Certificateless Encryption Supporting Multi-Ciphertext Equality Test with Proxy-Assisted Authorization

Abstract

Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine, without decryption, whether two ciphertexts encrypted with different public keys generate from the same message. In previous research, public key encryption with equality test (PKEET) was extended to include identity-based encryption with equality test (IBEET), thereby broadening the application of PKEET. Subsequently, certificateless encryption with equality test (CLEET) was introduced to address the key escrow problem in IBEET. However, existing CLEET schemes suffer from inefficiency and potential information leakage when dealing with multiple ciphertexts due to the need for pairwise equality tests. To address this issue, we propose a concept of certificateless encryption supporting multi-ciphertext equality test with proxy-assisted authorization (CLE-MET-PA). CLE-MET-PA incorporates the functionality of the multi-ciphertext equality test into CLEET, enabling a tester to perform a single equality test on multiple ciphertexts to determine whether the underlying plaintexts are equal, without revealing any additional information. This enhances the security of our scheme while significantly reducing the computational overhead compared to multiple pairwise equality tests, making our scheme more efficient. Additionally, our approach integrates proxy-assisted authorization, allowing users to delegate a proxy to grant authorizations for equality tests on their behalf when offline. Importantly, the proxy token used in our scheme does not include any portion of the user’s private key, providing enhanced protection compared to traditional PKEET schemes in which the user token is often part of the user’s private key. We construct a concrete CLE-MET-PA scheme and prove that it achieves CPA security and attains CCA security through an FO transformation.