In this paper, we demonstrate that their scheme does not achieve the claimed security requirement by presenting an attack. Our attack algorithm is very simple: It requires only a pair of message and ciphertext, and takes one exponentiation and two bilinear map evaluations. Subsequently, we present a modification of their IBEET construction and show that it satisfies their security notion under the BDH assumption and the existence of strong pseudorandom permutation and existentially unforgeable message authentication code in the random oracle model. We remark that our modification has better efficiency than the original construction.
Category / Keywords: identity-based encryption with equality test, insider attacks, chosen ciphertext attacks, modification Original Publication (with major differences): ACISP 2018 Date: received 21 Apr 2018 Contact author: hyungtaelee at chonbuk ac kr Available format(s): PDF | BibTeX Citation Version: 20180424:152940 (All versions of this report) Short URL: ia.cr/2018/369