PKE-MET: Public-Key Encryption With Multi-Ciphertext Equality Test in Cloud Computing

Abstract

Cloud computing enables users to remove the necessity of the need of local hardware architecture, which removes the burden of the users from high computation costs. Therefore, it has attracted much attention and research has been conducted heavily on it. To protect users’ privacy, data is usually encrypted prior to being sent to the cloud server. As the resulting system is unusable, since the cloud can no longer search throughout the data, new cryptographic primitive such as public-key encryption with equality test (PKEET) has been introduced. In PKEET, users can test whether the underlying messages of two ciphertexts encrypted under different public keys are equal or not without the need to decrypt those ciphertexts. This is a very useful tool, especially for the cloud database, since PKEET mainly focuses on the equality test between two ciphertexts. However, in practice, the cloud server may need to verify the equivalence among more than two ciphertexts. This leads to disclosing unnecessary information of users and redundant computation cost will also occur when using traditional PKEET schemes. How to make this more efficient and practical remains an interesting research problem. In this article, to solve the aforementioned problems by providing a novel concept of public-key encryption with multi-ciphertext equality test (PKE-MET). In PKE-MET, each ciphertext can designate a number <inline-formula><tex-math notation="LaTeX">$s$</tex-math></inline-formula> such that the cloud server can only perform equality test on this ciphertext with other <inline-formula><tex-math notation="LaTeX">$s-1$</tex-math></inline-formula> ciphertexts, where all their designated numbers are <inline-formula><tex-math notation="LaTeX">$s$</tex-math></inline-formula> . For PKE-MET, besides traditional OW-CPA and IND-CPA security, we specially define Number security. We instantiate PKE-MET to a concrete scheme and give its security proof. Furthermore, to enable the primitive to be more practical in applications, we extend it to the concept of PKE with flexible MET (PKE-FMET). In PKE-FMET, the cloud server can perform equality test on any number of ciphertexts as long as the maximum number of their designated numbers is less than or equal to the number of ciphertexts. We construct a PKE-FMET scheme based on our PKE-MET construction and prove its security under the defined security models. Besides, the performance analysis mainly of efficiency and security between our constructions and existing equality test schemes in cloud computing show that our proposed schemes are more efficient and secure in the multi-ciphertext scenario.