Research On Identity-based Cryptosystem With Equality Test And Its Application

Ensuring data confidentiality and availability is an important issue in modern society.Public key infrastructure(PKI)is an effective approach to solve the above problems.However,the standard public key encryption methods may make it difficult to retrieve data that is stored in cloud servers,and reduce the availability of data.As a special variant of PKI,public key encryption with equality test(PKE-ET)allows semi-trusted servers to perform equality test on ciphertexts generated with the same or different public keys without decryption.This primitive can solve the problem of ciphertext retrieval efficiently.While most of the PKE-ET schemes are constructed based on PKI,there exists acertificate management problem.Secondly,the existing PKE-ET schemes are not applicable to versatile scenarios.In addition,the proposed schemes have not fully considered the risk of key compromise.In the light of the above problems,this thesis performs in-depth research and summary of the existing PKE-ET schemes,and completes the following work:This thesis has proposed an identity-based deniable authenticated encryption with equality test scheme.The above scheme is constructed by using the identity-based cryptosystem(IBC),which is able to improve the performance and avoid the inherent certificate management problem in PKI.And this scheme utilizes a deniable authentication technique to ensure that the receiver can verify the identity of the sender,but cannot disclose the identity of the sender to a third party,thus protecting the identity of the sender from being made known to the public.This scheme technically guarantees the capability of users to vote independently in electronic voting and ensures that the audit institution has access rights in the logical structure.Auditors do not obtain any other information about the ballots while auditing the results of the ballots.In this thesis,the security proof of the scheme is reduced to the BDH problem,and the security of this scheme is strictly proved.Furthermore,the efficiency of this proposed scheme is verified by specific experiments.By combining the idea of key insulation and PKE-ET scheme,this thesis has proposed an identity-based key-insulated encryption with equality test scheme.The above scheme inherits the advantages of the IBC and solves the certificate management problem.In this scheme,the system life cycle is divided into multiple discrete time slices and the private key of the user is divided into an identity key corresponding to the user identity information and a time-slice key corresponding to the time slice.Both the functionality of forward security and backward security are achieved by periodically updating the user's time-slice key with the help of a physically secure hardware helper.At the same time,this scheme also allows a third-party server to perform an equality test on the ciphertext,thereby realizing the functionalities of key insulation and ciphertext retrieval simultaneously.The detailed theoretical analysis and experimental simulations are provided through rigorous security proofs in this thesis,and it proves that the security and efficiency of this scheme is applicable to a cloud-assisted IoT environment.