Identity-based encryption with outsourced equality test in cloud computing

•It is the first time to integrate identity-based encryption into public key encryption with equality test.•It extends identity-based encryption with keyword search to yield a general function: equality test.•It is proven to be one-way chosen-ciphertext security against a chosen identity attack as a desirable security.•Unlike PEKS or IBEKS, it can be used alone since it contains decryption algorithm besides encryption algorithm.

We firstly combine the concepts of public key encryption with equality test (PKEET) and identity-based encryption (IBE) to obtain identity-based encryption with equality test (IBEET). Inheriting the advantage of IBE, IBEET can simplify the certificate management of PKEET with all messages encrypted with the receiver’s public identity. In the IBEET scheme, the receiver computes a trapdoor using the secret value for the identity and then sends it to a cloud server for equality test on its ciphertexts with others’ ciphertexts. Using this primitive someone with the trapdoor for its identity can delegate out the capability of equality test on its ciphertexts without requiring a central authority to act as a delegator. So it is very suitable for the client with minimal computation resource, e.g, mobile phone. Furthermore, compared with PKEET, it has security improvement since not anyone can perform the test. Therefore, IBEET may have interesting applications in cloud computing, e.g., partition of encrypted emails. We define one-way chosen-ciphertext security against a chosen identity attack (OW-ID-CCA) and propose a construction in bilinear pairing. Finally, extensive security analysis and comparison with related works show that the proposed scheme is proven secure and useful.