Showing papers on "Proxy re-encryption published in 2006"

Attribute-based encryption for fine-grained access control of encrypted data

Abstract: As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).

Improved proxy re-encryption schemes with applications to secure distributed storage

Abstract: In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic proxy re-encryption, in which a semitrusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure re-encryption will become increasingly popular as a method for managing encrypted file systems. Although efficiently computable, the wide-spread adoption of BBS re-encryption has been hindered by considerable security risks. Following recent work of Dodis and Ivan, we present new re-encryption schemes that realize a stronger notion of security and demonstrate the usefulness of proxy re-encryption as a method of adding access control to a secure file system. Performance measurements of our experimental file system demonstrate that proxy re-encryption can work effectively in practice.

Unidirectional proxy re-encryption

Abstract: A method for performing unidirectional proxy re-encryption includes generating a first key pair comprising a public key (pk) and a secret key (sk) and generating a re-encryption key that changes encryptions under a first public key pk a into encryptions under a second public key pk b as rk A→B . The method further includes performing one of the group consisting of encrypting a message m under public key pk a producing a ciphertext c a , re-encrypting a ciphertext c a using the re-encryption key rk A→B that changes ciphertexts under pk a into ciphertexts under pk b to produce a ciphertext c b under pk b , and decrypting a ciphertext c a under pk a to recover a message m. The method also includes encrypting a message m under a public key pk producing a first-level ciphertext c 1 that cannot be re-encrypted, and decrypting a first-level ciphertext c 1 using secret key sk.

Identity-Based Proxy Re-encryption.

Abstract: In a proxy re-encryption scheme a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. A number of solutions have been proposed in the public-key setting. In this paper, we address the problem of Identity-Based proxy re-encryption, where ciphertexts are transformed from one identity to another. Our schemes are compatible with current IBE deployments and do not require any extra work from the IBE trusted-party key generator. In addition, they are non-interactive and one of them permits multiple re-encryptions. Their security is based on a standard assumption (DBDH) in the random oracle model.