A General Two-Server Framework for Ciphertext-Checkable Encryption Against Offline Message Recovery Attack

In CT-RSA 2010, Yang et al. proposed a notion of public key encryption with equality test (PKEET), which allows a tester to check whether two ciphertexts encrypted under different public keys as well as the same public key contain the same message. Then various PKEET schemes are proposed to enforce authorization mechanisms for users to specify who can perform equality test on their ciphertexts. However, it is still an open problem for PKEET to resist offline message recovery attack until now. In this paper, we introduce a general two-server framework for ciphertext-checkable encryption scheme to withstand offline message recovery attack. Furthermore, it has a nice property of flexible authorization and supports checking two types of equations on the ciphertexts of Mi and Mj under different public keys as well as the same public key: aM(i) = bM(j) and M-i(a) = M-j(b), where a and b are integers.