Public key encryption with equality test (PKEET), proposed by Yang et al. (CT-RSA 2010), is a variant of public key encryption that enables an equality test to determine whether two ciphertexts correspond to the same plaintext. This test applies not only for ciphertexts generated under the same encryption key but also for those generated under different encryption keys. To date, several generic constructions of PKEET have been proposed. However, these generic constructions have the drawback of reliance on the random oracle model or a (hierarchical) identity-based encryption scheme. In this paper, we propose a generic construction of a PKEET scheme based on tag-based encryption without the random oracle model. Tag-based encryption is a weaker primitive than identity-based encryption. Our scheme allows to derive new PKEET schemes without the random oracle model. By instantiating our construction with the pairing-free tag-based encryption scheme by Kiltz (TCC 2006), we obtain a pairing-free PKEET scheme without the random oracle model. Moreover, by instantiating our construction with a tag-based encryption scheme based on the learning parity with noise (LPN) assumption, we obtain a PKEET scheme based on the LPN assumption without the random oracle model.

翻译：带等式测试的公钥加密（PKEET）由 Yang 等人于 2010 年在 CT-RSA 会议上提出，是公钥加密的一种变体，它允许通过等式测试来判断两个密文是否对应相同的明文。该测试不仅适用于同一加密密钥生成的密文，也适用于不同加密密钥生成的密文。迄今为止，已有多种 PKEET 的通用构造被提出。然而，这些通用构造存在依赖随机预言机模型或（分层）基于身份的加密方案的缺陷。本文提出了一种基于标签加密的 PKEET 方案通用构造，该构造无需依赖随机预言机模型。标签加密是一种比基于身份的加密更弱的密码原语。我们的方案使得无需随机预言机模型即可派生出新的 PKEET 方案。通过采用 Kiltz 在 2006 年 TCC 会议上提出的无配对标签加密方案实例化我们的构造，我们得到了一个无需随机预言机模型且无需配对运算的 PKEET 方案。此外，通过采用基于学习奇偶噪声（LPN）假设的标签加密方案实例化我们的构造，我们得到了一个基于 LPN 假设且无需随机预言机模型的 PKEET 方案。