that integrates attribute-based access control, enabling multiple clients to search only over keywords for which they are authorized. MASSE supports efficient dynamic updates of both documents and permissions without requiring re-encryption or frequent client–server interactions. It is the first dynamic SSE scheme to simultaneously support attribute revocation, fine-grained authorization, forward and backward privacy, and unforgeable search tokens, ensuring that the server learns neither keyword nor attribute information. Experimental results demonstrate that MASSE achieves practical performance, completing 10–100 queries in under 2 seconds and retrieving 50 results in 14 seconds on a database with 100 keywords each linked to 150 documents, outperforming state-of-the-art alternatives and showing strong potential for large-scale deployment.

Outsourcing encrypted data to the cloud creates a fundamental tension between data privacy and functional searchability. Current Searchable Symmetric Encryption (SSE) solutions frequently have significant limitations, such as excessive metadata leakage, or a lack of fine-grained access control. These issues restrict the scalability of secure searches in real-world applications where multiple clients require different levels of authorization. Our paper proposes MASSE, a dynamic multi-client SSE scheme incorporating attribute-based access control, which expands the OXT framework. With MASSE, clients are restricted sto searching for keywords authorized by their specific attribute sets, and the server remains unaware of the keywords and attributes. MASSE supports practical dynamic updates to documents, and client authorizations, including revocation, without requiring reencryption of the database or indices, or a large number of interactions. We formally prove the security of MASSE, that is, forward and backward privacy under a well-defined leakage profile, and token unforgeability. An experimental evaluation in a database containing 100 keywords, each associated with 150 documents, demonstrates the practical efficiency of MASSE. It takes less than two seconds to generate 10 to 100 keyword queries and 14 seconds to retrieve 50 matching documents. Theoretical results show that MASSE outperforms competing solutions, including OXT, and can be scaled to large encrypted databases. MASSE is also suitable for dynamic cloud deployments. Keywords: Searchable Encryption, SSE, Multi-Client, Attribute Based SSE, Access Control, Revocation, OXT