Proxy re-encryption

About: Proxy re-encryption is a research topic. Over the lifetime, 708 publications have been published within this topic receiving 33624 citations.

Fine-Grained Two-Factor Protection Mechanism for Data Sharing in Cloud Storage

Abstract: Data sharing in cloud storage is receiving substantial attention in information communications technology because it can provide users with efficient and effective storage services. To protect the confidentiality of the shared sensitive data, cryptographic techniques are usually applied. However, the data protection is still posing significant challenges in cloud storage for data sharing. Among them, how to protect and revoke the cryptographic key is the fundamental challenge. To tackle this, we propose a new data protection mechanism for cloud storage, which holds the following properties. First, the cryptographic key is protected by the two factors. Only if one of the two factors works, the secrecy of the cryptographic key is held. Second, the cryptographic key can be revoked efficiently by integrating the proxy re-encryption and key separation techniques. Finally, the data is protected in a fine-grained way by adopting the attribute-based encryption technique. Furthermore, the security analysis and performance evaluation show that our proposal is secure and efficient, respectively.

Anonymous attribute-based proxy re-encryption for access control in cloud computing

Abstract: As a public key cryptographic primitive, attribute-based encryption ABE is promising in implementing fine-grained access control in cloud computing. However, before ABE comes into practical applications, two challenging issues have to be addressed, that is, users' attribute privacy protection and access policy update. In this paper, we tackle the aforementioned challenge for the first time by formalizing the notion of anonymous ciphertext-policy attribute-based proxy re-encryption anonymous CP-ABPRE and giving out a concrete construction. We propose a novel technique called match-then-re-encrypt, in which a matching phase is additionally introduced before the re-encryption phase. This technique uses special components of the proxy re-encryption key and ciphertext to anonymously check whether the proxy can fulfill a proxy re-encryption or not. Theoretical analysis and simulation results demonstrate that our anonymous CP-ABPRE scheme is secure and efficient. Copyright © 2016 John Wiley & Sons, Ltd.

Fast Proxy Re-Encryption for Publish/Subscribe Systems

Abstract: We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption.We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BV-PRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations.