This work addresses the limitations of existing public-key encryption with equality test (PKEET)-based searchable encryption schemes, which struggle to simultaneously support ciphertext-level authorization, public verifiability, and fine-grained search. The authors propose AVPKEET and its application AVSE, the first framework to unify ciphertext file-level authorization and public verifiability. It employs one-time, non-transferable, replay-resistant non-interactive tokens that bind users to random values, enabling three-tier fine-grained access control—ALL, PARTIAL, and SINGLE—as well as batch operations. Under standard hardness assumptions, the scheme is formally proven secure in terms of OW-CCA2 confidentiality, token unforgeability, and verification soundness. Each token is only 168 bytes, and experimental results demonstrate practical deployment overhead in cloud environments.

Cloud storage revolutionizes data management but raises conflicts between functionality and privacy. Public Key Encryption with Equality Test (PKEET), an advanced cryptographic technique, can enable multi-user searchable encryption (SE) through cross-key ciphertext comparison without shared keys. However, existing PKEET-based SE schemes lack ciphertext-file-level authorization, public verifiability, or SE-level support. This paper first proposes a novel PKEET scheme, AVPKEET (Authorized and Verifiable PKEET). It enables non-transferable and non-replayable authorization of ciphertext files, while supporting public verifiability, all without the need for trusted third parties. Then we propose an AVPKEET-based SE scheme, denoted as AVSE (Authorized and Verifiable SE), featuring one-time non-transferable tokens bound to users and nonces, batch operations, and fine-grained access control (ALL, PARTIAL, SINGLE). We prove OW-CCA2 security, token unforgeability, and verification soundness under standard assumptions. Experiment results demonstrate that AVSE achieves the most compact token size (168 bytes) while uniquely providing both ciphertext-file-level authorization and public verification, with acceptable overhead for cloud storage deployment.