Insecurity of Forward Secure Equality Test for Secure Data Sharing in Healthcare Systems

Recently, a forward secure identity-based encryption with equality test (FS-IBEET) scheme was proposed for secure data sharing in healthcare systems and was claimed to achieve indistinguishability against adaptive chosen-identity and chosen-ciphertext attacks (IND-ID-CCA). In this letter, we show that the proposed scheme fails to provide the claimed IND-ID-CCA security. We present a practical chosen-ciphertext attack that exploits a structural design flaw. In particular, achieving IND-ID-CCA security appears infeasible under the current framework, where the ciphertext publicly reveals the time slot in conjunction with the 0/1-encodings. This vulnerability is critical, as it fundamentally compromises the confidentiality guarantees essential to healthcare IoT environments, potentially leading to the corruption or leakage of patient records.