Xi-Jun Lin,Lin Sun,Haipeng Qu,Xiaoshuai Zhang

DOI: https://doi.org/10.1016/j.comcom.2021.02.006

IF: 5.047

2021-01-01

Computer Communications

Abstract:Public key encryption with equality test (PKEET) is an important cryptographic primitive for protecting users? outsourced data in the cloud-based email systems. Due to the fact that it is required to deploy different authorization policies for the demand of dynamic privacy protection in the cloud-based email systems, Ma et al. recently presented a new related primitive, called public key encryption with equality test supporting flexible authorization (PKEET-FA). In their proposal, four types of authorization were considered to support different authorization policies. Their proposal is based on the bilinear pairings. However, as the basic operation of equality test, bilinear pairings are expensive operations compared with modular multiplications and modular inverses. Hence, it is desired to propose a new method for constructing efficient equality test with modular multiplications and modular inverses. In this paper, we present such a PKEET-FA scheme. Compared with Ma et al.?s, our proposal is (surprisingly) more efficient, especially in terms of equality test. Moreover, our proposal supports an additional type of authorization, called user-specific ciphertext-to-user (or user-specific user-to-ciphertext) level authorization. Hence, ours is more flexible than Ma et al.?s.

Kai Zhang,Jie Chen,Hyung Tae Lee,Haifeng Qian,Huaxiong Wang

DOI: https://doi.org/10.1016/j.tcs.2018.06.048

IF: 1.002

2018-01-01

Theoretical Computer Science

Abstract:Public key encryption with equality test (PKEET) is a special kind of public encryption scheme (PKE) that allows a tester to perform equality tests on ciphertexts generated by different public keys as well as the same public key. This feature enables us to apply PKEET to various scenarios in practice, such as efficient data management on encrypted databases and spam filtering in encrypted email systems. From these reasons, since Yang et al. [1] first proposed the concept of PKEET, there have been proposed many PKEET schemes to improve efficiency or to enhance functionalities. However, to the best of our knowledge, almost all existing schemes were presented under assuming the existence of random oracles, except for generic construction proposed by Lee et al. On the other hand, their generic approach for PKEET employs a 2-level hierarchical identity-based encryption and a strongly unforgeable one-time signature, which suffers from low efficiency. In this paper, we propose an efficient PKEET scheme under a specific cryptographic assumption in the standard model. To this end, we first encrypt a message and its hash value in a parallel way by following the recently proposed strategy. Then, to prevent adaptive chosen ciphertext attacks (CCA2), we give a link between them by adapting the technique which was originally proposed for identity-based encryption and previously exploited to design efficient CCA2-secure PKE schemes. We show that our proposed construction satisfies formal security requirements for PKEET under the decisional bilinear Diffie-Hellman (DBDH) assumption in the standard model. As a result, we obtain a new PKEET scheme which has shorter ciphertext and trapdoor sizes, and improves computational costs for encryption, decryption, and test algorithms, by about 60%, 77%, and 66%, respectively, compared to a PKEET instantiation obtained by the prior generic framework. (C) 2018 Elsevier B.V. All rights reserved.

Kaifeng Xiao,Xinjian Chen,Jianye Huang,Hongbo Li,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103758

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space.

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security

Kaibin Huang,Raylin Tso,Yu-Chi Chen,Wangyu Li,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-11698-3_45

2014-01-01

Abstract:We proposed a new public key encryption scheme with equality test (PKEET), which stands for a public key encryption scheme with comparable ciphertext. The equivalence among ciphertext under PKEET schemes can be verified without decryption. In some PKEET algorithms like Tang's AoN-PKEET, which is called authorization-based PKEET, the equality test functionality is restricted to some authorized users: only users who own authorities are able to perform equality test functions. For the best of our knowledge, the authorities of all existing authorization-based PKEET schemes are valid for all ciphertext encrypted under the same public key. Accurately, we propose a CBA-PKEET scheme following Tang's AoN-PKEET scheme, which means a PKEET scheme with ciphertext-binded authorities (CBA). Each ciphertext-binded authority is valid for a specific ciphertext, rather than all ciphertext encrypted under the same public key. Then, we compare the features and efficiency between our CBA-PKEET and some existing authorization-based PKEET schemes. Finally, the security of CBA-PKEET is proved in the random oracle model based on the some hard problems.

Ming Zeng,Jie Chen,Kai Zhang,Haifeng Qian

DOI: https://doi.org/10.1016/j.tcs.2019.05.033

IF: 1.002

2019-01-01

Theoretical Computer Science

Abstract:Public key encryption with equality test (PKEET) allows a tester to know whether ciphertexts are the encryptions of a same message or not by using the trapdoors issued from their owners, which is a useful cryptographic primitive can be deployed in many applications, such as in the mechanism of searching over encrypted data. Based on Hash Proof System (HPS) introduced by Cramer and Shoup, this paper presents an oversimplified paradigm for constructing PKEET in the standard model. Compared with the previous works that use identity-based encryption, strongly unforgeable one-time signature or other strong cryptographic primitives, our paradigm requires only the universal 2 property of HPS and provides an efficient way to obtain concrete PKEET schemes based on different assumptions in the standard model, since HPS has been shown can be easily realized from a board range of NP languages (e.g., DLIN-based, DCR-based, Lattice-based and so on). Moreover, to demonstrate the practicality of the proposed paradigm, we instantiate it based on two kinds of NP languages respectively, one is based on the decisional Diffie-Hellman (DDH) assumption, the other one is based on the decisional composite residuosity (DCR) assumption, which results in the first concrete PKEET schemes that in the standard model without using pairing operations, and the schemes' security are also based on the standard DDH assumption and the standard DCR assumption respectively.

Huijun Zhu,Qingji Xue,Tianfeng Li,Dong Xie

DOI: https://doi.org/10.3390/e24030309

2022-02-22

Abstract:Public key encryption supporting equality test (PKEwET) schemes, because of their special function, have good applications in many fields, such as in cloud computing services, blockchain, and the Internet of Things. The original PKEwET has no authorization function. Subsequently, many PKEwET schemes have been proposed with the ability to perform authorization against various application scenarios. However, these schemes are incapable of traceability to the ciphertexts. In this paper, the ability of tracing to the ciphertexts is introduced into a PKEwET scheme. For the ciphertexts, the presented scheme supports not only the equality test, but also has the function of traceability. Meanwhile, the security of the proposed scheme is revealed by a game between an adversary and a simulator, and it achieves a desirable level of security. Depending on the attacker's privileges, it can resist OW-CCA security against an adversary with a trapdoor, and can resist IND-CCA security against an adversary without a trapdoor. Finally, the performance of the presented scheme is discussed.

Yuanhao Wang,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2940646

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgments and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key authenticated encryption with designated equality test (PKAE-DET), which could resist this kind of attacks launched by an inside adversary, known as offline message recovery attacks (OMRA). We propose a concrete construction of PKAE-DET, which only requires one single server to perform the feature matching job securely, and does not require any group mechanism. We prove its security based on some simple mathematical assumptions. Experimental results show that our scheme has efficiency comparable with those PKEET schemes which do not resist OMRA attacks or require group mechanism. We further show how our scheme could be effectively used in diagnostic related groups in medicine, demonstrating its practicability.

Yujue Wang,HweeHwa Pang,Robert H. Deng,Yong Ding,Qianhong Wu,Bo Qin

DOI: https://doi.org/10.1016/j.ins.2019.03.039

IF: 8.1

2019-01-01

Information Sciences

Abstract:To address security and privacy issues in messaging services, we present a public key signcryption scheme with designated equality test on ciphertexts (PKS-DET) in this paper. The scheme enables a sender to simultaneously encrypt and sign (signcrypt) messages, and to designate a tester to perform equality test on ciphertexts, i.e., to determine whether two ciphertexts signcrypt the same underlying plaintext message. We introduce the PKS-DET framework, present a concrete construction and formally prove its security against three types of adversaries, representing two security requirements on message confidentiality against outsiders and the designated tester, respectively, and a requirement on message unforgeability against the designated tester. We also present three extensions, analyze the efficiency of our PKS-DET construction and extensions, and compare them with related schemes in terms of ciphertext sizes and computation costs of signcryption (encryption), unsigncryption (decryption) and ciphertext equality testing. Experimental results further confirmed the practicality of our construction.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Jianfei Sun,Yangyang Bao,Xuyun Nie,Hu Xiong

DOI: https://doi.org/10.1109/access.2018.2843565

IF: 3.9

2018-01-01

IEEE Access

Abstract:Public key encryption with equality test (PKE-ET) enables anyone to perform equivalence test between two messages encrypted under distinct public keys. Attribute-hiding predicate encryption is a paradigm for public key encryption that supports both attribute-hiding and fine-grained access control. In this paper, we first initialize the concept of attribute-hiding predicate encryption with equality test (AH-PE-ET) by incorporating the notions of PKE-ET and PE, and then propose a concrete AH-PE-ET scheme. Inheriting the merits of predicate encryption, versatile access control can be achieved such that the ciphertexts and the secret key are, respectively, associated with the descriptive attributes x and the boolean functions f and decryption can only be done if f (x) returns true. In the AH-PE-ET scheme, one data receiver can calculate a trapdoor using his/her private key and delivers this trapdoor to an untrusted cloud server, who in turn compares the ciphertexts from this receiver with other receivers' ciphertexts. During the comparison, the information about the trapdoor as well as the attributes associated with the ciphertexts will not be disclosed to this cloud server. Furthermore, it is also proven to be selectively secure against the chosen plaintext attack in the standard model under the decisional bilinear Diffie-Hellman assumption. Finally, the theoretical performance analysis and experimental simulation indicate the feasibility and practicability of our suggested scheme.

Zhi-Yan Zhao,Peng Zeng

DOI: https://doi.org/10.1109/access.2021.3092945

IF: 3.9

2021-01-01

IEEE Access

Abstract:Public key encryption with equality test (PKEET for short) is a new cryptographic primitive which allows a proxy to check whether two ciphertexts encrypted under different public keys are of the same plaintext. PKEET has become a prospective candidate for various application scenarios, such as data management on encrypted databases, personal health record systems, spam filtering in encrypted email systems. In this paper, we propose an efficient all-or-nothing public key encryption scheme with authenticated equality test (AoN-PKEAET for short). In comparison with the existing PKEET schemes, the proposed scheme provides a new feature of ciphertext authentication before the plaintext equality test. It ensures that no misjudgement occurs when testing the equality between ciphertexts. Specially, the $mathsf {Test}$ algorithm in the proposed scheme first authenticates the compared ciphertexts and the equality test is fulfilled only if the ciphertexts are authenticated as valid. With this new feature, the $mathsf {Test}$ algorithm cannot output 0 (which means that the encrypted messages are different) when the two input ciphertexts are of an identical message, or it cannot output 1 (which means that the encrypted messages are identical) when the two input ciphertexts are of different messages. Under a redefined security model for AoN-PKEAET, we give the detailed security proof of the proposed scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xi-Jun Lin,Lin Sun,Haipeng Qu

DOI: https://doi.org/10.1016/j.ins.2018.04.035

IF: 8.1

2018-01-01

Information Sciences

Abstract:Public key encryption with equality test (PKEET) allows the cloud server to test whether two ciphertexts are generated on the same message. Recently, Lee et al. proposed a semi generic approach for PKEET constructions by using the traditional public key encryption schemes. However, how to design a generic approach is still an open problem. In this paper, we propose a generic approach for PKEET constructions. Our approach can be easily extended to the identity-based setting. Compared with Lee et al's approach, ours is (surprisingly) more efficient. Moreover, we propose a new primitive, called signcryption with equality test (SCET). Compared with the traditional PKEET, SCET provides both confidentiality and authentication simultaneously. (C) 2018 Elsevier Inc. All rights reserved.

Karary university,Xiong Hu,Arab East Colleges for Graduate Studies,Ramadan Mohammed,Qin Zhiguang

DOI: https://doi.org/10.1007/s11276-020-02462-5

IF: 2.701

2020-01-01

Wireless Networks

Abstract:With the rapid popularity and wide adoption of cloud storage, providing privacy-preserving by protecting sensitive information becomes a matter of grave concern. The most effective and sensible way to address this issue is to encrypt the data before uploading it to the cloud. However, to search over encrypted data with different keys is still an open problem when it comes to the deployment of emerging technologies such as healthcare applications and e-marketplace systems. To address these issues, in this paper, we proposed a secure and efficient public-key encryption with an equality test technique that supports anonymous authorization, abbreviated as (PKEET-AA). Our proposed scheme allows a specific user to identify who can perform the equality test process among various cloud servers without compromising sensitive information. It also provides an anonymous approach to search for some statistical information about specific identical encrypted records in several databases. Moreover, we prove that our proposed PKEET-AA scheme is one-way secure against chosen-ciphertext attack (OW-CCA) and undistinguishable against adaptive chosen ciphertext attack (IND-CCA) in the random oracle model. Thus, to provide authorization/multi-authorization anonymity under the Decisional Diffie–Hellman assumption.

Qiang Wang,Li Peng,Hu Xiong,Jianfei Sun,Zhiguang Qin

DOI: https://doi.org/10.1109/access.2017.2775741

IF: 3.9

2017-01-01

IEEE Access

Abstract:Public key encryption supporting equality test (referred to as PKE-ET) provides the capability of testing the equivalence between two messages encrypted under different public keys. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising primitive to achieve versatile and secure data sharing in the cloud computing by providing flexible one-to-many encryption. In this paper, we first initialize the concept of CP-ABE with equality test (CP-ABE-ET) by combining the notions of PKE-ET and CP-ABE. Using ABE-ET primitive, the receiver can delegate a cloud server to perform an equivalence test between two messages, which are encrypted under different access policies. During the delegated equivalence test, the cloud server is unable to obtain any knowledge of the message encrypted under either access policy. We propose a concrete CP-ABE-ET scheme using bilinear pairing and Viete's formulas, and give the security proof of the proposed scheme formally in the standard model. Moreover, the theoretic analysis and experimental simulation reveal that the proposed scheme is efficient and practical.

Rashad Elhabob,Yanan Zhao,Alzubair Hassan,Hu Xiong

DOI: https://doi.org/10.1007/s11277-020-07190-9

IF: 2.017

2020-01-01

Wireless Personal Communications

Abstract:With the continuous development of the Internet of Things (IoT), a growing number of users choose to store the data collected from their smart devices on a cloud server for saving costs. However, the security and privacy issues that accompany the cloud-assisted IoT are also becoming increasingly apparent. Considering the untrusted nature of the cloud server, the data accumulated by the smart sensor must be encrypted before outsourcing to the cloud server. Nevertheless, the above mechanism raises another serious problem. For users of another public key cryptosystem, it is impractical to download all the data stored in the cloud to find the data he needs. To solve this problem, we first, proposed a public key encryption with equality test for heterogeneous systems (PKE-ET-HS) which combines the ideas of identity-based encryption with outsourced equality test and public key encryption with equality test. This scheme allows the authorized cloud server to retrieve whether two encryptions encrypted in a heterogeneous system contain equivalent messages. In addition, in the random oracle, the security of the proposed scheme has been given under the bilinear Diffie–Hellman assumption and the computational Diffie–Hellman assumption. Finally, storage size, computation complexity, and properties are compared with other related works. The results show that the PKE-ET-HS scheme proposed in this paper has a good performance.

Ping Zhang,Jinbo Li,Zhumu Fu

DOI: https://doi.org/10.3390/info13060265

2022-01-01

Information

Abstract:With the rapid development and wide application of cloud computing and 5G communication, the number of mobile users is increasing rapidly, meaning that cloud storage services are receiving more and more attention. The equality test technology of retrievable encrypted data has become a hot research topic among scholars in recent years. In view of the problem of offline keyword-guessing attacks (KGAs) caused by collusion between internal servers and users, a public key encryption with equality test scheme (RKGA-CET) with higher security against KGAs is proposed. Based on the assumed difficulty of the discrete logarithm problem (DLP) and the properties of bilinear mapping, a specific encryption algorithm that encrypts the keyword twice is designed. In the first encryption stage, we convert the keyword according to the property of isomorphism of a finite field. In the second encryption stage, we encrypt the converted keyword vector and embed the user's private key, and then perform the equality test. The algorithm ensures that the adversary cannot generate legal ciphertexts and implement KGAs when the secondary server is offline. At the same time, the algorithm also supports two authorization modes, in which case users can flexibly choose the corresponding authorization mode according to their own needs. Performance analysis shows that this scheme has overall superiority compared with other similar ones.

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.3837/tiis.2019.09.023

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

Yao Lu,Rui Zhang,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-642-36334-4_5

2013-01-01

Abstract:In CT-RSA 2010, Yang et al. suggested a new category of probabilistic public-key encryption (PKE) schemes, called public-key encryption with equality test (PKET), which supports searching on ciphertexts without decrypting them. Typical applications include management of encrypted data in an outsourced database. They presented a construction in bilinear groups, and proved that it is one-way against chosen ciphertext attack (OW-CCA) in the random oracle model. We argue that OW-CCA security may be too weak for database applications, because partial information leakage from the ciphertext is not considered in the model. In this paper, we revisit the security models for PKET, and introduce a number of new security definitions. To remark, the weakest of our definitions is still stronger than OW-CCA. We then investigate relations among these security definitions. Finally, to illustrate the usefulness of our definitions, we analyze the security of a PKET scheme [24], showing the scheme actually provides much stronger security than that was proven previously.

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied