As the development of Internet,the application of cloud storage brings great convenience to the data storage and sharing of people.To enhance data privacy,the users prefer to store their data in the form of ciphertext in the cloud server.Public key encryption with equality test(PKEET)can check whether two ciphertexts are encrypted from the same message or not without decryption.This concept could effectively help cloud server to handle users’ ciphertexts without the secret keys of the users.The first PKEET scheme does not specify a tester to execute equality test.That is to say,any entity could directly test all the ciphertexts of any user.This will threaten the user’s privacy.The attacker will obtain information of the message by testing ciphertexts of users constantly.Thus,the followers have limited the test rights of testers.In the related PKEET schemes,the user computes a trapdoor for the specified tester.This tester will use the trapdoor to test the authorized ciphertexts.However,there exist the problems of inflexible authorization and larger ciphertext size in current research works of PKEET.In this thesis,we will work on the related problems in PKEET.Our main works contain the following three aspects.First of all,we propose a PKEET supporting partial authentication scheme.In traditional authorization of PKEET,the tester can only test one ciphertext or all ciphertexts of one receiver with one authorization.It means that the receiver cannot adaptively authorize the test right of any number of ciphertexts to the tester.A trivial solution is authorizing one ciphertext each time and repeating multiple times.However,the corresponding size of trapdoor in this method is linear with the number of authorized ciphertexts.This will incur a storage bur-den for the tester.To solve the aforementioned problem,we propose the concept of PKEET supporting partial authentication(PKEET-PA).We then instantiate the concept to a PKEET-PA scheme which achieves a constant-size trapdoor.Under two types of adversaries,we prove that our PKEET-PA scheme is OW-CCA secure and IND-CCA secure.Compared with other PKEET schemes which can be used in trivial solution,our PKEET-PA is more efficient in re-ceivers’ computation and has a lower trapdoor size.Secondly,we propose a PKEET supporting designated authorization scheme.When the trapdoor has been stolen by the attacker,it can also use this trapdoor to test users’ ciphertexts.Therefore,current works have no real sense of limita-tion.In the test phase,if the trapdoor is replaced with the secret key of tester,the above risk will be resolved.In the related work,the tester needs to be assigned in advance.The tester’s public key will be used in encryption.However,if the user wants to authorize another tester to test his/her ciphertexts for some rea-son,the message needs to be encrypted again by the public key of another tester.This will lead to higher computational complexity.Hence,it is not flexible to authorize multiple testers.To resolve this problem,we propose a construction of PKEET supporting flexible designated authorization(PKEET-FDA).The user in our PKEET-FDA can adaptively authorize multiple testers to test his/her ci-phertexts and each authorized tester must use its secret key to perform equality test for the ciphertexts.More importantly,the user does not need to encrypt the message repeatedly any more.Under two types of adversaries,we prove the security of PKEET-FDA.In terms of storage requirement,our construction is superior to the related scheme.Compared with the related efficient PKEET schemes,PKEET-FDA satisfies high efficiency from the point of view of the user.And then,we propose a revocable public key encryption with equality test scheme.After acquiring the test right of the user,the tester in PKEET can test the authorized ciphertexts of the user at any time.Unfortunately,if the user no longer requires the tester to test ciphertexts,he/she cannot revoke his/her authorization for the tester.Thus,the user has to update his/her authorized ci-phertexts.In other words,the corresponding message needs to be encrypted again.However,this method may cause a large number of calculations.To solve this problem,we propose the notion and construction of revocable pub-lic key encryption with equality test(R-PKEET).Based on the time slot,when the user wants to revoke the test right of the tester,he/she only needs to update partial ciphertexts.Compared with the schemes of updating all the ciphertexts,R-PKEET requires fewer computations to revoke authorization for the tester.Hence,R-PKEET achieves a lightweight revocation.Also,with the help of the random oracle model,we prove the security of R-PKEET.Finally,we propose a PKEET scheme with lower ciphertext size.The ciphertext size in current research is generally larger.In this case,if the number of ciphertext in these schemes is large,it will cause transport overhead for the channel.In addition,it can also bring a storage burden for the server.Therefore,we propose a lightweight PKEET scheme.To reduce the size of the ciphertext,the proposed scheme reduces the generation of random number and the use of more ciphertext in decryption.The user can decrypt the message with less steps in our scheme.Base on PKEET-FA,our proposed scheme also achieves these authorizations.Compared with related schemes supporting four types of authorizations,the efficiency of our algorithms is more efficient.The security of the proposed scheme is proved under Type-I adversary and Type-II adversary. |