Abstract
Public key encryption with equality test (PKEET for short) is a new cryptographic primitive which allows a proxy to check whether two ciphertexts encrypted under different public keys are of the same plaintext. PKEET has become a prospective candidate for various application scenarios, such as data management on encrypted databases, personal health record systems, spam filtering in encrypted email systems. In this paper, we propose an efficient all-or-nothing public key encryption scheme with authenticated equality test (AoN-PKEAET for short). In comparison with the existing PKEET schemes, the proposed scheme provides a new feature of ciphertext authentication before the plaintext equality test. It ensures that no misjudgement occurs when testing the equality between ciphertexts. Specially, the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathsf {Test}$ </tex-math></inline-formula> algorithm in the proposed scheme first authenticates the compared ciphertexts and the equality test is fulfilled only if the ciphertexts are authenticated as valid. With this new feature, the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathsf {Test}$ </tex-math></inline-formula> algorithm cannot output 0 (which means that the encrypted messages are different) when the two input ciphertexts are of an identical message, or it cannot output 1 (which means that the encrypted messages are identical) when the two input ciphertexts are of different messages. Under a redefined security model for AoN-PKEAET, we give the detailed security proof of the proposed scheme.
Highlights
There is an increasing trend that more and more organizations and individuals begin to consider having their data stored and processed by a third-party provider [1]–[4]
AoN-public key encryption with equality test (PKEET) is allowed with a simple authorization mechanism which enables users to specify who can perform plaintext equality test from their ciphertexts
The proposed AoN-PKEET scheme is practical because it is implemented without the time-consuming bilinear mapping and achieves the one-wayness against chosen ciphertext attacks (OW-CCA) and indistinguishability under chosen ciphertext attacks (IND-CCA) security as usual PKEET schemes do
Summary
There is an increasing trend that more and more organizations and individuals begin to consider having their data stored and processed by a third-party provider [1]–[4]. In 2016, Ma [10] extended PKEET to identity-based setting and proposed the notion of identity-based encryption with equality test (IBEET) These constructions [5]–[11] of PKEET (or IBEET) achieve the security of one-wayness against chosen ciphertext attacks (OW-CCA) (with authorization) or the indistinguishability under chosen ciphertext attacks (IND-CCA) (without authorization) in random oracle model. An common weakness among SE, DE, OPE/ORE mentioned above is that all of them fail to support equality test between the ciphertexts under different public keys. (2) We enhance the security of traditional AoN-PKEET by adding an authentication operation to the Test algorithm of AoN-PKEET, which prevents the ciphertexts from being tampered and ensures that no misjudgement occurs when testing the equality of ciphertexts This results in a new primitive AoN-PKEAET (all-or-nothing public-key encryption with authenticated equality test), which is more suitable for some applications, for example, private set intersection where it should be ensured that there is no misjudgement.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call