Plaintext-Checkable Encryption with Unlink-CCA Security in the Standard Model

Plaintext-Checkable Encryption (PCE) was first proposed by Canard et al. to check whether a ciphertext encrypts a given plaintext under the public key. This primitive is very useful in many applications, e.g., search on encrypted database and group signature with verifier-local revocation (GS-VLR). In the literature, existing PCE schemes only satisfies unlink notion that defines the adversary to get information about whether two challenge ciphertexts share the same plaintext or not, without given the challenge plaintexts. Using the tool of pairing-friendly smooth projective hash function (PF-SPHF), we propose the first PCE construction with the most desirable unlink-cca notion, which is stronger than unlink by additionally providing a decryption oracle. We prove it in the standard model based on the hard subset membership problem. Finally, by instantiating SPHF from DDH assumption, we obtain a PCE instantiation from SXDH assumption and show that it achieves not only the desired security but also efficient test computation complexity. Hence it will be very useful in practical applications.