Showing papers on "Proxy re-encryption published in 2022"

A Verifiable and Fair Attribute-Based Proxy Re-Encryption Scheme for Data Sharing in Clouds

Abstract: To manage outsourced encrypted data sharing in clouds, attribute-based proxy re-encryption (ABPRE) has become an elegant primitive. In ABPRE, a cloud server can transform an original recipient’s ciphertext to a new one of a shared user’s. As the transformation is computation consuming, a malicious cloud server may return an incorrect re-encrypted ciphertext to save its computation resources. Moreover, a shared user may accuse the cloud server of returning an incorrect re-encrypted ciphertext to refuse to pay the cost of using the cloud service. However, existing ABPRE schemes do not support a mechanism to achieve verifiability and fairness. In this article, a novel verifiable and fair attribute-based proxy re-encryption (VF-ABPRE) scheme is introduced to support verifiability and fairness. The verifiability enables a shared user to verify whether the re-encrypted ciphertext returned by the server is correct and the fairness ensures a cloud server escape from malicious accusation if it has indeed conducted the re-encryption operation honestly. Additionally, we conduct a performance experiment to show the efficiency and practicality of the new VF-ABPRE scheme.

A Proxy Re-Encryption Approach to Secure Data Sharing in the Internet of Things Based on Blockchain

Abstract: The evolution of the Internet of Things has seen data sharing as one of its most useful applications in cloud computing. As eye-catching as this technology has been, data security remains one of the obstacles it faces since the wrongful use of data leads to several damages. In this article, we propose a proxy re-encryption approach to secure data sharing in cloud environments. Data owners can outsource their encrypted data to the cloud using identity-based encryption, while proxy re-encryption construction will grant legitimate users access to the data. With the Internet of Things devices being resource-constrained, an edge device acts as a proxy server to handle intensive computations. Also, we make use of the features of information-centric networking to deliver cached content in the proxy effectively, thus improving the quality of service and making good use of the network bandwidth. Further, our system model is based on blockchain, a disruptive technology that enables decentralization in data sharing. It mitigates the bottlenecks in centralized systems and achieves fine-grained access control to data. The security analysis and evaluation of our scheme show the promise of our approach in ensuring data confidentiality, integrity, and security.

Multi-Tier Stack of Block Chain with Proxy Re-Encryption Method Scheme on the Internet of Things Platform

Abstract: Block chain provides an innovative solution to information storage, transaction execution, security, and trust building in an open environment. The block chain is technological progress for cyber s...

Autonomous Path Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds

Abstract: Cloud computing with massive storage and computing capabilities has become widespread in actual applications. It is critical to ensure secure data sharing in cloud-based applications. Currently, numerous identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the privacy issue. However, the existing IB-BPRE schemes cannot reach the transformation of the decryption right for outsourced encrypted data between the broadcast receiver sets (data user sets) delegated by the data owner (Alice) because it is difficult for the IB-BPRE to hold the character of multi-hop. Consequently, a new cryptographic primitive called autonomous path identity-based broadcast proxy re-encryption (APIB-BPRE) is presented to address the above issue. In an APIB-BPRE scheme, the delegator establishes an autonomous path involving preferred multiple broadcast receiver sets and the proxy can convert the decryption right for the broadcast receiver set into the decryption right for the next broadcast receiver set by the re-encryption key from the delegator. This solution is convenient and flexible for cloud users and utilizes the benefits of cloud computing. The evaluation and comparison indicate that our APIB-BPRE system is effective and practical.

Proxy Re-Encryption Scheme for Decentralized Storage Networks

Abstract: Storage is a promising application for permission-less blockchains. Before blockchain, cloud storage was hosted by a trusted service provider. The centralized system controls the permission of the data access. In web3, users own their data. Data must be encrypted in a permission-less decentralized storage network, and the permission control should be pure cryptographic. Proxy re-encryption (PRE) is ideal for cryptographic access control, which allows a proxy to transfer Alice’s ciphertext to Bob with Alice’s authorization. The encrypted data are stored in several copies for redundancy in a permission-less decentralized storage network. The redundancy suffers from the outsourcing attack. The malicious resource provider may fetch the content from others and respond to the verifiers. This harms data integrity security. Thus, proof-of-replication (PoRep) must be applied to convince the user that the storage provider is using dedicated storage. PoRep is an expensive operation that encodes the original content into a replication. Existing PRE schemes cannot satisfy PoRep, as the cryptographic permission granting generates an extra ciphertext. A new ciphertext would result in several expensive replication operations. We searched most of the PRE schemes for the combination of the cryptographic methods to avoid transforming the ciphertext. Therefore, we propose a new PRE scheme. The proposed scheme does not require the proxy to transfer the ciphertext into a new one. It reduces the computation and operation time when allowing a new user to access a file. Furthermore, the PRE scheme is CCA (chosen-ciphertext attack) security and only needs one key pair.

Unidirectional Updatable Encryption and Proxy Re-encryption from DDH or LWE

Abstract: Updatable Encryption (UE) and Proxy Re-encryption (PRE) allow re-encrypting a ciphertext from one key to another in the symmetric-key and public-key settings, respectively, without decryption. A longstanding open question has been the following: do unidirectional UE and PRE schemes (where ciphertext re-encryption is permitted in only one direction) necessarily require stronger/more structured assumptions as compared to their bidirectional counterparts? Known constructions of UE and PRE seem to exemplify this “gap” – while bidirectional schemes can be realized as relatively simple extensions of public-key encryption from standard assumptions such as DDH or LWE, unidirectional schemes typically rely on stronger assumptions such as FHE or indistinguishability obfuscation (iO), or highly structured cryptographic tools such as bilinear maps or lattice trapdoors. In this paper, we bridge this gap by showing the first feasibility results for realizing unidirectional UE and PRE from a new generic primitive that we call Key and Plaintext Homomorphic Encryption (KPHE) – a public-key encryption scheme that supports additive homomorphisms on its plaintext and key spaces simultaneously. We show that KPHE can be instantiated from DDH. This yields the first constructions of unidirectional UE and PRE from DDH. Our constructions achieve the strongest notions of post-compromise security in the standard model. Our UE schemes also achieve “backwards-leak directionality” of key updates (a notion we discuss is equivalent, from a security perspective, to that of unidirectionality with no-key updates). Our results establish (somewhat surprisingly) that unidirectional UE and PRE schemes satisfying such strong security notions do not, in fact, require stronger/more structured cryptographic assumptions as compared to bidirectional schemes.

A Searchable Encryption Scheme Based on Lattice for Log Systems in燘lockchain

Abstract: With the increasing popularity of cloud storage, data security on the cloud has become increasingly visible. Searchable encryption has the ability to realize the privacy protection and security of data in the cloud. However, with the continuous development of quantum computing, the standard Public-key Encryption with Keyword Search (PEKS) scheme cannot resist quantum-based keyword guessing attacks. Further, the credibility of the server also poses a significant threat to the security of the retrieval process. This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems. Firstly, we design a lattice-based encryption primitive to resist quantum keyword guessing attacks. Moreover, blockchain is to decentralize the cloud storage platform’s jurisdiction of data. It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result, which malicious platforms are prevented as much as possible from deliberately sending wrong search results. Last but not least, through security analysis, our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext. The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.

Chosen-Ciphertext Secure Homomorphic Proxy Re-Encryption

Abstract: Homomorphic Proxy Re-Encryption (HPRE) is an extension of Proxy Re-Encryption (PRE) which combines the advantages of both Homomorphic Encryption (HE) and PRE. A HPRE scheme allows arbitrary evaluations to be performed on ciphertexts under one (the delegator's) public key and, using a re-encryption key, it transforms the resulting ciphertext to a new ciphertext under another (the delegatee's) public key. Prior HPRE schemes are either CPA-secure or CCA-secure but only support partial homomorphic operations. We propose a generic construction of single-hop HPRE scheme which supports fully homomorphic operations. The proposed scheme is proven secure in our new index-based CCA-HPRE model. Our technique is to give a generic transformation that turns any multi-identity identity-based FHE (IBFHE) scheme with key switching into Fully Homomorphic Encryption (FHE) with key switching from which we can obtain the proposed single-hop HPRE scheme. We also present a concrete instantiation of multi-identity IBFHE with key switching from learning with errors (LWE) in the standard model.

A fine‐grained and secure health data sharing scheme based on blockchain

Abstract: Electronic health record (EHR) allows patients to use an open channel (ie, Internet) to control, share and manage their health records among family members, healthcare providers and other third party data users. Thus, in such an environment, privacy, confidentiality, and data consistency are the major challenges. Although cloud‐based EHR addresses the aforementioned discussions, these are prone to various malicious attacks, trust management and non‐repudiation among servers. Recently, due to the property of immutability, blockchain technology has been introduced to be as an auspicious solution for achieving EHR sharing with privacy and security preservation. Motivated by the above debates, we present BFHS, a blockchain‐based fine‐grained secure EHR sharing mechanism. On BFHS, we encrypt the EHR using ciphertext‐policy attribute‐based encryption (CP‐ABE) and upload it to the interplanetary file system (IPFS) for storage, while the matching index is encrypted via proxy re‐encryption and kept in a medical consortium blockchain. In addition, we created a credit assessment mechanism and incorporated it into the smart contract. Smart contracts, proxy re‐encryption, a credit evaluation mechanism, and IPFS all work together to give patients with a trustworthy EHR sharing environment and a dynamic access control interface. The thorough comparison and experimental analysis show that the proposed BFHS has more comprehensive security features and is more practicable.

A Blockchain-Assisted Electronic Medical Records by Using Proxy Reencryption and Multisignature

Abstract: Electronic medical records (EMR) have been commonly used in medical institutions in recent years. In particular, the combination of EMR and the cloud server has significantly improved the work efficiency and therapeutic level of the hospital. It also raises some security concerns, e.g., the information leaks. Blockchain has features including decentralization, traceability, openness, and tamper resistance. Therefore, the technology may be used to overcome the above flaws. In this paper, we introduce a new blockchain-assisted EMR in the cloud environment by using proxy reencryption and sequential multisignature. Firstly, blockchain makes the scheme have high-security performance without a trusty center. Secondly, we use proxy reencryption to protect personal medical data while helping doctors to access patients’ historical medical records. Moreover, the doctors have used a sequential multisignature, which is practical and can effectively improve security performance. The analysis results show that the proposed scheme can satisfy various security features of EMR and has an ideal computational and communication cost. Finally, the scheme is implemented to show its performance.

An Improved ID-Based Data Storage Scheme for Fog-Enabled IoT Environments

Abstract: In a fog-enabled IoT environment, a fog node is regarded as the proxy between end users and cloud servers to reduce the latency of data transmission, so as to fulfill the requirement of more real-time applications. A data storage scheme utilizing fog computing architecture allows a user to share cloud data with other users via the assistance of fog nodes. In particular, a fog node obtaining a re-encryption key of the data owner is able to convert a cloud ciphertext into the one which is decryptable by another designated user. In such a scheme, a proxy should not learn any information about the plaintext during the transmission and re-encryption processes. In 2020, an ID-based data storage scheme utilizing anonymous key generation in fog computing was proposed by some researchers. Although their protocol is provably secure in a proof model of random oracles, we will point out that there are some security flaws inherited in their protocol. On the basis of their work, we further present an improved variant, which not only eliminates their security weaknesses, but also preserves the functionalities of anonymous key generation and user revocation mechanism. Additionally, under the Decisional Bilinear Diffie–Hellman (DBDH) assumption, we demonstrate that our enhanced construction is also provably secure in the security notion of IND-PrID-CPA.

A Robust Blockchain Architecture for Electronic Health Data using Efficient Lightweight Encryption Model with Re-Encryption Scheme

Abstract: The handling of electronic health records (EHRs) from the Internet of Medical Things (IoMT) is one of the most challenging research areas as it consists of sensitive information which is a target for attackers. Also, it is highly complex and expensive to deal with modern healthcare systems as it requires a lot of secured storage space. However, these problems can be mitigated with the improvement in health record management using blockchain technology. To improve data security, patient privacy, and scalability, the proposed work develops a scalable lightweight framework based on blockchain technology. Initially, the COVID-19 related data records are hashed by using an enhanced Merkle tree (EMT) data structure. The hashed values are encrypted by lattice-based cryptography with a Homomorphic Proxy Re-Encryption scheme (LBC-HPRS) in which the input data are secured. After the completion of the encryption process, the blockchain uses IPFS to store secured information. Finally, the Proof of Work (PoW) concept is utilized to verify and validate the security of the input COVID-based data records. The experimental setup of the proposed work is performed by using a python tool and the performance metrics like encryption time, re-encryption time, decryption time, overall processing time and latency prove the efficacy of the proposed schemes.

A Fine-grained Certificateless Conditional Proxy Broadcast Re-Encryption Scheme Without Pairing

Abstract: The certificateless proxy re-encryption eliminates the need for public key certificate in traditional public-key cryptography and key-escrow problem in identity-based cryptography, and allows a semi-trusted proxy to convert the cipher-text of the data owner into the ciphertext of the target user, which makes it more convenient to apply. However, the existing certificateless proxy re-encryption schemes cannot support one-to-many conversion and flexible control on convert conditions. In this paper, we propose a fine-grained certificateless conditional proxy broadcast re-encryption scheme without pairing. In our scheme, the data owner can delegate the decryption rights of the ciphertext that meets certain conditions to the target users, and the data owner can revoke the delegate rights. At the same time, no pairing is used, which makes the scheme more efficient. Finally, we show that the security of the scheme for chosen-ciphertext attacks in the random oracle model.

A Fine-grained Certificateless Conditional Proxy Broadcast Re-Encryption Scheme Without Pairing

Abstract: The certificateless proxy re-encryption eliminates the need for public key certificate in traditional public-key cryptography and key-escrow problem in identity-based cryptography, and allows a semi-trusted proxy to convert the cipher-text of the data owner into the ciphertext of the target user, which makes it more convenient to apply. However, the existing certificateless proxy re-encryption schemes cannot support one-to-many conversion and flexible control on convert conditions. In this paper, we propose a fine-grained certificateless conditional proxy broadcast re-encryption scheme without pairing. In our scheme, the data owner can delegate the decryption rights of the ciphertext that meets certain conditions to the target users, and the data owner can revoke the delegate rights. At the same time, no pairing is used, which makes the scheme more efficient. Finally, we show that the security of the scheme for chosen-ciphertext attacks in the random oracle model.

Lattice Puncturable Attribute Based Proxy Re-encryption Scheme and Its Application in Information Centric Network

Abstract: AbstractThis work presents the first attempt to build a feasible puncturable attribute-based proxy encryption from the lattice. Our system provides flexible and fine-grained access control. In this scheme, the private keys are punctured, allowing the decryption abilities to be revoked for specific messages or receivers and securing sensitive content even if the users’ present keys are compromised. As opposed to the traditional encryption scheme, the proposed technique has the advantage of allowing users to update their keys without requiring key re-issuance from the key generator. Also, it does not necessitate regular communication between the user and the key generation authority, nor does it necessitate deleting elements to remove current keys to generate fresh keys. We developed a new approach for embedding attribute-based keys and punctured keys. This was done in such a way that the secret key size is nearly the same as that of the original attribute-based encryption without a punctured key. Also, we demonstrate that our scheme is secure against a selected plaintext attack in the selective security model under the Learning With Errors (LWE) assumptions. Finally, we implemented our scheme and integrated it with ICN. The implantation results show that our scheme is practical.KeywordsPuncturable attribute based encryptionProxy re-encryptionLatticeInformation centric network

An Enhanced Approach for CP-ABE with Proxy Re-encryption in IoT Paradigm

Abstract: In Internet of Things (IoT), encryption is a technique in which plaintext is converted to ciphertext to make it non-recovered by the attacker without secret key. Ciphertext policy attribute based encryption (CP-ABE) is an encryption technique aimed at multicasting feature i.e. user can only decrypt the message if policy of attributes mentioned in ciphertext is satisfied by the user’s secret key attributes. In literature, the authors have improvised the existing technique to enhance the naïve CP-ABE scheme. Recently, in 2021, Wang et al. have proposed the CP-ABE scheme with proxy re-encryption and claimed it to be efficient as to its predecessors. However, it follows the variable length ciphertext in which size of ciphertext is increased with the number of attributes. Also, it leads to computation overhead on the receiver during decryption which will be performed by the IoT devices. Thus, in this paper we have proposed the improved scheme to provide the constant length ciphertext with proxy re-encryption to reduce the computation and communication time. The proposed scheme is secured under Decisional Bilinear Diffie-Hellman (DBDH) problem.

A Ring Learning with Errors-Based Ciphertext-Policy Attribute-Based Proxy Re-Encryption Scheme for Secure Big Data Sharing in Cloud Environment.

Abstract: Owing to the huge volume of big data, users generally use the cloud to store big data. However, because the data are out of the control of users, sensitive data need to be protected. The ciphertext-policy attribute-based encryption scheme can not only effectively control the access of big data, but also decrypt the ciphertext as long as the user's attributes satisfy the access structure of ciphertext, so as to realize one to many big data sharing. When the user's attributes do not satisfy the access structure of ciphertext, the attribute-based proxy re-encryption scheme can be used for big data sharing. The ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme combines the characteristics of the ciphertext-policy attribute-based encryption scheme and proxy re-encryption scheme. In a CP-ABPRE scheme, on the one hand, the data owner can use the ciphertext-policy attribute-based encryption scheme to encrypt the big data for cloud storage, to realize the access control of the big data. On the other hand, the proxy (cloud service provider) can convert ciphertext under one access structure into ciphertext under another access structure, thus realizing big data sharing between users of different attribute sets. In this article, we modify the existing attribute-based encryption scheme based on Ring Learning With Errors (RLWE), add re-encryption key generation algorithm, re-encryption ciphertext generation algorithm, and re-encryption ciphertext decryption algorithm, and construct CP-ABPRE scheme. In the construction of the re-encryption key, we introduce a random vector and hide the vector in the key by threshold technology. Finally, a CP-ABPRE scheme supporting threshold access structure is constructed based on RLWE. Compared with the existing attribute-based proxy re-encryption schemes, our scheme has smaller public parameters, can encrypt multiple plaintext bits at a time, and can resist selective access structure and chosen plaintext attack, so it is more suitable for big data sharing in cloud environment.

QC-PRE: quorum controlled proxy re-encryption scheme for access control enforcement delegation of outsourced data

Abstract: Proxy re-encryption is used to delegate the task of providing access control to the outsourced data on a cloud storage server. However, the straightforward application of proxy re-encryption requires the cloud storage server to be trusted. The cloud storage servers are however, often, honest-but-curious or untrusted. Towards solving the problem of access control enforcement delegation of outsourced data, we design a quorum controlled proxy re-encryption scheme. We show that, using the proposed scheme, task of enforcing access control is delegated to a set of proxies, such that a quorum of proxies should come together to enforce access control. By distributing trust among multiple proxies, single point of trust is eliminated, and the system is made fault tolerant. We prove the IND-CPA security of the proposed scheme under the DBDHI assumption and show that it satisfies most of the desirable properties of a proxy re-encryption scheme thus outperforming the existing schemes.

A Blockchain-Based Secure Multi-Party Computation Scheme with Multi-Key Fully Homomorphic Proxy Re-Encryption

Abstract: At present, secure multi-party computing is an effective solution for organizations and institutions that want to derive greater value and benefit from the collaborative computing of their data. Most current secure multi-party computing solutions use encryption schemes that are not resistant to quantum attacks, which is a security risk in today’s quickly growing quantum computing, and, when obtaining results, the result querier needs to collect the private keys of multiple data owners to jointly decrypt them, or there needs to be an interaction between the data owner and the querier during the decryption process. Based on the NTRU cryptosystem, which is resistant to quantum computing attacks and has a simple and easy-to-implement structure, and combined with multi-key fully homomorphic encryption (MKFHE) and proxy re-encryption, this paper proposes a secure multi-party computing scheme based on NTRU-type multi-key fully homomorphic proxy re-encryption in the blockchain environment, using the blockchain as trusted storage and a trusted execution environment to provide data security for multi-party computing. The scheme meets the requirements of being verifiable, conspiracy-proof, individually decryptable by the querier, and resistant to quantum attacks.

Lattice-based ABE-IBE Proxy Re-Encryption for IoT Systems

Abstract: <div>The recent expansion of the Internet of things (IoT) and its applications continues to dramatically change the IT services supporting manufacturing, energy management, intelligent transportation, smart cities, etc. These IT services often interconnect Internet-based Cloud systems with IoT or intelligent smart devices held by organisations. As IoT devices are resource-limited, the security of their communication is provided by lightweight cryptography that could consequently lead to the devices being insecure against a quantum adversary. On the other hand, Internet Cloud systems are resource-rich and could easily support post-quantum cryptography. This paper presents a proxy re-encryption scheme that translates ciphertexts of a classical lightweight encryption algorithm into their post quantum equivalent and vice versa. More precisely, we propose a lattice-based ABE-IBE (L ABE-IBE) proxy re-encryption scheme that transforms a classical lightweight ciphertext into a lattice based ciphertext. We compare our proposed L ABE-IBE proxy re-encryption scheme with classical proxy re-encryption (ABEIBE) schemes. We discuss the security and efficiency of our construction.</div>

Public Trace-and-Revoke Proxy Re-encryption

Abstract: <p>Proxy re-encryption (PRE), as a promising cryptographic primitive for secure data sharing in cloud, has been widely studied for decades. PRE allows the proxies to use the re-encryption keys to convert ciphertexts computed under the delegator’s public key into ones that can be decrypted using the delegatees’ secret keys, without knowing anything about the underlying plaintext. This delegable property of decryption rights gives rise to an important issue: if some proxies reveal their re-encryption keys, or collude with some delegatees to create a pirate decoder, then anyone who gains access to the pirate decoder can decrypt all ciphertexts computed under the delegator’s public key without the delegator’s permission. Several works have provided potential solutions to this issue by designing tracing mechanisms on PRE, where proxies that reveal their re-encryption keys can be identifified by the delegator. However, these solutions perform poorly in terms of the sizes of the public, the secret and the re-encryption keys, and support neither multi-hop nor public traceability. </p> <p>This paper advances the research of tracing mechanisms on PRE and proposes the fifirst public trace-and-revoke PRE system, where the malicious delegatees involved in the generation of a pirate decoder can be identifified by anyone who gains access to the pirate decoder, and their decryption capabilities can subsequently be revoked by the content distributor. Our construction is multi-hop, supports user revocation and public (black-box) traceability, and achieves signifificant effificiency advantages over previous constructions. Our construction is a generic transformation from inner-product functional PRE (IPFPRE) that we introduce to trace-and-revoke PRE. In addition, we instantiate our generic construction of trace-and-revoke PRE from the Learning with Errors (LWE) assumption, which was widely believed to be quantum-resistant. This is achieved by proposing the fifirst LWE-based IPFPRE scheme, which may be of independent interest.</p>

PRE-DAC: proxy re-encryption based dynamic access control for secure cloud data

Abstract: With the rapid development of technologies such as cloud computing and Internet of Things, the amount of data outsourced to all kinds of remote cloud storage providers is growing. Out of security concerns, it is necessary for data owners to encrypt sensitive data before uploading it to the cloud, which makes it difficult to enforce access control of the outsourced data. Specifically, the time cost for user revocation is considerably high because of the large number of encryptions required for updating ciphertext in the cloud. In this paper, we utilize Proxy Re-Encryption (PRE) to propose PRE-DAC (PRE based Dynamic Access Control), an access control scheme for encrypted cloud data, where the efficiency of user revocation is significantly improved. Simulation results using real-world datasets show that the number of asymmetric encryptions for each revocation is prominently less than that of the existing schemes.