### Security Analysis and Modification of ID-Based Encryption with Equality Test from ACISP 2017

Hyung Tae Lee, Huaxiong Wang, and Kai Zhang

##### Abstract

At ACISP 2017, Wu et al. presented an identity-based encryption with equality test (IBEET) that considers to prevent insider attacks. To analyze its security, they proposed a new security notion for IBEET, which is slightly weaker than the indistinguishability under adaptive identity and chosen ciphertext attacks (IND-ID-CCA2) for traditional identity-based encryption. Then, they claimed that their proposed scheme achieves this new security notion under the Bilinear Diffie-Hellman (BDH) assumption in the random oracle model. In this paper, we demonstrate that their scheme does not achieve the claimed security requirement by presenting an attack. Our attack algorithm is very simple: It requires only a pair of message and ciphertext, and takes one exponentiation and two bilinear map evaluations. Subsequently, we present a modification of their IBEET construction and show that it satisfies their security notion under the BDH assumption and the existence of strong pseudorandom permutation and existentially unforgeable message authentication code in the random oracle model. We remark that our modification has better efficiency than the original construction.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.ACISP 2018
Keywords
identity-based encryption with equality testinsider attackschosen ciphertext attacksmodification
Contact author(s)
hyungtaelee @ chonbuk ac kr
History
Short URL
https://ia.cr/2018/369

CC BY

BibTeX

@misc{cryptoeprint:2018/369,
author = {Hyung Tae Lee and Huaxiong Wang and Kai Zhang},
title = {Security Analysis and Modification of ID-Based Encryption with Equality Test from ACISP 2017},
howpublished = {Cryptology ePrint Archive, Paper 2018/369},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/369}},
url = {https://eprint.iacr.org/2018/369}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.