Public Key Encryption with Authorized Equality Test on Outsourced Ciphertexts for Cloud-Assisted IoT in Dual Server Model

Zhao, Meng; Ding, Yong; Tang, Shijie; Liang, Hai; Wang, Huiyong

doi:https://doi.org/10.1155/2022/4462134

Wireless Communications and Mobile Computing

On this page

Abstract Introduction Preliminaries System Model Analysis Conclusion Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Security and Privacy Challenges for Internet-of-Things and Fog Computing 2021

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 4462134 | https://doi.org/10.1155/2022/4462134

Public Key Encryption with Authorized Equality Test on Outsourced Ciphertexts for Cloud-Assisted IoT in Dual Server Model

Meng Zhao,¹Yong Ding,^1,2Shijie Tang,³Hai Liang,¹and Huiyong Wang⁴

Academic Editor: Ximeng Liu

Received24 Aug 2021

Revised06 Oct 2021

Accepted15 Oct 2021

Published20 Jan 2022

Abstract

In cloud computing, the outsourced data face many privacy and security threats. To allow the cloud server to perform comparison, search, and classification on outsourced ciphertexts while simultaneously providing privacy guarantee, the encryption method that supports the ciphertext equality test is considered as a promising way. Users are able to authorize the cloud server to conduct the ciphertext equality test, so that two ciphertexts can be determined whether they encrypt the same message without being decrypted. In this process, users do not need to retrieve, decrypt, and then perform comparison on data; thus, the computing and communication efficiency can be greatly improved, and the privacy of user data can be guaranteed at the cloud server side. However, existing encryption schemes supporting authorized ciphertext equality test in the single server model cannot resist the keyword guessing attacks, and the solutions in the dual server model do not provide simultaneous authorization on two servers. To address these issues, this paper proposes a public key encryption scheme supporting authorized equality test on ciphertexts in the dual server model (PKE-AUT), where the primary server and secondary server must get the authorization from users before performing a sequential equality test on ciphertexts. Security and performance analysis demonstrate that the proposed PKE-AUT scheme not only guarantees the privacy of user data and authorization but also is practical in cloud-assisted IoT-related applications.

1. Introduction

In recent years, the cloud computing and Internet of Things (IoT) technologies have developed rapidly and become widely used. By leveraging the powerful computing capability and massive storage resources of cloud servers, the collected IoT data can be outsourced to cloud servers to save local storage and computing resources [1]. However, to guarantee the privacy of the user’s sensitive information, the data should be encrypted before being outsourced, so that only the data in ciphertext format would be stored at the cloud server [2, 3]. Data encrypted with classic cryptographic schemes does not support equality test, keyword search, calculation, and other operations on ciphertexts, so that users need to download their outsourced data to the local and then complete the corresponding operations after decryption. Thus, this process would bring huge computing and communication burdens to users, while failing to reflect the advantages of cloud computing services [4, 5].

To enable equality test on outsourced ciphertexts, many public key encryption schemes [6–8] and identity-based encryption schemes [9–12] have been proposed in the single server model. After the cloud server received the authorization from the user, it is able to perform the equality test on outsourced ciphertexts or some related operations such as encrypted data classification [13, 14] based on the equality test, without decryption. However, since these solutions were proposed in the single cloud server model, the authorized cloud server would be able to launch keyword guessing attacks on outsourced ciphertexts to infer user data [4, 15], which causes damage to the privacy of users. Specifically, the cloud server is able to generate ciphertexts on many messages using the public keys of some users. Note that the cloud server should hold the authentication from these users. In this way, the cloud server can compare the generated ciphertexts with the stored ones, which would leak the message information if some pairs of ciphertexts are matched.

To resist the above-mentioned keyword guessing attacks faced by outsourced ciphertexts under the single server model, Wu et al. [15] proposed an identity-based encryption scheme under the dual server model for data classification in the mobile health social network. With their scheme, the user can authorize the primary server to generate relevant intermediate parameters, and the secondary server can further determine whether the two ciphertexts encrypted the same plaintext according to these intermediate parameters. These two servers would not collude to launch the attacks on outsourced user data. During the execution of their solution, the secondary server without obtaining the legal authorization of the user can perform the equality test on ciphertexts from the intermediate results generated by the primary server.

1.1. Our Contributions

This paper proposes a public key encryption scheme supporting the authorized equality test on outsourced ciphertexts (PKE-AUT) in the dual server mode. Similar to [15], the primary server and secondary server would not collude for compromising the confidentiality of outsourced data. Without authorization from the data user, both servers are unable to perform any operation on outsourced ciphertexts. After obtaining the same authorization from the data user, the primary server and secondary server sequentially perform the equality test on outsourced ciphertexts; that is, the authorized primary server produces and sends the intermediate parameters to the secondary server, then the authorized secondary server can complete the equality test procedure.

In the proposed PKE-AUT scheme, the authorizations generated for two servers are the same. The authorization is encrypted by the data user, so that only the primary server and secondary server are able to decrypt the authorization with their privacy keys, respectively; in this way, the computing costs for producing authorization can be reduced and the privacy of authentication can be protected during transmission. Security analysis shows that the proposed PKE-AUT scheme can guarantee the privacy of outsourced ciphertexts in two phases before and after the primary and secondary servers are authorized. Efficiency analysis demonstrates that the proposed PKE-AUT scheme is suitable for IoT-related applications.

1.2. Related Works

Many studies have been conducted on the authorized equality test on ciphertexts in different application scenarios. Yang et al. [6] introduced the first probabilistic public key encryption scheme with equality test on ciphertexts (PKEET), where anyone without authorization was able to check whether the ciphertexts generated with different public keys encrypt the same data. Thus, when deployed in cloud computing, their scheme allows an unauthorized cloud server to compare the outsourced ciphertexts of different users.

Since Yang et al.’s work [6], many encryption schemes supporting the authorized equality test on ciphertexts in the single server model have been proposed [7, 16], such that the cloud server can only compare the ciphertexts after being authorized. In [17], Tang designed an all-or-nothing encryption scheme, where the cloud can test the ciphertexts only after being independently authorized by their owners. In [18], Lee et al. analyzed the security of Huang et al.’s construction [19] and presented a security-enhanced scheme. An identity-based encryption scheme with equality test on ciphertexts (IBEET) was constructed in [20], which combines the PKEET and identity-based encryption technologies. Lee et al. [21] studied the semigeneric constructions of PKEET and IBEET and proved their security under the Computational Diffie-Hellman (CDH) and Computational Bilinear Diffie-Hellman (CBDH) assumptions, respectively.

The mechanism of the equality test on ciphertexts has been used in equi-join in relational databases and secure deduplication of encrypted data. Pang and Ding [22] investigated equi-join across encrypted tables in the database in private key setting, where for an outsourced database, the user is able to control which data tables the cloud server can perform equi-join according to some data fields by issuing authorization. Then, controlled equi-join for encrypted databases in the public key setting was considered in [23]. Also, the technology of the equality test on ciphertexts was employed by Cui et al. [24] and Yan et al. [25] in achieving secure deduplication on outsourced data in clouds, without sacrificing data privacy.

Postquantum encryption schemes supporting the equality test on ciphertexts have also received attention from researchers. Le et al. [26] proposed the first lattice-based signcryption scheme with equality test on ciphertexts in the standard model, which was proven secure against insider attacks. Susilo et al. [27] designed an efficient postquantum IBEET scheme with smaller ciphertext and public key size, which enjoys CCA2 security. Nguyen et al. [10] presented a lattice-based IBEET scheme in the standard model, which supports flexible authorization for equality test so that the user is able to control the comparison of their ciphertexts with others.

1.3. Paper Organization

The remainder of this paper is organized as follows. Section 2 introduces the preliminaries for the proposed PKE-AUT scheme. Section 3 describes the system model and security requirements for the PKE-AUT system in the dual server model. A description of our PKE-AUT scheme is presented in Section 4, followed by the security and performance analysis in Section 5. Section 6 concludes the paper.

2. Preliminaries

This section reviews the bilinear groups, the Computational Diffie-Hellman (CDH) problem and the Computational Bilinear Diffie-Hellman (CBDH) problem.

2.1. Bilinear Groups

Let and be two cyclic groups of prime order . The map is a bilinear pairing if it satisfies the following conditions: (i)Bilinearity: for any and , we have (ii)Nondegeneracy: there exists such that (iii)Computability: for , there is an efficient algorithm to compute

2.2. Complexity Assumptions

The security of our construction relies on the following two assumptions.

CDH assumption. Let be a cyclic group of prime order . Given a tuple where , there is no probabilistic ploynomial-time algorithm to compute with nonnegligible probability.

CBDH assumption. Let and be two cyclic groups of prime order and satisfy bilinear pairing . Given a tuple where , there is no probabilistic ploynomial-time algorithm to compute with nonnegligible probability.

3. System Model and Security Requirements

3.1. System Model

As shown in Figure 1, the PKE-AUT system under the dual server model consists of four types of entities, namely, trusted authority, primary server, secondary server, and users. The trusted authority is responsible for initializing the system, picking the security parameter, and producing public system parameters. Both data sender and data receiver are system users. Before being uploaded to the primary server, the data is encrypted using the public keys of the data receiver and two servers, so that only the data in the ciphertext format is outsourced. The data receiver is able to retrieve the data from the primary server for decryption with his private key and issue the same authorization to the primary and secondary servers, so that the two servers can jointly perform equality test on ciphertexts.

In the PKE-AUT system, the primary server and secondary server are assumed not to collude. All outsourced data are stored at the primary server in ciphertext format to protect their privacy. After being authorized, the primary server can perform the partial equality test procedure on outsourced ciphertexts, where the intermediate results would be produced and sent to the secondary server for processing. The second server further determines whether the ciphertexts encrypt the same data according to the intermediate results and gives the final equality test result to the data user. This equality test procedure with two phases can be executed in multiuser setting; that is, the primary and secondary servers can perform the equality test on ciphertexts of multiple users according to their authorization.

3.2. Security Requirements

In the PKE-AUT system under the dual server model, the primary server and the secondary server are independent and would not collude to attack the outsourced data. A secure PKE-AUT system has to satisfy the following requirements. (i)Data privacy against the primary server: user data are stored at the primary server. Although the primary server is authorized to perform the equality test on ciphertexts, it cannot obtain the plaintexts from ciphertexts.(ii)Data privacy against the secondary server: after obtaining the authorization for conducting equality test from users, the secondary server cannot deduce the plaintext information of outsourced data from the received intermediate results.(iii)Privacy protection on authentication: the authentication generated by the data user can only be decrypted by the primary server and secondary server.

3.3. System Framework

A PKE-AUT scheme is composed of nine procedures, namely, the system setup, user key generation, server key generation, data encryption, data decryption, authentication generation, authentication recovery, primary server equality test, and secondary server equality test.

System setup: on input of the security parameter , which is carried out by the trusted authority, outputs the system public parameters . We denote .

User key generation: on input of the system public parameters , the user key generation procedure, which is carried out by each user , generates a pair of public key and secret key . We denote .

Server key generation: on input of the system public parameters , the server key generation procedure, which is carried out by each server including the primary server and secondary server , generates a pair of public key and secret key . We denote .

Data encryption: on input of the public keys of data receiver , primary server and secondary server , and a message , the data encryption procedure, which is run by the data sender, generates a ciphertext and outsources it to the primary server . We denote .

Data decryption: on input of the secret key of user , the public keys of primary server and secondary server , and a ciphertext , the data decryption procedure, which is run by the data receiver, outputs a plaintext or that signifies an error in decryption. We denote .

Authentication generation: on input of the secret key of user and the public keys of primary server and secondary server , the authentication generation procedure, which is run by user , generates a ciphertext authentication for two servers. Note that two servers have the same ciphertext authentication . We denote .

Authentication recovery: on input of a ciphertext authentication , the secret key of primary server (resp., of secondary server ), and the public key of secondary server (resp., of primary server ), the authentication recovery procedure, which is run by the primary server (resp., secondary server ), outputs a plaintext authentication or that signifies an error in recovery. We denote or .

Primary server equality test: on input of the authentications and of two users and , respectively, their public keys and , their ciphertexts and , and the secret key of the primary server , the first equality test procedure, which is run by the primary server , outputs an intermediate result and gives it to the secondary server . We denote .

Secondary server equality test: on input of the authentications and of two users and , respectively, their public keys and , an intermediate result , and the secret key of the secondary server , the second equality test procedure, which is run by the secondary server , outputs if and encrypt the same message or otherwise. We denote .

A PKE-AUT scheme must be sound in the sense that (1) each ciphertext produced by the data encryption procedure is decryptable by the data decryption procedure; (2) the ciphertext authentication produced by the authentication generation procedure can be recovered by the authentication recovery procedure; (3) for any two ciphertexts that encrypt the same message, which may be generated by different users, the two equality test procedures must finally output 1; and (4) for any two ciphertexts that encrypt different messages, which may be generated by different users, the two equality test procedures must finally output with overwhelming probability.

Definition 1 (soundness). A PKE-AUT scheme is sound if, for any security parameter , any public parameters , any public/secret key pairs of two users and , and any public/secret key pairs of two servers and , the following conditions hold: (i)For any message , .(ii) and .(iii)For any two messages such that and , if , then ; otherwise, , where , , and , and denotes a negligible function.

4. PKE-AUT Construction

4.1. Concrete Construction

This section presents our PKE-AUT construction on bilinear groups in the dual server model, where a running procedure is shown in Figure 2. The frequently used symbols are summarized in Table 1.

4.1.1. System Setup

With security parameter , the trusted authority picks two cyclic groups and of prime order , which satisfy bilinear mapping . It also chooses four cryptographic hash functions , , , and , where denotes the element size in group and represents the size of messages. The system public parameters are .

4.1.2. User Key Generation

Each user randomly picks three elements and computes

Thus, the public key and secret key of user are and , respectively.

4.1.3. Server Key Generation

The primary server randomly selects two elements and computes

Thus, the public key and secret key of primary server are and , respectively. In a similar way, the secondary server is able to generate its public key and secret key .

4.1.4. Data Encryption

For a message , the data sender randomly picks and computes the ciphertext as follows: where denotes the concatenation of strings and represents the XOR operation. Then, the ciphertext is sent to the primary server .

4.1.5. Data Decryption

Given a ciphertext , the data receiver computes where then verifies

If both equalities hold, then the data receiver outputs , otherwise .

4.1.6. Authentication Generation

Data user randomly picks an element and computes the ciphertext authentication as follows:

Data user sends the ciphertext authentication to two servers and .

4.1.7. Authentication Recovery

The primary server computes and verifies

If the equality in (12) is satisfied, then the primary server outputs plaintext authentication , otherwise outputs symbol . The secondary server can run the recovery procedure to obtain the same plaintext authentication in the similar way.

4.1.8. Primary Server Equality Test

For ciphertext of user and ciphertext of user , the primary server generates the intermediate result according to their authentications and as follows. The primary server computes

It continues to compute

The intermediate result is sent to the secondary server .

4.1.9. Secondary Server Equality Test

For the received intermediate result , the secondary server verifies

If the equality in (15) is satisfied, then the secondary server outputs ; otherwise, it outputs .

4.2. Soundness

Theorem 1. The proposed PKE-AUT scheme in the dual server model is sound.

Proof. (1)For data decryption, since we have Thus, the equalities in (8) and (9) hold.(2)For authentication recovery, since the equality in (12) is satisfied.(3)For equality test on ciphertexts, since we have Also, we know It can be seen that if and only if , the equality in (15) is satisfied.
Therefore, the proposed PKE-AUT scheme in the dual server model is sound.

5. Analysis and Comparison

5.1. Security Analysis

Theorem 2. The proposed PKE-AUT scheme in the dual server model can protect the privacy of outsourced data against the primary server.

Proof. The ciphertext in the proposed PKE-AUT scheme has the similar form in Lee et al.’s scheme [18]. The difference lies in that for generating the second element in ciphertext, all the public keys of the data receiver and two servers should be used in the proposed PKE-AUT scheme; in this way, these two servers after being authorized are allowed to jointly perform the equality test on ciphertexts with their private keys. The proof is similar to that of Theorem 4. 1 in [18], except for a small difference in the simulation on the decryption oracle; that is, the proposed PKE-AUT scheme offers the indistinguishability under adaptive chosen ciphertext attacks (IND-CCA) against the primary server assuming the CDH and CBDH assumptions hold.

Theorem 3. The proposed PKE-AUT scheme in the dual server model can protect the privacy of outsourced data against the secondary server.

Proof. In the proposed PKE-AUT scheme, all outsourced ciphertexts are stored at the primary server. During the process of equality test on ciphertexts, only the intermediate result is delivered to the secondary server by the primary server. Note that the pairs and have the similar form of Lee et al.’s scheme [18], where the difference lies in that their scheme also has another element for enabling decryption by the user. Thus, the proof is similar to that of Theorem 4.1 in [18]; that is, the proposed PKE-AUT scheme is IND-CCA secure against the secondary server under the CDH and CBDH assumptions.

Theorem 4. The proposed PKE-AUT scheme in the dual server model can protect the privacy of authentication.

Proof. The ciphertext authentication generated by the proposed PKE-AUT scheme has the similar format as the ciphertexts in Boneh and Franklin’s identity-based encryption scheme (Section 4 of [28]). The difference is that in the input to the hash function , the public keys of two servers are both used in evaluating , whereas the user identity and public parameters are used in Boneh and Franklin’s scheme [28]. Thus, the proof is similar to that of Theorem 4.1 in [28]; that is, the authentication in the proposed PKE-AUT scheme enjoys the indistinguishability under chosen plaintext attacks (IND-CPA) assuming the CBDH assumption holds.

5.2. Performance Analysis

This section analyzes the performance of the proposed PKE-AUT scheme and compares with existing schemes, where only resource-intensive operations such as exponentiation, bilinear pairing, and map-to-point hash function are considered. The comparison with Wu et al.’s scheme [15] is shown in Table 2, where denote the evaluation costs of a bilinear pairing , an exponentiation in group , and a map-to-point hash function, respectively.

It can be seen from Table 2 that, for producing a pair of public and secret keys for each user, our procedure requires 3 exponentiations in group . Although our procedure has one more exponentiation than Wu et al.’s scheme [15], it does not take any map-to-point hash evaluation. The procedure in our PKE-AUT scheme is executed by the primary server and secondary server, respectively, for generating their public and secret keys. Thus, their key pairs have the same form, where each takes 2 exponentiations in group . While in Wu et al.’s scheme [15], the two servers run different key generation procedures, which implies their key pairs are in different form and take two and one exponentiation in group , respectively.

In the data encryption phase, the exponentiations in group in our PKE-AUT scheme and Wu et al.’s scheme [15] can be transformed into exponentiations in group ; in this way, the corresponding parameters can be used in multiple steps and the efficiency can be improved. In this case, the of our PKE-AUT scheme takes one less bilinear pairing operation than that in Wu et al.’s scheme [15] for encrypting a message. Note that our PKE-AUT scheme is able to concurrently authorize the primary server and secondary server to perform the equality test on ciphertexts, which makes the ciphertext contain more elements than that of Wu et al.’s scheme [15]. Thus, for data decryption, our PKE-AUT scheme should take more computations than Wu et al.’s scheme [15].

In our PKE-AUT scheme, the data user is able to generate the ciphertext authentication for two servers; that is, the same ciphertext authentication can be recovered by both the primary server and the secondary server with their respective secret keys. Thus, the computing costs for authentication generation can be reduced compared to issuing an authentication for each server separately. Since the exponentiation in group can be converted to the one in group , both and procedures have the same computing costs, that is, two exponentiations in group and one map-to-point hash evaluation. In Wu et al.’s scheme [15], the privacy of authentication is not considered.

With authentication, the primary server and secondary server can cooperatively perform the equality test on ciphertexts. In our PKE-AUT scheme, both equality test procedures for two servers should take more exponentiations in group than Wu et al.’s scheme [15], since the generation of the second element in the ciphertext of our PKE-AUT scheme requires more input parameters for achieving the equality test on the ciphertext by two servers. It can be seen that the two servers in both schemes do not have the same computing costs, since the secondary server needs to run two bilinear pairings in generating the result of the equality test on a pair of ciphertexts.

The communication costs of our PKE-AUT scheme and Wu et al.’s scheme [15] are compared in Table 3. In our scheme, each ciphertext has three elements, while the ciphertext in Wu et al.’s scheme [15] contains five elements. Note that the message space of Wu et al.’s scheme [15] is cyclic group . Thus, when both schemes have the same message space , the ciphertext size of their scheme would be more than our PKE-AUT scheme. The authentication token was not encrypted for protecting privacy in Wu et al.’s scheme [15], which only contains one element in group . For the equality test procedure by the primary server, the generated intermediate result in our PKE-AUT scheme has three elements in group , while Wu et al.’s scheme [15] requires six elements in .

Moreover, we analyze the performance of our PKE-AUT scheme and compare with Wu et al.’s scheme [15] in the dual server model according to the experimental results of cryptographic operations in [29, 30]. In [29], the experiments were conducted on a platform with Windows 7 operating system, Intel [email protected] GHz CPU and 4 GB memory. Moreover, the MIRACL Cryptographic SDK [31] was invoked with . The execution time of some cryptographic operations are summarized in Table 4.

The performance of all procedures of our PKE-AUT scheme and Wu et al.’s scheme [15] is depicted in Figures 3 and 4, respectively. The case where each procedure is executed once is considered for both schemes. It can be seen that the proposed PKE-AUT scheme is more efficient than Wu et al.’s scheme [15] in encrypting a message. Although the decryption and equality test procedures take more time than Wu et al.’s scheme [15], our PKE-AUT scheme supports strict and symmetric authorization for equality test on ciphertexts. Thus, to achieve this, the public keys of two servers have to be used in generating the ciphertext in our PKE-AUT scheme, which makes the efficiency of decryption and equality test reduced slightly.

6. Conclusion

To address the issues of privacy protection and resistance of keyword guessing attacks on outsourced ciphertexts in clouds, this paper presented a public key encryption scheme supporting the authorized equality test on ciphertexts in the dual server mode (PKE-AUT). User data can be only stored at the primary server to save local storage costs. With the same authentication, the primary server and secondary server can jointly carry out the equality test on ciphertexts of the corresponding users. The mechanism of the equality test on ciphertexts can be run in a multiuser setting, such that after being authorized, the two servers can compare the ciphertexts of these multiple users. Security analysis showed that the proposed PKE-AUT scheme guarantees the privacy of outsourced ciphertexts against two servers, as well as the privacy of authentication. Performance analysis and comparison demonstrated the practicality of the proposed PKE-AUT scheme.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This article is supported in part by the National Natural Science Foundation of China under projects 61862012 and 61962012; the Guangxi Natural Science Foundation under grants 2019GXNSFFA245015 and 2019GXNSFGA245004; and the PCNL Major Key Project under grants PCL2021A09-4 and PCL2021A02-3.

References

H. Deng, Z. Qin, L. Sha, and H. Yin, “A flexible privacy-preserving data sharing scheme in cloud-assisted IoT,” IEEE Internet of Things Journal, vol. 7, no. 12, pp. 11601–11611, 2020.
View at: Publisher Site | Google Scholar
W.-B. Kim, D. Seo, D. Kim, and I.-Y. Lee, “Group delegated ID-based proxy reencryption for the enterprise IoT-cloud storage environment,” Wireless Communications and Mobile Computing, vol. 2021, 12 pages, 2021.
View at: Publisher Site | Google Scholar
X. Liu, R. H. Deng, K.-K. R. Choo, and Y. Yang, “Privacy-preserving outsourced clinical decision support system in the cloud,” IEEE Transactions on Services Computing, vol. 14, no. 1, pp. 222–234, 2021.
View at: Google Scholar
R. Chen, Y. Mu, G. Yang, F. Guo, and X. Wang, “Server-aided public key encryption with keyword search,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 12, pp. 2833–2842, 2016.
View at: Publisher Site | Google Scholar
Y. Wang, H. H. Pang, N. H. Tran, and R. H. Deng, “CCA secure encryption supporting authorized equality test on ciphertexts in standard model and its applications,” Information Sciences, vol. 414, pp. 289–305, 2017.
View at: Publisher Site | Google Scholar
G. Yang, C. H. Tan, Q. Huang, and D. S. Wong, “Probabilistic public key encryption with equality test,” in Proceedings of the 2010 international conference on topics in cryptology, CT-RSA’10, pp. 119–131, Berlin, Heidelberg, 2010.
View at: Publisher Site | Google Scholar
S. Ma, M. Zhang, Q. Huang, and B. Yang, “Public key encryption with delegated equality test in a multi-user setting,” The Computer Journal, vol. 58, no. 4, pp. 986–1002, 2014.
View at: Publisher Site | Google Scholar
Y. Wang, Q. Huang, H. Li, J. Huang, G. Yang, and W. Susilo, “Public key authenticated encryption with designated equality test and its applications in diagnostic related groups,” IEEE Access, vol. 7, pp. 135999–136011, 2019.
View at: Publisher Site | Google Scholar
T. Wu, S. Ma, Y. Mu, and S. Zeng, “ID-based encryption with equality test against insider attack,” in Australasian conference on information security and privacy, J. Pieprzyk and S. Suriadi, Eds., pp. 168–183, Cham, 2017.
View at: Google Scholar
G. L. D. Nguyen, W. Susilo, D. H. Duong, H. Q. Le, and F. Guo, “Lattice-based IBE with equality test supporting flexible authorization in the standard model,” in Progress in Cryptology – INDOCRYPT 2020, K. Bhargavan, E. Oswald, and M. Prabhakaran, Eds., pp. 624–643, Springer International Publishing, Cham, 2020.
View at: Google Scholar
Y. Ling, S. Ma, Q. Huang, X. Li, Y. Zhong, and Y. Ling, “Efficient group ID-based encryption with equality test against insider attack,” The Computer Journal, vol. 64, no. 4, pp. 661–674, 2021.
View at: Publisher Site | Google Scholar
Y. Xu, M. Wang, H. Zhong, and S. Zhong, “IBEET-AOK: ID-based encryption with equality test against off-line KGAs for cloud medical services,” Frontiers of Computer Science, vol. 15, no. 6, article 156814, 2021.
View at: Publisher Site | Google Scholar
Y. Wang, Y. Ding, Q. Wu, Y. Wei, B. Qin, and H. Wang, “Privacy-preserving cloud-based road condition monitoring with source authentication in VANETs,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 7, pp. 1779–1790, 2019.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Hou, X. Huang, and Y. Zhao, “Secure message classification services through identity-based signcryption with equality test towards the internet of vehicles,” Vehicular Communications, vol. 26, article 100264, 2020.
View at: Google Scholar
L. Wu, Y. Zhang, and D. He, “Dual server identity-based encryption with equality test for cloud computing,” Journal of Computer Research and Development, vol. 54, no. 10, pp. 2232–2243, 2017.
View at: Google Scholar
Q. Tang, “Towards public key encryption scheme supporting equality test with fine-grained authorization,” in Proceedings of the 16th Australasian Conference on Information Security and Privacy, ACISP’11, pp. 389–406, Berlin, Heidelberg, 2011.
View at: Google Scholar
Q. Tang, “Public key encryption supporting plaintext equality test and user-specified authorization,” Security and Communication Networks, vol. 5, no. 12, pp. 1351–1362, 2012.
View at: Publisher Site | Google Scholar
H. T. Lee, S. Ling, J. H. Seo, and H. Wang, “CCA2 attack and modification of Huang et al.’s public key encryption with authorized equality test,” The Computer Journal, vol. 59, no. 11, pp. 1689–1694, 2016.
View at: Publisher Site | Google Scholar
K. Huang, R. Tso, Y.-C. Chen, S. M. M. Rahman, A. Almogren, and A. Alamri, “PKE-AET: public key encryption with authorized equality test,” The Computer Journal, vol. 58, no. 10, pp. 2686–2697, 2015.
View at: Publisher Site | Google Scholar
S. Ma, “Identity-based encryption with outsourced equality test in cloud computing,” Information Sciences, vol. 328, pp. 389–402, 2016.
View at: Publisher Site | Google Scholar
H. T. Lee, S. Ling, J. H. Seo, and H. Wang, “Semi-generic construction of public key encryption and identity-based encryption with equality test,” Information Sciences, vol. 373, pp. 419–440, 2016.
View at: Publisher Site | Google Scholar
H. Pang and X. Ding, “Privacy-preserving ad-hoc equi-join on outsourced data,” ACM Transactions on Database Systems (TODS), vol. 39, no. 23, pp. 1–40, 2014.
View at: Publisher Site | Google Scholar
Y. Wang and H. H. Pang, “Probabilistic public key encryption for controlled equijoin in relational databases,” The Computer Journal, vol. 60, no. 4, pp. 600–612, 2016.
View at: Publisher Site | Google Scholar
H. Cui, R. H. Deng, Y. Li, and G. Wu, “Attribute-based storage supporting secure deduplication of encrypted data in cloud,” IEEE Transactions on Big Data, vol. 5, no. 3, pp. 330–342, 2019.
View at: Publisher Site | Google Scholar
Z. Yan, M. Wang, Y. Li, and A. V. Vasilakos, “Encrypted data management with deduplication in cloud computing,” IEEE Cloud Computing, vol. 3, no. 2, pp. 28–35, 2016.
View at: Publisher Site | Google Scholar
H. Q. Le, D. H. Duong, P. S. Roy, W. Susilo, K. Fukushima, and S. Kiyomoto, “Lattice-based signcryption with equality test in standard model,” Computer Standards & Interfaces, vol. 76, article 103515, 2021.
View at: Publisher Site | Google Scholar
W. Susilo, D. H. Duong, and H. Q. Le, “Efficient post-quantum identity-based encryption with equality test,” in 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS), pp. 633–640, Hong Kong, 2020.
View at: Google Scholar
D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” SIAM Journal on Computing, vol. 32, no. 3, pp. 586–615, 2003.
View at: Publisher Site | Google Scholar
D. He, S. Zeadally, B. Xu, and X. Huang, “An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 12, pp. 2681–2691, 2015.
View at: Publisher Site | Google Scholar
W. Xiong, R. Wang, Y. Wang, F. Zhou, and X. Luo, “CPPA-D: efficient conditional privacy-preserving authentication scheme with double-insurance in VANETs,” IEEE Transactions on Vehicular Technology, vol. 70, no. 4, pp. 3456–3468, 2021.
View at: Publisher Site | Google Scholar
MIRACL Cryptographic SDK: multiprecision integer and rational arithmetic cryptographic library, https://github.com/miracl/miracl.

Copyright

Copyright © 2022 Meng Zhao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

464

Downloads

556

Citations