Authorized and Verifiable Searchable Encryption Based on Public Key Equality Test for Cloud Storage
Pith reviewed 2026-06-27 21:56 UTC · model grok-4.3
The pith
AVPKEET enables non-transferable authorized verifiable PKEET without trusted third parties.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
AVPKEET achieves authorized and verifiable equality tests on ciphertexts by enabling non-transferable and non-replayable authorization of specific files without trusted third parties, while AVSE extends this to searchable encryption with one-time tokens bound to users and nonces, batch processing, and fine-grained access levels, all proven secure under standard assumptions with a token size of 168 bytes.
What carries the argument
The AVPKEET scheme, which uses authorization tokens bound to users and nonces to restrict equality tests on ciphertexts while supporting public verification of those tokens.
If this is right
- Specific ciphertext files can be authorized for search without allowing token reuse across users or sessions.
- Public verification of authorizations becomes possible without relying on a trusted third party.
- Fine-grained access levels enable precise control over which files are searchable by which users.
- Batch operations support efficient handling of multiple search requests in cloud deployments.
- The 168-byte token size reduces communication overhead compared to prior schemes while adding the new features.
Where Pith is reading between the lines
- The token binding approach could be adapted to other equality-test applications such as secure deduplication or data sharing protocols.
- If the non-replayability holds under real network conditions, it may reduce the need for additional session management layers in cloud systems.
- The public verifiability feature opens the possibility of third-party auditing of search authorizations in multi-tenant environments.
- Implementation in a prototype cloud storage system could test whether the reported overhead remains acceptable at scale with concurrent users.
Load-bearing premise
Authorization tokens bound only to users and nonces remain non-transferable and non-replayable in practice, and the security model fully captures real-world cloud storage threats without additional trusted setup.
What would settle it
An adversary successfully transfers or replays an authorization token to perform an unauthorized equality test on a ciphertext file, or breaks the OW-CCA2 security of the scheme in the defined model.
Figures
read the original abstract
Cloud storage revolutionizes data management but raises conflicts between functionality and privacy. Public Key Encryption with Equality Test (PKEET), an advanced cryptographic technique, can enable multi-user searchable encryption (SE) through cross-key ciphertext comparison without shared keys. However, existing PKEET-based SE schemes lack ciphertext-file-level authorization, public verifiability, or SE-level support. This paper first proposes a novel PKEET scheme, AVPKEET (Authorized and Verifiable PKEET). It enables non-transferable and non-replayable authorization of ciphertext files, while supporting public verifiability, all without the need for trusted third parties. Then we propose an AVPKEET-based SE scheme, denoted as AVSE (Authorized and Verifiable SE), featuring one-time non-transferable tokens bound to users and nonces, batch operations, and fine-grained access control (ALL, PARTIAL, SINGLE). We prove OW-CCA2 security, token unforgeability, and verification soundness under standard assumptions. Experiment results demonstrate that AVSE achieves the most compact token size (168 bytes) while uniquely providing both ciphertext-file-level authorization and public verification, with acceptable overhead for cloud storage deployment.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper proposes AVPKEET, a novel PKEET scheme enabling non-transferable and non-replayable ciphertext-file-level authorization with public verifiability and no trusted third party, and AVSE, an AVPKEET-based searchable encryption scheme supporting one-time tokens bound to users and nonces, batch operations, and fine-grained access control (ALL, PARTIAL, SINGLE). It claims OW-CCA2 security, token unforgeability, and verification soundness under standard assumptions, with experiments showing the most compact token size (168 bytes) and acceptable overhead.
Significance. If the security definitions and proofs hold, the work provides a distinctive combination of features—ciphertext-file-level authorization, public verification, and compact one-time tokens—absent from prior PKEET-based SE schemes, offering a practical advance for privacy-preserving cloud storage with fine-grained control.
major comments (2)
- [Abstract, §3] Abstract and §3 (token generation): tokens are explicitly described as 'one-time non-transferable tokens bound to users and nonces.' The token unforgeability definition and game must be checked to determine whether it includes a cross-file replay attack (adversary obtains token for file A under user U and attempts use on challenge file B); without explicit binding to a ciphertext or file identifier in the token, the ciphertext-file-level authorization claim is at risk.
- [§4] §4 (security model): the OW-CCA2 and token unforgeability games are asserted under standard assumptions, but the model for non-replayability must be verified against the skeptic concern that nonce+user binding alone permits transfer to a different file; if the game does not model this, the proof does not establish the central authorization property.
minor comments (2)
- [Experimental results] Table comparing token sizes should explicitly list the 168-byte figure against prior schemes with the same security level for direct comparison.
- [§3] Notation for batch operations and access control levels (ALL/PARTIAL/SINGLE) should be defined at first use with a small example.
Simulated Author's Rebuttal
We thank the referee for the careful review and for identifying potential gaps in how the security model captures non-replayability across files. We address each major comment below and commit to revisions that strengthen the ciphertext-file-level authorization claims.
read point-by-point responses
-
Referee: [Abstract, §3] Abstract and §3 (token generation): tokens are explicitly described as 'one-time non-transferable tokens bound to users and nonces.' The token unforgeability definition and game must be checked to determine whether it includes a cross-file replay attack (adversary obtains token for file A under user U and attempts use on challenge file B); without explicit binding to a ciphertext or file identifier in the token, the ciphertext-file-level authorization claim is at risk.
Authors: The referee is correct that the current description in the abstract and §3 binds tokens only to users and nonces. The manuscript does not explicitly include a file or ciphertext identifier in the token, which means the unforgeability game as written does not model cross-file replay. To support the claimed ciphertext-file-level authorization, the token generation must incorporate a file identifier and the security game must be updated to capture an adversary attempting to replay a token on a different file. We will revise §3 to add the file identifier to token generation and update the token unforgeability definition and game in the next version. revision: yes
-
Referee: [§4] §4 (security model): the OW-CCA2 and token unforgeability games are asserted under standard assumptions, but the model for non-replayability must be verified against the skeptic concern that nonce+user binding alone permits transfer to a different file; if the game does not model this, the proof does not establish the central authorization property.
Authors: We agree that the existing games in §4 do not explicitly include a cross-file replay query. Without this, the proofs cannot rigorously establish non-replayability at the ciphertext-file level. We will extend both the OW-CCA2 and token unforgeability games to allow the adversary to obtain tokens for one file and attempt to use them on a different challenge file, and we will update the corresponding proofs. These changes will be made in the revised manuscript. revision: yes
Circularity Check
No circularity: security proofs rely on standard assumptions independent of the construction
full rationale
The paper presents a new PKEET-based SE scheme (AVSE) with claimed properties including non-transferable tokens, public verifiability, and fine-grained access control. It states that security (OW-CCA2, token unforgeability, verification soundness) is proved under standard assumptions. No equations, parameter fittings, or self-citations are shown in the provided text that would reduce any central claim to a definition or prior self-result by construction. The authorization and verification properties are defined and proved separately from the token generation mechanism, with no renaming of known results or ansatz smuggling indicated. This is a standard cryptographic construction paper whose claims rest on external hardness assumptions rather than self-referential inputs.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption OW-CCA2 security, token unforgeability, and verification soundness hold under standard assumptions
Reference graph
Works this paper leans on
-
[1]
Muses: Efficient multi- user searchable encrypted database,
T. Le, R. Behnia, J. Guajardo, and T. Hoang, “Muses: Efficient multi- user searchable encrypted database,”Conference of USENIX Security Symposium, 2024
2024
-
[2]
Multi-client boolean file retrieval with adaptable authorization switching for secure cloud search services,
K. Zhang, X. Wang, J. Ning, M. Wen, and R. Lu, “Multi-client boolean file retrieval with adaptable authorization switching for secure cloud search services,”IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 6, pp. 4621–4636, 2022
2022
-
[3]
Rose: Robust searchable encryption with forward and backward security,
P. Xu, W. Susilo, W. Wang, T. Chen, Q. Wu, K. Liang, and H. Jin, “Rose: Robust searchable encryption with forward and backward security,” IEEE transactions on information forensics and security, vol. 17, pp. 1115–1130, 2022
2022
-
[4]
Pcse: Privacy-preserving collaborative searchable encryption for group data sharing in cloud computing,
Y . Xu, H. Cheng, X. Liu, C. Jiang, X. Zhang, and M. Wang, “Pcse: Privacy-preserving collaborative searchable encryption for group data sharing in cloud computing,”IEEE Transactions on Mobile Computing, vol. 24, no. 5, pp. 4558–4572, 2025
2025
-
[5]
Dynamic searchable symmetric encryption with efficient and complete access control for multi-user cloud computing,
L. Yang, Y . Yang, D. Niyato, Z. Li, W. Xia, and L. Sun, “Dynamic searchable symmetric encryption with efficient and complete access control for multi-user cloud computing,”IEEE Transactions on Mobile Computing, 2025
2025
-
[6]
Verifiable searchable symmetric encryption over additive homomorphism,
L. Ji, J. Li, Y . Zhang, and Y . Lu, “Verifiable searchable symmetric encryption over additive homomorphism,”IEEE Transactions on Infor- mation Forensics and Security, vol. 20, pp. 1320–1332, 2025
2025
-
[7]
Response-hiding and volume-hiding verifiable searchable encryption with conjunctive key- word search,
J. Li, L. Ji, Y . Zhang, Y . Lu, and J. Ning, “Response-hiding and volume-hiding verifiable searchable encryption with conjunctive key- word search,”IEEE Transactions on Computers, vol. 74, no. 2, pp. 455–467, 2024
2024
-
[8]
Bpvse: Publicly verifiable searchable encryption for cloud-assisted electronic health records,
B. Chen, T. Xiang, D. He, H. Li, and K.-K. R. Choo, “Bpvse: Publicly verifiable searchable encryption for cloud-assisted electronic health records,”IEEE Transactions on Information Forensics and Security, vol. 18, pp. 3171–3184, 2023
2023
-
[9]
Secure data integrity check based on verified public key encryption with equality test for multi-cloud storage,
W. Li, W. Susilo, C. Xia, L. Huang, F. Guo, and T. Wang, “Secure data integrity check based on verified public key encryption with equality test for multi-cloud storage,”IEEE transactions on dependable and secure computing, vol. 21, no. 6, pp. 5359–5373, 2024
2024
-
[10]
Cloud storage auditing and data sharing with data deduplication and private information protection for cloud- based emr,
J. Yu, W. Shen, and x. Zhang, “Cloud storage auditing and data sharing with data deduplication and private information protection for cloud- based emr,”Computer Security, vol. 144, p. 103932, 2024
2024
-
[11]
Efficient public key encryption with equality test supporting flexible authorization,
S. Ma, Q. Huang, M. Zhang, and B. Yang, “Efficient public key encryption with equality test supporting flexible authorization,”IEEE Transactions on Information Forensics and Security, vol. 10, no. 3, pp. 458–470, 2014
2014
-
[12]
Probabilistic public key encryption with equality test,
G. Yang, C. H. Tan, Q. Huang, and D. S. Wong, “Probabilistic public key encryption with equality test,” inCryptographers’ track at the RSA conference. Springer, 2010, pp. 119–131
2010
-
[13]
Towards public key encryption scheme supporting equality test with fine-grained authorization,
Q. Tang, “Towards public key encryption scheme supporting equality test with fine-grained authorization,” inAustralasian conference on information security and privacy. Springer, 2011, pp. 389–406. JOURNAL OF LATEX CLASS FILES, VOL. 14, NO. 8, AUGUST 2021 15
2011
-
[14]
Authorized equality test of encrypted data for secure cloud databases,
S. Ma, “Authorized equality test of encrypted data for secure cloud databases,” in2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (Trust- Com/BigDataSE). IEEE, 2018, pp. 223–230
2018
-
[15]
Tightly secure public key encryption with equality test in setting with adaptive corruptions,
Y . Ling, “Tightly secure public key encryption with equality test in setting with adaptive corruptions,”IEEE Access, vol. 12, pp. 115 268– 115 276, 2024
2024
-
[16]
Public-key encryption with tester verifiable equality test for cloud computing,
Z. Zhao, W. Susilo, B. Wang, and K. Zeng, “Public-key encryption with tester verifiable equality test for cloud computing,”IEEE Transactions on Cloud Computing, vol. 11, no. 4, pp. 3396–3406, 2023
2023
-
[17]
Tightly secure public- key encryption with equality test supporting flexible authorization in the standard model,
Y .-F. Tseng, Y .-J. Lu, T.-L. Tsai, and Z.-Y . Liu, “Tightly secure public- key encryption with equality test supporting flexible authorization in the standard model,”Cryptology ePrint Archive, 2025
2025
-
[18]
New rsa- based public key encryption with authorized equality test,
C. Park, S. Choi, Y . Son, J. Paek, S. Cho, and H. T. Lee, “New rsa- based public key encryption with authorized equality test,” in2024 International Conference on Information Networking (ICOIN). IEEE, 2024, pp. 299–304
2024
-
[19]
Lattice-based public-key encryption with equality test supporting flexible authorization in standard model,
P. S. Roy, D. H. Duong, W. Susilo, A. Sipasseuth, K. Fukushima, and S. Kiyomoto, “Lattice-based public-key encryption with equality test supporting flexible authorization in standard model,”Theoretical Computer Science, vol. 929, pp. 124–139, 2022
2022
-
[20]
Efficient public key encryption with outsourced equality test for cloud-based iot environments,
S. Ma, Y . Zhong, and Q. Huang, “Efficient public key encryption with outsourced equality test for cloud-based iot environments,”IEEE Transactions on Information Forensics and Security, vol. 17, pp. 3758– 3772, 2022
2022
-
[21]
Lightweight searchable and equality-testable certificateless authenticated encryption for encrypted cloud data,
J. Tian, Y . Lu, and J. Li, “Lightweight searchable and equality-testable certificateless authenticated encryption for encrypted cloud data,”IEEE Transactions on Mobile Computing, vol. 23, no. 8, pp. 8431–8446, 2024
2024
-
[22]
Pattern hiding and authorized searchable encryption for data sharing in cloud storage,
K. Zhang, B. Hu, J. Ning, J. Gong, and H. Qian, “Pattern hiding and authorized searchable encryption for data sharing in cloud storage,” IEEE Transactions on Knowledge and Data Engineering, vol. 37, no. 5, pp. 2802–2815, 2025
2025
-
[23]
Ksf-oabe: Outsourced attribute- based encryption with keyword search function for cloud storage,
J. Li, X. Lin, Y . Zhang, and J. Han, “Ksf-oabe: Outsourced attribute- based encryption with keyword search function for cloud storage,”IEEE Transactions on Services Computing, vol. 10, no. 5, pp. 715–725, 2016
2016
-
[24]
Attribute-based searchable encryption with delegated equality test in cloud-assisted internet of things,
Y . Hu, S. Niu, and H. Shao, “Attribute-based searchable encryption with delegated equality test in cloud-assisted internet of things,” in 2022 3rd International Conference on Electronics, Communications and Information Technology (CECIT). IEEE, 2022, pp. 328–333
2022
-
[25]
Attribute-based data sharing scheme with flexible search functionality for cloud-assisted autonomous transportation system,
H. Xiong, H. Wang, W. Meng, and K.-H. Yeh, “Attribute-based data sharing scheme with flexible search functionality for cloud-assisted autonomous transportation system,”IEEE Transactions on Industrial Informatics, vol. 19, no. 11, pp. 10 977–10 986, 2023
2023
-
[26]
Multi-receiver data authorization with data search for data sharing in cloud-assisted iov,
W. Li, “Multi-receiver data authorization with data search for data sharing in cloud-assisted iov,”IEEE Transactions on Intelligent Trans- portation Systems, vol. 25, no. 5, pp. 4233–4250, 2024
2024
-
[27]
Fine-grained access control with privacy- preserving data retrieval for cloud-assisted iov,
W. Li, C. Xia, S. Yang, K. Wang, G. Huang, L. Huang, F. Guo, W. Susilo, and T. Wang, “Fine-grained access control with privacy- preserving data retrieval for cloud-assisted iov,”IEEE Transactions on Vehicular Technology, 2025
2025
-
[28]
Bldss: A blockchain- based lightweight searchable data sharing scheme in vehicular social networks,
Y . Zhou, Z. Cao, X. Dong, and J. Zhou, “Bldss: A blockchain- based lightweight searchable data sharing scheme in vehicular social networks,”IEEE Internet of Things Journal, vol. 10, no. 9, pp. 7974– 7992, 2022
2022
-
[29]
Identity-based encryption from the weil pairing,
D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,”SIAM journal on computing, vol. 32, no. 3, pp. 586–615, 2003
2003
-
[30]
Secure identity based encryption without ran- dom oracles,
D. Boneh and X. Boyen, “Secure identity based encryption without ran- dom oracles,” inAnnual International Cryptology Conference. Springer, 2004, pp. 443–459
2004
-
[31]
The one-more-rsa- inversion problems and the security of chaum’s blind signature scheme,
Bellare, Namprempre, Pointcheval, and Semanko, “The one-more-rsa- inversion problems and the security of chaum’s blind signature scheme,” Journal of Cryptology, vol. 16, no. 3, pp. 185–215, 2003
2003
-
[32]
Search pattern leakage in searchable encryption: Attacks and new construction,
C. Liu, L. Zhu, M. Wang, and Y .-a. Tan, “Search pattern leakage in searchable encryption: Attacks and new construction,”Information Sciences, vol. 265, pp. 176–188, 2014
2014
-
[33]
Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption,
S. Oya and F. Kerschbaum, “Hiding the access pattern is not enough: Exploiting search pattern leakage in searchable encryption,” in30th USENIX security symposium (USENIX Security 21), 2021, pp. 127–142
2021
-
[34]
Path oram: an extremely simple oblivious ram protocol,
E. Stefanov, M. Van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas, “Path oram: an extremely simple oblivious ram protocol,” inProceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp. 299–310
2013
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.