Showing papers on "Proxy re-encryption published in 2014"
TL;DR: A time-based proxy re-encryption (TimePRE) scheme to allow a user's access right to expire automatically after a predetermined period of time, so that the data owner can be offline in the process of user revocations.
212 citations
06 Sep 2014
TL;DR: This paper proposes the first cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights and provides definite advantages in terms of communication and computation efficiency.
Abstract: Identity-based encryption (IBE) eliminates the necessity of having a costly certificate verification process. However, revocation remains as a daunting task in terms of ciphertext update and key update phases. In this paper, we provide an affirmative solution to solve the efficiency problem incurred by revocation. We propose the first cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights. No matter a user is revoked or not, at the end of a given time period the cloud acting as a proxy will re-encrypt all ciphertexts of the user under the current time period to the next time period. If the user is revoked in the forthcoming time period, he cannot decrypt the ciphertexts by using the expired private key anymore. Comparing to some naive solutions which require a private key generator (PKG) to interact with non-revoked users in each time period, the new scheme provides definite advantages in terms of communication and computation efficiency.
120 citations
Posted Content•
TL;DR: In this article, the authors proposed a cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights.
Abstract: Identity-based encryption (IBE) eliminates the necessity of having a costly certificate verification process. However, revocation remains as a daunting task in terms of ciphertext update and key update phases. In this paper, we provide an affirmative solution to solve the efficiency problem incurred by revocation. We propose the first cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights. No matter a user is revoked or not, at the end of a given time period the cloud acting as a proxy will re-encrypt all ciphertexts of the user under the current time period to the next time period. If the user is revoked in the forthcoming time period, he cannot decrypt the ciphertexts by using the expired private key anymore. Comparing to some naive solutions which require a private key generator (PKG) to interact with non-revoked users in each time period, the new scheme provides definite advantages in terms of communication and computation efficiency.
113 citations
TL;DR: This paper defines a general notion for proxy re-encryption (PRE), which it is called deterministic finite automata-based functional PRE (DFA-based FPRE), and proposes the first and concrete DFA- based FPRE system, which adapts to the new notion.
Abstract: In this paper, for the first time, we define a general notion for proxy re-encryption (PRE), which we call deterministic finite automata-based functional PRE (DFA-based FPRE). Meanwhile, we propose the first and concrete DFA-based FPRE system, which adapts to our new notion. In our scheme, a message is encrypted in a ciphertext associated with an arbitrary length index string, and a decryptor is legitimate if and only if a DFA associated with his/her secret key accepts the string. Furthermore, the above encryption is allowed to be transformed to another ciphertext associated with a new string by a semitrusted proxy to whom a re-encryption key is given. Nevertheless, the proxy cannot gain access to the underlying plaintext. This new primitive can increase the flexibility of users to delegate their decryption rights to others. We also prove it as fully chosen-ciphertext secure in the standard model.
109 citations
TL;DR: An incremental version of proxy re-encryption scheme for improving the file modification operation is proposed and shows significant improvement in results while performing file modification operations using limited processing capability of mobile devices.
Abstract: Due to the limited computational capability of mobile devices, the research organization and academia are working on computationally secure schemes that have capability for offloading the computational intensive data access operations on the cloud/trusted entity for execution. Most of the existing security schemes, such as proxy re-encryption, manager-based re-encryption, and cloud-based re-encryption, are based on El-Gamal cryptosystem for offloading the computational intensive data access operation on the cloud/trusted entity. However, the resource hungry pairing-based cryptographic operations, such as encryption and decryption, are executed using the limited computational power of mobile device. Similarly, if the data owner wants to modify the encrypted file uploaded on the cloud storage, after modification the data owner must encrypt and upload the entire file on the cloud storage without considering the altered portion(s) of the file. In this paper, we have proposed an incremental version of proxy re-encryption scheme for improving the file modification operation and compared with the original version of the proxy re-encryption scheme on the basis of turnaround time, energy consumption, CPU utilization, and memory consumption while executing the security operations on mobile device. The incremental version of proxy re-encryption scheme shows significant improvement in results while performing file modification operations using limited processing capability of mobile devices.
93 citations
26 Mar 2014
TL;DR: This work proposes a new unidirectional proxy re-encryption scheme based on the hardness of the LWE problem and extends a recent trapdoor definition for a lattice of Micciancio and Peikert.
Abstract: We propose a new unidirectional proxy re-encryption scheme based on the hardness of the LWE problem. Our construction is collusionsafe and does not require any trusted authority for the re-encryption key generation. We extend a recent trapdoor definition for a lattice of Micciancio and Peikert. Our proxy re-encryption scheme is provably CCA-1 secure in the selective model under the LWE assumption.
78 citations
TL;DR: This paper surveys two various access policy attribute-based proxy re-encryption schemes and analyzes these schemes and lists the comparisons of them by some criteria.
Abstract: Attribute-based proxy re-encryption (ABPRE) scheme is one of the proxy cryptography, which can delegate the re-encryption capability to the proxy and re-encrypt the encrypted data by using the re-encryption key. ABPRE ex-tending the traditional proxy cryptography and attributes plays an important role. In ABPRE, users are identified by attributes, and the access policy is designed to control the user's access. Using ABPRE can have these advantages: (i) The proxy can be delegated to execute the re-encryption operation, which reduces the computation overhead of the data owner;(ii) The authorized user just uses his own secret key to decrypt the encrypted data, and he doesn't need to store an additional decryption key for deciphering;(iii) The sensitive information cannot be revealed to the proxy in re-encryption, and the proxy only complies to the data owner's command. In this paper, we survey two various access policy attribute-based proxy re-encryption schemes and analyze these schemes. Thereafter, we list the comparisons of them by some criteria.
48 citations
TL;DR: An MH-IBPRE is proposed that maintains the (constant) ciphertext size and computational complexity regardless of the number of re-encryption hops and is proven secure against selective identity and chosen-ciphertext attacks and collusion resistant in the standard model.
43 citations
DOI•
01 Jan 2014
TL;DR: A new scheme for ciphertext-policy attribute-based encryption that allows outsourcing of computationally expensive encryption and decryption steps is proposed and is proven to be secure in the generic group model.
Abstract: In this paper we propose a new scheme for ciphertext-policy attribute-based encryption that allows outsourcing of computationally expensive encryption and decryption steps. The scheme constitutes an important building block for mobile applications where both the host and users use mobile devices with limited computational power. In the proposed scheme, during encryption the host involves a semi-trusted proxy to encrypt a partially encrypted (by the host) message according to an access policy provided by the host. The proxy is unable to learn the message from this partially encrypted text. A user can only decrypt the stored ciphertext if he possesses secret keys associated with a set of attributes that satisfies the associated policy. To reduce computational load in the decryption step, the user, in his turn, involves a semi-trusted proxy (e.g. a cloud) by deploying the scheme of Green et al. (2011). The cloud is given a transformation key that facilitates construction of an El Gamal-ciphertext from the original ciphertext if the user's attributes satisfy the ciphertext. This El Gamal-ciphertext can be then efficiently decrypted on the user's resource-constrained device. The resulting ABE scheme with encryption and decryption outsourcing is proven to be secure in the generic group model
32 citations
01 Sep 2014
TL;DR: This paper proposes an efficient C-PRE scheme, and proves its chosen-cipher text security under decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model, and has significant advantages in both computational and communicational than previous schemes.
Abstract: In a proxy re-encryption (PRE) scheme a semi-trusted proxy can convert a cipher text under Alice's public key into a cipher text for Bob. The proxy does not know the secret key of Alice or Bob, and also does not know the plaintext during the conversion. Conditional proxy re-encryption (C-PRE) can implement fine-grained delegation of decryption rights, and thus is more useful in many applications. In this paper, we propose an efficient C-PRE scheme, and prove its chosen-cipher text security under decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. Our scheme has significant advantages in both computational and communicational than previous schemes.
30 citations
TL;DR: A novel notion called attribute-based proxy re-encryption with keyword search is introduced, which introduces a promising feature: in addition to supporting keyword search on encrypted data, it enables data owners to delegate the keyword search capability to some other data users complying with the specific access control policy.
Abstract: Keyword search on encrypted data allows one to issue the search token and conduct search operations on encrypted data while still preserving keyword privacy. In the present paper, we consider the keyword search problem further and introduce a novel notion called attribute-based proxy re-encryption with keyword search (), which introduces a promising feature: In addition to supporting keyword search on encrypted data, it enables data owners to delegate the keyword search capability to some other data users complying with the specific access control policy. To be specific, allows (i) the data owner to outsource his encrypted data to the cloud and then ask the cloud to conduct keyword search on outsourced encrypted data with the given search token, and (ii) the data owner to delegate other data users keyword search capability in the fine-grained access control manner through allowing the cloud to re-encrypted stored encrypted data with a re-encrypted data (embedding with some form of access control policy). We formalize the syntax and security definitions for , and propose two concrete constructions for : key-policy and ciphertext-policy . In the nutshell, our constructions can be treated as the integration of technologies in the fields of attribute-based cryptography and proxy re-encryption cryptography.
09 Oct 2014
TL;DR: This application well implements the idea of cloud-enabled user revocation, offering an alternative yet more feasible solution to the user revocation issue when using attribute based encryption over cloud data.
Abstract: Conditional proxy re-encryption (CPRE) enables delegation of decryption rights, and is useful in many applications. In this paper, we present a ciphertext-policy attribute based CPRE scheme, together with a formalization of the primitive and its security proof. We further propose applying the scheme for fine-grained encryption of cloud data. This application well implements the idea of cloud-enabled user revocation, offering an alternative yet more feasible solution to the user revocation issue when using attribute based encryption over cloud data. Features of the application include little cost in case of user revocation, and high user-side efficiency when users access cloud data.
22 Oct 2014
TL;DR: The notion of the unforgeability of re-encryption keys is defined to capture the above attacks and a non-interactive CPA secure PRE scheme is presented, which is resistant to collusion attacks in forging re- Encryption keys.
Abstract: Proxy re-encryption PRE provides nice solutions to the delegation of decryption rights. In proxy re-encryption, the delegator Alice generates re-encryption keys for a semi-trusted proxy, with which the proxy can translate a ciphertext intended for Alice into a ciphertext for the delegatee Bob of the same plaintext. Existing PRE schemes have considered the security that the collusion attacks among the proxy and the delegatees cannot expose the delegator's secret key. But almost all the schemes, as far as we know, failed to provide the security that the proxy and the delegatees cannot collude to generate new re-encryption keys from the delegator to any other user who has not been authorized by the delegator. In this paper, we first define the notion of the unforgeability of re-encryption keys to capture the above attacks. Then, we present a non-interactive CPA secure PRE scheme, which is resistant to collusion attacks in forging re-encryption keys. Both the size of the ciphertext and the re-encryption key are constant. Finally, we extend the CPA construction to a CCA secure scheme.
TL;DR: This paper has costructed lattice based identity based unidirection PRE scheme using Micciancio and Peikert’s strong trapdoor for lattices which is simple, efficient and easy to implement than [3].
Abstract: At Eurocrypt 1998, Blaze, Bleumer and Strauss [8] presented a new primitive called Proxy Re-Encryption (PRE). PRE is a public key encryption which allows a semi trusted proxy to alter a ciphertext for Alice (delegator) into a ciphertext for Bob (delegatee) without knowing the message. To the best of our knowledge there does not exist any lattice based identity based unidirection PRE scheme. In this paper, we have costructed lattice based identity based unidirection PRE scheme. Our scheme is noninteractive. In this scheme, we have used Micciancio and Peikert’s strong trapdoor [16] for lattices which is simple, efficient and easy to implement than [3].
01 Apr 2014
TL;DR: This paper introduces a new CPRE called the outsourcing CPRE scheme (O-CPRE) which reduces the client overhead drastically and is much more suitable for secure big data sharing in cloud environment than the other existing schemes.
Abstract: Conditional PRE (CPRE) is a novel public key primitive which enables the group sharing of confidential data without revealing its plaintext or decryption key to outside the group member. Previously, several efforts are made to facilitate CPRE in group data sharing in cloud environment. The main drawback of the state-of-art CPRE schemes for this purpose is that whenever the group member changes, the originator of the data needs to download all of the existing data on the cloud, encrypt them again with a new condition value, and uploads them to the cloud. As a result, they are not suitable for secure big data sharing among group member in cloud environment. In this paper, we introduce a new CPRE called the outsourcing CPRE scheme (O-CPRE) which reduces the client overhead drastically. When the membership of the group changes, in O-CPRE, the originator only needs to select a new condition value and upload it to the cloud. In addition, O-CPRE will move a part of client overhead at the initial setup stage and at the decryption of each message from the client to the cloud. As a result, O-CPRE is much more suitable for secure big data sharing in cloud environment than the other existing schemes.
TL;DR: This paper proposes an efficient and anonymous data sharing protocol with flexible sharing style, named EFADS, for outsourcing data onto the cloud, and demonstrates that EFADS provides data confidentiality and data sharer's anonymity without requiring any fully-trusted party.
TL;DR: A certificateless PRE (CL-PRE) scheme without pairings is proposed that does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.
Abstract: In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption (PRE) as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE (CL-PRE) scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie-Hellman (CDH) problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.
TL;DR: By applying the FH-PRE system in cloud, data owners’ cloud data can be securely stored in cloud and shared in a fine-grained manner and it provides the secure data sharing between two heterogeneous cloud systems, which are equipped with different cryptographic primitives.
Abstract: Cloud is an emerging computing paradigm. It has drawn extensive attention from both academia and industry. But its security issues have been considered as a critical obstacle in its rapid development. When data owners store their data as plaintext in cloud, they lose the security of their cloud data due to the arbitrary accessibility, specially accessed by the un-trusted cloud. In order to protect the confidentiality of data owners’ cloud data, a promising idea is to encrypt data by data owners before storing them in cloud. However, the straightforward employment of the traditional encryption algorithms can not solve the problem well, since it is hard for data owners to manage their private keys, if they want to securely share their cloud data with others in a fine-grained manner. In this paper, we propose a fine-grained and heterogeneous proxy re-encryption (FH-PRE) system to protect the confidentiality of data owners’ cloud data. By applying the FH-PRE system in cloud, data owners’ cloud data can be securely stored in cloud and shared in a fine-grained manner. Moreover, the heterogeneity support makes our FH-PRE system more efficient than the previous work. Additionally, it provides the secure data sharing between two heterogeneous cloud systems, which are equipped with different cryptographic primitives.
Patent•
10 Sep 2014
TL;DR: In this paper, an identity-based cross-system proxy re-encryption method was proposed, which comprises steps run by a PKG (private key generator), namely 1, inputting a coefficient lambda and outputting system parameters, 2, running a random number generation algorithm, 3, calculating bilinear pairings, and carrying out exponentiation and multiplication, 4, selecting a collision-resistant hash function and outputs a public key, 5, running the collision resistant hash function, and 6, performing addition, calculating a reciprocal and an exponent, and producing a private key
Abstract: The invention provides an identity-based cross-system proxy re-encryption method. The identity-based cross-system proxy re-encryption method comprises steps run by a PKG (Private Key Generator), namely 1, inputting a coefficient lambda and outputting system parameters, 2, running a random number generation algorithm, 3, calculating bilinear pairings, and carrying out exponentiation and multiplication, 4, selecting a collision-resistant hash function and outputting a public key, 5, running the collision-resistant hash function, and 6, performing addition, calculating a reciprocal and an exponent, and outputting a private key, steps run by an authorizing party, namely 7, running the collision-resistant hash function, 8, running the random number generation algorithm and carrying out multiplication and exponentiation operations, and outputting a ciphertext, 9, selecting a blinding factor k, 10, running the collision-resistant hash function, and 11, running the random number generation algorithm and carrying out multiplication and exponentiation operations, and outputting a conversion private key, a step run by a proxy party, namely 12, calculating bilinear pairings and carrying out division, and outputting a re-encryption ciphertext, and steps run by an authorized party, namely 13, running the collision-resistant hash function, 14, calculating bilinear pairings, and carrying out addition, continuous multiplication and division, and outputting k, and 15, calculating bilinear pairings and carrying out multiplication, and outputting a plaintext.
01 Jan 2014
TL;DR: A ciphertext-policy attribute-based encryption scheme delegating attribute revocation processes to Cloud Server by proxy re-encryption is proposed, which does not require generations of new secret key when granting attributes to a user and supports any Linear Secret Sharing Schemes (LSSS) access structure.
Abstract: Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for data access control on a cloud storage system. In CP-ABE, the data owner encrypts data under the access structure over attributes and a set of attributes assigned to users is embedded in user’s secret key. A user is able to decrypt if his attributes satisfy the ciphertext’s access structure. In CP-ABE, processes of user’s attribute revocation and grant are concentrated on the authority and the data owner. In this paper, we propose a ciphertext-policy attribute-based encryption scheme delegating attribute revocation processes to Cloud Server by proxy re-encryption. The proposed scheme does not require generations of new secret key when granting attributes to a user and supports any Linear Secret Sharing Schemes (LSSS) access structure.
14 Apr 2014
TL;DR: This paper has shown that Aono et al’s scheme [4] is not secure under master secret security model, and constructed unidirectional PRE which is also secure undermaster secretSecurity model and is also multi-use.
Abstract: At Eurocrypt 1998, Blaze, Bleumer and Strauss [7]presented a new primitive called Proxy Re-Encryption (PRE). This new primitive allows semi trusted proxy to transform a ciphertext for Alice (delegator) into a ciphertext for Bob (delegatee) without knowing the message. Ateniese et al [6] introduced master secret security as another security requirement for unidirectional PRE. Master secret security demands that no coalition of dishonest proxy and malicious delegatees can compute the master secret key (private key) of the delegator. In this paper, first we have shown that Aono et al’s scheme [4] is not secure under master secret security model. In other words if proxy and delegatee collude they can compute the private key of the delegator. Second, based on Aono et al’s paper [4] we have constructed unidirectional PRE which is also secure under master secret security model. Like [4], our scheme is also multi-use.
09 Oct 2014
TL;DR: This paper proposes a novel bidirectional proxy re-encryption scheme that holds the following nice properties: 1) constant ciphertext size no matter how many times the transformation performed; 2) master secret security in the random oracle model, i.e., Alice (resp. Bob) colluding with the proxy cannot obtain Bob’s (resp.'s) private key; 3) Replayable chosen ciphertext (RCCA).
Abstract: Bidirectional proxy re-encryption allows ciphertext transformation between Alice and Bob via a semi-trusted proxy, who however cannot obtain the corresponding plaintext. Due to this special property, bidirectional proxy re-encryption has become a flexible tool in many dynamic environments, such as publish subscribe systems, group communication, and cloud computing. Nonetheless, how to design a secure and efficient bidirectional proxy re-encryption is still challenging. In this paper, we propose a novel bidirectional proxy re-encryption scheme that holds the following nice properties: 1) constant ciphertext size no matter how many times the transformation performed; 2) master secret security in the random oracle model, i.e., Alice (resp. Bob) colluding with the proxy cannot obtain Bob’s (resp. Alice’s) private key; 3) Replayable chosen ciphertext (RCCA) security in the random oracle model. To the best of our knowledge, our proposal is the first bidirectional proxy re-encryption scheme that holds the above three properties simultaneously.
TL;DR: The chosen key (CK) model which allows the adversary to adaptively choose public keys for malicious users, is strictly stronger than the knowledge of secret key models (KOSK) that most of previous PREs rely on.
04 Jun 2014
TL;DR: This paper rigorously defines the anonymity notion that not only embraces the prior anonymity notions but also captures the necessary anonymity requirement for practical applications and proposes a new and efficient proxy re-encryption scheme that achieves both chosen-ciphertext security and anonymity simultaneously.
Abstract: Outsourcing private data and heavy computation tasks to the cloud may lead to privacy breach as attackers (e.g., malicious outsiders or cloud administrators) may correlate any relevant information to penetrate information of their interests. Therefore, how to preserve cloud users' privacy has been a top concern when adopting cloud solutions. In this paper, we investigate the identity privacy problem for the proxy re-encryption, which allows any third party (e.g., cloud) to re-encrypt ciphertexts in order to delegate the decryption right from one to another user. The relevant identity information, e.g., whose ciphertext was re-encrypted to the ciphertext under whose public key, may leak because re-encryption keys and ciphertexts (before and after re-encryption) are known to the third party. We review prior anonymity (identity privacy) notions, and find that these notions are either impractical or too weak. To address this problem thoroughly, we rigorously define the anonymity notion that not only embraces the prior anonymity notions but also captures the necessary anonymity requirement for practical applications. In addition, we propose a new and efficient proxy re-encryption scheme. The scheme satisfies the proposed anonymity notion under the Squared Decisional Bilinear Diffie-Hellman assumption and achieves security against chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. To the best of our knowledge, it is the first proxy re-encryption scheme attaining both chosen-ciphertext security and anonymity simultaneously.We implement a prototype based on the proposed proxy re-encryption scheme and the performance study shows that it is efficient.
24 Aug 2014
TL;DR: A new type attack to multi-use CCA-secure PRE named proxy bypass attack is proposed with a concrete attacks on Wang-Multi-Use-PRE scheme to resistproxy bypass attack by randomize re-encryption algorithm.
Abstract: Proxy re-encryption (PRE) can be classified as single-hop PRE and multi-use PRE according to the times which the ciphertext is transformed. Finding a unidirectional, multi-use, and chosen ciphertext attack (CCA) secure PRE is presented as an open problem by Canetti et al. Wang claimed to resolve this problem by proposing the first multi-use CCAsecure unidirectional PRE scheme. But we found that different with single-hop PRE, multi-use PRE without randomize encrypt key in its re-encryption algorithm could be vulnerable to attack. A new type attack to multi-use CCA-secure PRE named proxy bypass attack is proposed with a concrete attacks on Wang-MultiUse-PRE scheme. This attack is also effective for other multi-use scheme. At last we propose an improvement for Multi-Use-PRE to resist proxy bypass attack by randomize re-encryption algorithm.
Patent•
22 Dec 2014
TL;DR: In this article, the authors propose a proxy re-encryption scheme for encrypted data stored in a first database of a first server and a second database on a second server, where the first re-encrypted value is stored in the first database.
Abstract: Methods, systems, and computer-readable storage media for proxy re-encryption of encrypted data stored in a first database of a first server and a second database of a second server. Implementations include actions of receiving a first token at the first server from a client-side computing device, providing a first intermediate re-encrypted value based on a first encrypted value and the first token, transmitting the first intermediate re-encrypted value to the second server, receiving a second intermediate re-encrypted value from the second server, the second intermediate re-encrypted value having been provided by encrypting the first encrypted value at the second server based on a second token, providing the first encrypted value as a first re-encrypted value based on the first intermediate re-encrypted value and the second intermediate re-encrypted value, and storing the first re-encrypted value in the first database.
Journal Article•
01 Jan 2014
15 Nov 2014
TL;DR: In this scheme, the secret key is re-encrypted and access control strategy is used for re-encrypt key to achieve distinguishable search and perfect revocation for authorization.
Abstract: We propose a new multi-users searchable encryption scheme based on proxy re-encryption, our scheme is an improvement of multi-users searchable encryption scheme proposed by Yang et al. In our scheme, the secret key is re-encrypted and access control strategy is used for re-encrypt key to achieve distinguishable search and perfect revocation for authorization. The data index structure is designed based on consideration of actual physics structure of cloud storage system to attain higher efficiency and practicability. Especially, lower computational expense for client is achieved in the new scheme.
15 Dec 2014
TL;DR: This paper proposes a new identity-based conditional proxy re-encryption (IBCPRE) scheme, which enables Alice to implement finegrained delegation of decryption rights, and thus is more useful in many applications.
Abstract: In an identity-based proxy re-encryption (IB-PRE) scheme, a semi-trusted proxy can convert a ciphertext under Alice's identity into a ciphertext for Bob. The proxy does not know the secret key of Alice or Bob, and also does not know the plaintext during the conversion. However, some scenarios require handle a fine-grained delegation. In this paper, by using the identity-based encryption (IBE) technique of Boneh-Boyen, we propose a new identity-based conditional proxy re-encryption (IBCPRE) scheme, which enables Alice to implement finegrained delegation of decryption rights, and thus is more useful in many applications. Our scheme has significant advantages in both computational and communicational than Shao et al.'s IBCPRE scheme.