Lightweight Searchable and Equality-Testable Certificateless Authenticated Encryption for Encrypted Cloud Data

Public key encryption with equality test (PKE-ET) is a novel cryptosystem to deal with the problem of multi-public-key encrypted data computing. It can be used to verify if different ciphertexts are encryptions of same plaintext under different public keys without decryption. As an extension of PKE-ET, certificateless encryption with equality test (CLE-ET) has the merits of no key escrow and no certificate. However, the existing CLE-ET schemes are vulnerable to the message recovery (MR) attack and suffer from low efficiency due to using the computationally expensive bilinear pairing. In this work, an elliptic-curve-based certificateless authenticated encryption with keyword search and equality test (CLAE-KS&ET) scheme is developed. The scheme not only provides resistance to the MR attack, but also satisfies the lightweight requirement of the resources-restricted environments. Moreover, it supports a ciphertext retrieval function resisting keyword guessing attacks. This function enables a user to seek out the desired ciphertexts on the cloud server first before making ciphertext equality test with others. Based on the computational Diffie-Hellman (CDH) and decisional Diffie-Hellman (DDH) problems, we formally prove its security. Compared with the existing CLE-ET schemes, it significantly improves computational efficiency and is more suited to the user terminals with limited resources in cloud.