Cryptanalysis and Modification of Yang et al.’s Certificateless Multi-User Matchmaking Encryption Scheme

Matchmaking encryption, which is a cryptographic primitive that enables two-sided access control for both senders and receivers, has attracted significant attention from cryptography community due to its broad range of applications. Recently, Yang et al. proposed a certificateless multi-user matchmaking encryption scheme that was claimed to achieve IND-CCA2 security (IEEE Transactions on Information Forensics and Security, 2024). In this paper, we propose a plaintext recovery attack against their scheme under an adaptive chosen ciphertext attack model. We further identify critical flaws in both the scheme’s design and its accompanying security proof. To address these issues, we propose a revised construction that mitigates the identified vulnerabilities and restores the intended security guarantees. Our modification incurs only minimal overhead; hence, the computational and communication efficiency of the modified scheme remains almost equivalent to that of the original design.