Showing papers on "Proxy re-encryption published in 2015"

A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing

Abstract: Proxy Re-Encryption (PRE) is a useful cryptographic primitive that allows a data owner to delegate the access rights of the encrypted data stored on a cloud storage system to others without leaking the information of the data to the honest-but-curious cloud server. It provides effectiveness for data sharing as the data owner even using limited resource devices (e.g. mobile devices) can offload most of the computational operations to the cloud. Since its introduction many variants of PRE have been proposed. A Ciphertext-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE), which is regarded as a general notion for PRE, employs the PRE technology in the attribute-based encryption cryptographic setting such that the proxy is allowed to convert an encryption under an access policy to another encryption under a new access policy. CP-ABPRE is applicable to many network applications, such as network data sharing. The existing CP-ABPRE systems, however, leave how to achieve adaptive CCA security as an interesting open problem. This paper, for the first time, proposes a new CP-ABPRE to tackle the problem by integrating the dual system encryption technology with selective proof technique. Although the new scheme supporting any monotonic access structures is built in the composite order bilinear group, it is proven adaptively CCA secure in the standard model without jeopardizing the expressiveness of access policy. We further make an improvement for the scheme to achieve more efficiency in the re-encryption key generation and re-encryption phases. This paper proposes a new Ciphertext-Policy Attribute-Based Proxy Re-Encryption scheme.The scheme is proved adaptively chosen ciphertext secure by leveraging dual system encryption technology and selective proof technique.The paper also proposes an improvement for re-encryption key generation and re-encryption phases so as to reduce computational and communication cost.

Privacy-Preserving Ciphertext Multi-Sharing Control for Big Data Storage

Abstract: The need of secure big data storage service is more desirable than ever to date. The basic requirement of the service is to guarantee the confidentiality of the data. However, the anonymity of the service clients, one of the most essential aspects of privacy, should be considered simultaneously. Moreover, the service also should provide practical and fine-grained encrypted data sharing such that a data owner is allowed to share a ciphertext of data among others under some specified conditions. This paper, for the first time, proposes a privacy-preserving ciphertext multi-sharing mechanism to achieve the above properties. It combines the merits of proxy re-encryption with anonymous technique in which a ciphertext can be securely and conditionally shared multiple times without leaking both the knowledge of underlying message and the identity information of ciphertext senders/recipients. Furthermore, this paper shows that the new primitive is secure against chosen-ciphertext attacks in the standard model.

Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment

Abstract: In this research paper, we will describe the system model and security model in our scheme and provide our design goals and related assumptions. We consider a cloud computing environment consisting of a cloud service provider (CSP), a data owner, and many users. The CSP maintains cloud infrastructures, which pool the bandwidth, storage space, and CPU power of many cloud servers to provide 24/7 services. We assume that the cloud infrastructures are more reliable and powerful than personal computers. In our system, the CSP mainly provides two services: data storage and re-encryption. After obtaining the encrypted data from the data owner, the CSP will store the data on several cloud servers, which can be chosen by the consistent hash function, where the input of the consistent hash function is the key of the data, and the outputs of the consistent hash function are the IDs of the servers that store the data. On receiving a data access request from a user, the CSP will re-encrypt the cipher text based on its own time, and return the re-encrypted cipher text.

NTRUReEncrypt: An Efficient Proxy Re-Encryption Scheme Based on NTRU

Abstract: The use of alternative foundations for constructing more secure and efficient cryptographic schemes is a topic worth exploring. In the case of proxy re-encryption, the vast majority of schemes are based on number theoretic problems such as the discrete logarithm. In this paper we present NTRUReEncrypt, a new bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem. We provide two versions of our scheme: the first one is based on the conventional NTRU encryption scheme and, although it lacks a security proof, remains as efficient as its predecessor; the second one is based on a variant of NTRU proposed by Stehle and Steinfeld, which is proven CPA-secure under the hardness of the Ring-LWE problem. To the best of our knowledge, our proposals are the first proxy re-encryption schemes to be based on the NTRU primitive. In addition, we provide experimental results to show the efficiency of our proposal, as well as a comparison with previous proxy re-encryption schemes, which confirms that our first scheme outperforms the rest by an order of magnitude.

Outsourcing the Re-encryption Key Generation: Flexible Ciphertext-Policy Attribute-Based Proxy Re-encryption

Abstract: In this paper, we introduce a new proxy re-encryption (PRE) in that the re-encryption key generation can be outsourced, in attribute-based encryption. We call this new notion flexible ciphertext-policy attribute-based proxy re-encryption (flexible CP-AB-PRE). In ordinary PRE scheme, re-encryption keys are generated by using user’s decryption key and an access structure. So, whenever the access structure is changed, a PRE user has to generate new different re-encryption keys. In order to overcome this disadvantage of the ordinary PRE, the re-encryption key generation of the proposed scheme is divided into the following two steps. First, a user generates universal re-encryption key urk S which indicates delegator’s attributes set S. Second, an authority who has re-encryption secret key rsk generates ordinary re-encryption key \({\sf rk}_{S\rightarrow{\Bbb M}'}\) by using urk S , rsk, and an access structure \({\Bbb M}'\). The user has only to generate single urk S for all re-encryption keys. By this “outsourcing”, the task of re-encryption key generation for a user is reduced only to generate one urk S . Furthermore, supposing a Private Key Generator (PKG) generates urk simultaneously at the time of decryption key generation, the load of re-encryption key generation for users almost vanishes.

A ciphertext-policy attribute-based proxy re-encryption scheme for data sharing in public clouds

Abstract: Ciphertext-policy attribute-based proxy re-encryption CP-ABPRE extends the traditional Proxy Re-Encryption PRE by allowing a semi-trusted proxy to transform a ciphertext under an access policy to another ciphertext with the same plaintext under a new access policy ie, attribute-based re-encryption The proxy, however, learns nothing about the underlying plaintext CP-ABPRE has many real world applications, such as fine-grained access control in cloud storage systems and medical records sharing among different hospitals All the existing CP-ABPRE schemes are leaving chosen-ciphertext attack CCA security as an interesting open problem This paper, for the first time, proposes a new CP-ABPRE scheme to tackle the problem The new scheme supports attribute-based re-encryption with any monotonic access structures Despite being constructed in the random oracle model, our scheme can be proven CCA secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption Copyright © 2014 John Wiley & Sons, Ltd

Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating

Abstract: Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for data access control on a cloud storage system. In CP-ABE, the data owner encrypts data under the access structure over attributes and a set of attributes assigned to users is embedded in user’s secret key. A user is able to decrypt if his attributes satisfy the ciphertext’s access structure. In CP-ABE, processes of user’s attribute revocation and grant are concentrated on the authority and the data owner. In this paper, we propose a ciphertext-policy attribute-based encryption scheme delegating attribute revocation processes to Cloud Server by proxy re-encryption. The proposed scheme does not require generations of new secret key when granting attributes to a user and supports any Linear Secret Sharing Schemes (LSSS) access structure. We prove that the proposed scheme is secure against attack by unauthorized users and Cloud Server.

Lattice-based multi-use unidirectional proxy re-encryption

Abstract: Proxy re-encryption PRE is a cryptographic primitive that allows a proxy to turn an Alice's ciphertext into a Bob's ciphertext on the same plaintext. At present, there are many different PRE schemes that have been proposed with different properties. However, all of them are based on the logarithm assumption and the large integer factorization assumption except for a bidirectional PRE scheme over lattices. In this paper, we construct the first multi-use unidirectional PRE scheme based on lattices. In addition, the generation of the PRE key does not interact with two users, and the scheme can resist collusion attacks. Moreover, it is proved chosen plaintext attack secure in the standard model based on the Learning With Errors assumption. Finally, an identity-based PRE is obtained from the basic construction. Copyright © 2015 John Wiley & Sons, Ltd.

Secure and efficient data-sharing in clouds

Abstract: With the rapid development of cloud computing, cloud storage has become a cost-effective solution for many users with the demand of data storage. However, there are still two main concerns for users with sensitive/private data: 1 Is it secure to store private data in public cloud storages? 2 Is there an efficient way to share private data with other specified users? In the past years, several papers in the literature have used proxy re-encryption PRE to address these two concerns, where the efficiency of the underlying PRE scheme is usually a bottleneck of the overall performance of cloud storages. In this paper, we dedicate to design a secure and practical PRE scheme for cloud-based data-sharing. First, we discuss a 'pitfall' in the security proof of several existing PREs. Then, we give a general framework for proving the chosen ciphertext attacks CCA security of single-hop unidirectional PRE schemes. Finally, we propose a practical PRE scheme that is proven secure against CCA under the computational Diffie-Hellman problem in the random oracle model. We evaluate the performance of our PRE scheme both in theoretical comparisons with related schemes and in implementations at several security levels. The results indicate that our scheme can be practical in cloud-based data-sharing. Copyright © 2014 John Wiley & Sons, Ltd.

Re-Encryption Verifiability: How to Detect Malicious Activities of a Proxy in Proxy Re-Encryption

Abstract: In this paper, we introduce a new functionality for proxy re-encryption (PRE) that we call re-encryption verifiability. In a PRE scheme with re-encryption verifiability (which we simply call verifiable PRE, or VPRE), a receiver of a re-encrypted ciphertext can verify whether the received ciphertext is correctly transformed from an original ciphertext by a proxy, and thus can detect illegal activities of the proxy. We formalize the security model for a VPRE scheme, and show that the single-hop uni-directional PRE scheme by Hanaoka et al. (CT-RSA 2012) can be extended to a secure VPRE scheme.

A Scheme to Manage Encrypted Data Storage with Deduplication in Cloud

Abstract: Cloud computing offers a new way of service provision by re-arranging various resources and IT structures over the Internet. Private user data are often stored in cloud in an encrypted form in order to preserve the privacy of data owners. Encrypted data sharing introduces new challenges for cloud data deduplication. We found that existing solutions of deduplication suffer from high computation complexity and cost and therefore few of them can be really deployed in practice. In this paper, we propose a scheme to deduplicate encrypted data stored in cloud based on proxy re-encryption. We evaluate its performance and advantages based on extensive analysis and implementation. The results show the efficiency and effectiveness of the scheme for potential practical deployment.

A new proxy re-encryption scheme for protecting critical information systems

Abstract: The risks of critical systems involved in key-recovery, key-escrow have barely taken to be seriously treated by the researchers And the failures of even the best cryptographic techniques are often caused by the inherent security weaknesses in our computer systems rather than breaking the cryptographic mechanism directly Thus key-recovery and key-escrow attacks are among the most important issues in protecting critical information systems Proxy re-encryption, introduced by Blaze et al in 1998, allows a proxy to transform a ciphertext computed under Alice’s public key into one that can be opened under Bob’s decryption key, without the proxy knowing any secret key of Alice and Bob, thus it can be used in modern critical information system well to avoid the key-recovery and key-escrow attack In CANS’08, Deng et al proposed the first IND-CCA2 secure proxy re-encryption without bilinear parings in the random oracle model They left an open problem of constructing IND-CCA2 secure proxy re-encryption scheme in the standard model yet without pairings In this paper, based on Cramer–Shoup encryption scheme, we try to solve this open problem by presenting a new proxy re-encryption scheme, which is IND-CCA2 secure in the standard model in a relatively weak model and does not use bilinear parings Our main idea is roughly using the Cramer–Shoup encryption twice, but also taking care of the security in the security model of proxy re-encryption We compare our work with Canetti–Hohenberger scheme II, the results show our scheme is more efficient We also show its application in protecting the security of critical information systems

Efficient and Fully CCA Secure Conditional Proxy Re-Encryption from Hierarchical Identity-Based Encryption

Abstract: A proxy re-encryption (PRE) allows a data owner to delegate the decryption rights of some encrypted data stored on the cloud without revealing the data to an honest-but-curious cloud service provider (i.e. the PRE proxy). Furthermore, the data owner can offload most of the computational operations to the cloud service provider and hence, using PRE for encrypted cloud data sharing can be very effective even for data owners using limited resource devices (e.g. mobile devices). However, PRE schemes only enables data owners to delegate the decryption rights of all their encrypted data. A more practical notion is a conditional PRE (CPRE) that allows us to specify under what condition the decryption of an encrypted data can be delegated, for example, only sharing all the encrypted files under a directory called ‘public’. In this paper, we provide an affirmative result on the long-standing question of building a full chosen-ciphertext attacks (CCA)-secure CPRE system in the standard model and for the first time, we show that a class of Hierarchical Identity-Based Encryption (HIBE) schemes can be transferred to building a CCA-secure CPRE in the standard model. We also list out some concrete HIBE schemes which fall into this class, e.g., Lewko-Waters HIBE. All existing CCA-secure PRE schemes in the standard model are not conditional while all existing CPRE schemes are either not CCA secure or not in the standard model. By instantiating our generic HIBE-based transformation, we show that an efficient and concrete CPRE scheme which is both CCA secure in the standard model and conditional can be built.

CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing

Abstract: The invention discloses a CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing. By the adoption of the method, efficient safe access and sharing of a data file in the cloud computing environment are achieved. According to the method, on one hand, the proxy re-encryption technology is adopted for ciphertext conversion so that a ciphertext which can be decrypted by an authorizer can be converted into a ciphertext which can be decrypted by an authorized person, to be specific, after a file of a data owner is encrypted and uploaded to a cloud proxy server, under the condition that the authorizer is not available, the cloud proxy server re-encrypts the encrypted file, and the authorized person can acquire a plaintext through decryption with a private key of the authorized person after acquiring the re-encrypted file from the cloud proxy server, so that safe access and sharing of data are guaranteed; on the other hand, during ciphertext encryption, the CP-ABE-based fixed ciphertext length algorithm is adopted for ciphertext computing, so that the length of the ciphertext is fixed and does not increase along with the increase of the number of attributes, and then computing expenses are effectively reduced.

Certificateless Proxy Re-Encryption Without Pairing: Revisited

Abstract: Proxy Re-Encryption was introduced by Blaze, Bleumer and Strauss to efficiently solve the problem of delegation of decryption rights. In proxy re-encryption, a semi-honest proxy transforms a ciphertext intended for Alice to a ciphertext of the same message for Bob without learning anything about the underlying message. From its introduction, several proxy re-encryption schemes in the Public Key Infrastructure (PKI) and Identity (ID) based setting have been proposed. In practice, systems in the public key infrastructure suffer from the certificate management problem and those in identity based setting suffer from the key escrow problem. Certificateless Proxy Re-encryption schemes enjoy the advantages provided by ID-based constructions without suffering from the key escrow problem.In this work, we construct the first unidirectional, single-hop CCA-secure certificateless proxy re-encryption scheme without pairing by extending the PKI based construction of Chow et al. proposed in 2010. We prove its security in the random oracle model under the Computational Diffie-Hellman (CDH) assumption. Prior to this work, the only secure certificateless proxy re-encryption scheme is due to Guo et al. proposed in 2013 using bilinear pairing. They proved their construction is RCCA-secure under q-weak Decisional Bilinear Diffie-Hellman assumption. The construction proposed in this work is more efficient than that system and its security relies on more standard assumptions. We also show that the recently proposed construction of Yang et al. is insecure with respect to the security model considered in this work.

Asymmetric Cross-cryptosystem Re-encryption Applicable to Efficient and Secure Mobile Access to Outsourced Data

Abstract: With the increasing development of pervasive computing and wireless bandwidth communication, more mobile devices are used to access sensitive data stored in remote servers. In such applications, a practical issue emerges such as how to exploit the sufficient resource of a server so that the file owners can enforce fine-grained access control over the remotely stored files, while enable resource-limited mobile devices to easily access the protected data, especially if the storage server maintained by a third party is untrusted. This challenge mainly arises from the asymmetric capacity among the participants, i.e., the capacity limited mobile devices and the resource abundant server (and file owners equipped with fixed computers). To meet the security requirements in mobile access to sensitive data, we propose a new encryption paradigm, referred to as asymmetric cross-cryptosystem re-encryption (ACCRE) by leveraging the asymmetric capacity of the participants. In ACCRE, relatively light-weight identity-based encryption (IBE) is deployed in mobile devices, while resource-consuming but versatile identity-based broadcast encryption (IBBE) is deployed in servers and fixed computers of the file owners. The core of ACCRE is a novel ciphertext conversion mechanism that allows an authorized proxy to convert a complicated IBBE ciphertext into a simple IBE ciphertext affordable to mobile devices, without leaking any sensitive information to the proxy. Following this paradigm, we propose an efficient ACCRE scheme with its security formally reduced to the security of the underlying IBE and IBBE schemes. Thorough theoretical analyses and extensive experiments confirm that the scheme takes very small cost for mobile devices to access encrypted data and is practical to secure mobile computing applications.

A Parametric Family of Attack Models for Proxy Re-encryption

Abstract: Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) that provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of a set of intermediate security notions for PRE that ranges from "plain" IND-CPA to "full" IND-CCA. We analyze some relations among these notions of security, and in particular, the separations that arise when the re-encryption oracle leaks re-encryption keys. In addition, we discuss which of these security notions represent meaningful adversarial models for PRE. Finally, we provide an example of a recent "CCA1-secure" scheme from PKC 2014 whose security model does not capture chosen-cipher text attacks through re-encryption and for which we describe an attack under a more realistic security notion. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.

Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing

Abstract: Proxy re-encryption (PRE) has been considered as a promising candidate to secure data sharing in public cloud by enabling the cloud to transform the ciphertext to legitimate recipients on behalf of the data owner, and preserving data privacy from semi-trusted cloud. Certificateless proxy re-encryption (CL-PRE) not only eliminates the heavy public key certificate management in traditional public key infrastructure, but also solves the key escrow problem in the ID-based public key cryptography. By considering that the existing CL-PRE schemes either rely on expensive bilinear pairings or are proven secure under weak security models, we propose a strongly secure CL-PRE scheme without resorting to the bilinear pairing. The security of our scheme is proven to be secure against adaptive chosen ciphertext attack (IND-CCA) under a stronger security model in which the Type I adversary is allowed to replace the public key associated with the challenge identity. Furthermore, the simulation results demonstrate that our scheme is practical for cloud based data sharing in terms of communication overhead and computation cost for data owner, the cloud and data recipient.

Fully Secure Inner-Product Proxy Re-Encryption with Constant Size Ciphertext

Abstract: In this paper, we present a new inner product proxy re-encryption scheme. The scheme can easily be converted into a threshold attribute-based proxy re-encryption scheme, and can be used to provide fine-grained access control in cloud storage systems. Our scheme is very efficient, requiring a linear number of exponentiations and a constant number of pairing computations for encryption and decryption. The length of the ciphertext is also independent of the length of the vector. The scheme is proven adaptively secure under standard assumptions in groups of composite orders.

Certificate-Based Conditional Proxy Re-Encryption

Abstract: A proxy re-encryption scheme (PRE) allows a semi-trusted proxy to convert a ciphertext encrypted under one key into an encryption of the same plaintext under another key. In the process of the arithmetic processing, proxy should be able to learn as little information about the plaintext as possible. Conditional proxy re-encryption (CPRE) is a primitive which only those ciphertexts satisfying one condition set by the delegator can be re-encrypted correctly by the proxy. In this paper, we combine the conditional proxy re-encryption with certificate-based encryption and propose a certificate-based conditional proxy re-encryption scheme. The proposed scheme is proved secure against chosen-ciphertext security (CCA) in the random oracle model.

Efficient Certificate-Based Proxy Re-encryption Scheme for Data Sharing in Public Clouds

Abstract: Nowadays, public cloud storage is gaining popularity and a growing number of users are beginning to use the public cloud storage for online data storing and sharing. However, how the encrypted data stored in public clouds can be effectively shared becomes a new challenge. Proxy re-encryption is a public-key primitive that can delegate the decryption right from one user to another. In a proxy re-encryption system, a semi-trusted proxy authorized by a data owner is allowed to transform an encrypted data under the data owner’s public key into a re-encrypted data under an authorized recipient’s public key without seeing the underlying plaintext. Hence, the paradigm of proxy re-encryption provides a promising solution to effectively share encrypted data. In this paper, we propose a new certificate-based proxy re-encryption scheme for encrypted data sharing in public clouds. In the random oracle model, we formally prove that the proposed scheme achieves chosen-ciphertext security. The simulation results show that it is more efficient than the previous certificate-based proxy re-encryption schemes.

An Improved Cloud-Based Revocable Identity-Based Proxy Re-encryption Scheme

Abstract: Key revocation and ciphertext update are two prominent security requirements for identity-based encryption systems from a practical view. Several solutions to offer efficient key revocation or ciphertext update for identity-based encryption systems have been proposed in the literature. However, how to achieve both key revocation and ciphertext update functionalities simultaneously in identity-based encryption systems is still an open problem. Recently, Liang et al. introduce the notion of cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme with the aim to achieve both ciphertext update and key revocation functionalities, and present a CR-IB-PRE scheme from bilinear pairings. In this paper, we first showed Liang et al.’s scheme has serious security pitfalls such as re-encryption key forgery and collusion attack, which lead to revoked users can decrypt any ciphertext regarding their identities at any time period. We then redefined the syntax and security model of CR-IB-PRE scheme and proposed an improved CR-IB-PRE scheme from bilinear pairings. The improved scheme not only achieves collusion resistance, but also takes lower decryption computation and achieves constant size re-encrypted ciphtertext. Finally, we proved the improved CR-IB-PRE scheme is adaptively secure in the standard model under DBDH assumption.

Certificateless condition based proxy re-encryption system and method

Abstract: The invention discloses a certificateless-condition-based proxy re-encryption system and method. A certificateless public key system and a proxy re-encryption system are combined together, so that certificate management is avoided and problems in secrete key distribution and escrow are eliminated. In a condition of ensuring encryption safety, online re-encryption is performed flexibly and the re-encryption capability of a proxy center is controlled, so that only ciphertext meeting specific conditions can be re-encrypted effectively. At the same time, since the certificateless public key system is used, the system and method provided by the invention have advantages of traditional public key encryption and identify-based encryption and are good in performance and convenient in application in an open network environment. The novel system and method provided by the invention are safe and efficient.

A Limited Proxy Re-encryption with Keyword Search for Data Access Control in Cloud Computing

Abstract: In this paper, we introduce a new concept of limited proxy re-encryption with keyword search (LPREKS) for fine-grained data access control in cloud computing, which combines the function of limited proxy re-encryption (LPRE) and that of public key encryption with keyword search (PEKS). However, an LPREKS scheme cannot be obtained by directly combining those two schemes since the resulting scheme is no longer proven secure in our security model. Our scheme is proven semantically secure under the modified Bilinear Diffie-Hellman (mBDH) assumption and the q-Decisional Bilinear Diffie-Hellman inversion (q-DBDHI) assumption in the random oracle model.

Attribute-Based Proxy Re-encryption with Dynamic Membership

Abstract: Cloud computing has been developed rapidly in recent years, and offers novel concepts and innovations in computer use. The applications of cloud computing are that people can put their data on cloud and also can designate a proxy to help them to execute a number of tasks in certain situations. The proxy re-encryption which is a cryptographic primitive has been proposed to solve this problem. In the proxy re-encryption system, when a user (e.g., Alice) wants to send a cipher text that is encrypted by her public key and stored in the cloud to another user (e.g., Bob), she can designate a proxy to transform the cipher text into a different cipher text that can be decrypted by Bob's private key. Recently, Fan et al. Proposed an attribute-based encryption scheme with dynamic membership. However, we found that their scheme may be flawed. In this paper we will modify Fan et al.'s scheme to fix the flaw. Based on our modified scheme and the proxy re-encryption, we also propose an attribute-based proxy re-encryption under bilinear pairing. Furthermore, the proposed scheme has rich access policies and dynamic membership.

Proxy re-encryption method and system on basis of certificate conditions

Abstract: The invention discloses a proxy re-encryption system on the basis of certificate conditions. The proxy re-encryption system comprises a system parameter setting module, a user key generation module, a certificate generation module, an encryption module, a proxy re-encryption key generation module, a proxy re-encryption module and a decryption module, wherein the system parameter setting module generates a system master key and system public parameters; the user key generation module generates public keys and private key pairs of various users; the certificate generation module endorses the identity of the users and the public keys and generates certificates of the users; the encryption module is used for encrypting messages and transmitting the messages to the decryption module and the proxy re-encryption key generation module; the proxy re-encryption key generation module generates proxy re-encryption keys and transmits the same to the proxy re-encryption module; the proxy re-encryption module re-encrypts original cryptographs to generate re-encryption cryptographs to be transmitted to the decryption module; the decryption module restores corresponding plaintexts. The invention further discloses a proxy re-encryption method on the basis of certificate conditions. On the premise of guaranteeing safety of the system, the original cryptographs can be flexibly subjected to proxy re-encryption, and rights of proxies are strictly controlled.

Collusion-Resistant Identity-Based Proxy Re-Encryption Without Random Oracles

Abstract: In an identity-based proxy re-encryption scheme, a semi-trusted proxy can convert a ciphertext under Alice’s public identity into a ciphertext for Bob. The proxy does not know the secret key of Alice or Bob, and also does not know the plaintext during the conversion. In identity-based proxy re-encryption, the collusion of the proxy and a delegatee may result in the decryption of ciphertext for delegator. In this paper, we present a new scheme which can avoid the collusion of proxy and delegatee. Our scheme improves the scheme of Chu and Tzeng while inheriting all useful properties such as unidirectionality and non-interactivity. In our scheme, we get the security by using added secret parameter and change the secret key and re-encryption key. Our sheme is secure against ChosenCiphertext Attack (CCA) and collusion attack in the standard model.