Yi-Jun He

TL;DR: SPICE is presented, which aims to be the first digital identity management system that can satisfy unlinkability, delegatable authentication, and other desirable properties of the cloud platform.

TL;DR: The first leakage-resilient CL-PKE is given, giving a concrete construction in the composite order bilinear group and proving the security of the scheme in the standard model, overcoming some technical difficulties in the security proofs for both Type I and Type II attackers.

Abstract: A proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. With the help of the proxy, Alice can delegate the decryption right to any delegatee. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate re-encryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the non-transferable property. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. Further, we find that the new scheme satisfies requirements of data dissemination control which seeks to control information and digital objects even after they have been delivered to a legitimate recipient. We explore the potential of adopting our new scheme to achieve data dissemination control and implement a non-transferable re-encryption based encrypted PC/USB file system. Performance measurements of our scheme demonstrate that nontransferable re-encryption is practical and efficient. Yi-Jun He, Tat Wing Chim, Lucas Chi Kwong Hui, Siu-Ming Yiu Department of Computer Science, The University of Hong Kong Tel.: +852-28578440 Fax: +852-25598447 E-mail: {yjhe, twchim, hui, smyiu}@cs.hku.hk

TL;DR: This paper proposes the first non-transferable proxy re-encryption scheme which successfully achieves the nontransferable property and shows that the new scheme solved the PKG despotism problem and key escrow problem as well.

TL;DR: A novel DRM infrastructure which is based on a non-transferable re-encryption scheme to solve the above problem inherent in existing DRM infrastructures and allows content providers to trace the content, and control the content sharing rights.