Suppose [c.sub.1]([m.sub.1]) and [c.sub.2]([m.sub.2]) be ciphertexts
of plaintexts [m.sub.1] and [m.sub.2].
Homomorphic encryption (HE) is public-key encryption that enables us to perform an arithmetic or logical operation on ciphertexts
without decrypting it.
infeasible to determine whether a ciphertext
is an encryption of
c) IDERMKS algorithm: This is a probabilistic algorithm which takes a public key of the data owner, a set of keywords in a document and system parameters as input and then output IDERMKS ciphertext
which is the searchable index I.
A pair of correct and faulty ciphertexts
([C.sub.m], [C'.sub.m]) is required to be collected for the same plaintext [P.sub.m].
discusses about Proxy re-encryption (PRE) which employs a proxy with a re-encryption key for decryption of ciphertext
encrypted by user's public key into those that can be decrypted by user's private key.
For example, there could be homomorphic blind decryption schemes for which certain operations could be permitted on the ciphertexts
. Note also that the encryptor inherently possesses more information about m than an outsider, since m is dependent on [m.sub.1], [m.sub.2], ..., [m.sub.L].
Sahai and Waters  proposed the first ABE scheme, in which ciphertext
is encrypted and associated with a set [alpha] of attributes.
(i) Isolated smart grid device: when the reader needs to read the metering data [m.sub.i] for the ith time in a long term, the isolated smart grid device chooses [r.sub.i] [member of] [Z.sup.*.sub.N] randomly and computes a ciphertext
[mathematical expression not reproducible].
In addition, we assume the known ciphertext
model  where the server (adversary) can read the encrypted data and the encrypted keywords but does not know statistical information about the related plaintext data/keywords (note that the statistical distribution of plaintext data/keywords is different from that of conventional data/keywords).
Next, Boyen and Waters  proposed an anonymous IBE scheme to guarantee receiver's privacy, where the ciphertext
does not leak the identity of the recipient.
This can make it possible to aggregate ciphertexts
which are encrypted under distinct public keys.
In an FIBE scheme, ciphertexts
are labeled with a set of attributes [omega] and a user's secret key is associated with both a threshold parameter d and another set of attributes [omega]'.
This general scheme is simple to implement but inefficient as the number of encryption operations and the size of ciphertexts
both of which are linear with the number of users.