Proxy re-encryption

About: Proxy re-encryption is a research topic. Over the lifetime, 708 publications have been published within this topic receiving 33624 citations.

AP-PRE: Autonomous Path Proxy Re-Encryption and Its Applications

Abstract: In this paper, we introduce a new cryptographic primitive, called autonomous path proxy re-encryption (AP-PRE), which is motivated by several application scenarios where the delegator would like to control the whole delegation path in a multi-hop delegation process. Compared with the traditional proxy re-encryption, AP-PRE provides much better fine-grained access control to delegation path. Briefly speaking, in an AP-PRE scheme, the delegator designates a path of his preferred delegatees. The path consists of several delegatees with the privilege from high to low. If the delegatee in the path cannot complete the decryption, the decryption right is automatically delegated to the next one in the path. In this way, the delegator can ensure that the delegation has always been done among those delegatees the delegator trusts. Moreover, an AP-PRE scheme has to obey the following path rules. The delegation, for ciphertexts of a delegator $i$i, can only be carried out on the autonomous path $\mathsf {Pa}_i$Pai designated by the delegator $i$i, in the sense that (1) re-encrypted ciphertexts along the autonomous path $\mathsf {Pa}_i$Pai cannot branch off $\mathsf {Pa}_i$Pai with meaningful decryption, and (2) original ciphertexts generated under $pk_j$pkj for $j e i$j≠i (i.e., for a path $\mathsf {Pa}_j$Paj different from $\mathsf {Pa}_i$Pai) cannot be inserted into (i.e., cannot be transformed along) the autonomous path $\mathsf {Pa}_i$Pai with meaningful decryption. We give the formal definition, as well as the formal security model, for this cryptographic primitive. Under this concept, we construct an IND-CPA secure AP-PRE scheme under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. Our scheme is with the useful properties of proxy re-encryption, i.e., unidirectionality and multi-hop.

Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing

Abstract: Proxy re-encryption (PRE) has been considered as a promising candidate to secure data sharing in public cloud by enabling the cloud to transform the ciphertext to legitimate recipients on behalf of the data owner, and preserving data privacy from semi-trusted cloud. Certificateless proxy re-encryption (CL-PRE) not only eliminates the heavy public key certificate management in traditional public key infrastructure, but also solves the key escrow problem in the ID-based public key cryptography. By considering that the existing CL-PRE schemes either rely on expensive bilinear pairings or are proven secure under weak security models, we propose a strongly secure CL-PRE scheme without resorting to the bilinear pairing. The security of our scheme is proven to be secure against adaptive chosen ciphertext attack (IND-CCA) under a stronger security model in which the Type I adversary is allowed to replace the public key associated with the challenge identity. Furthermore, the simulation results demonstrate that our scheme is practical for cloud based data sharing in terms of communication overhead and computation cost for data owner, the cloud and data recipient.

A Searchable Hierarchical Conditional Proxy Re-encryption Scheme for Cloud Storage Services

Abstract: As cloud technologies thrive, researches in the field of cloud storage have switched their focus from encryption-decryption techniques that help data owners protect their privacy and data confidentiality to the application of searching techniques on encrypted data while maintaining high level security and privacy of outsource data. To begin with, Song et al. offered some practical techniques for searches on encrypted data. After that, Weng et al. presented their conditional proxy re-encryption scheme where the data owner can decide which ciphertext satisfies a certain keyword condition set and then can have the retrieved data re-encrypted by the semi-trusted proxy server. The basic concepts of the above schemes are indeed quite innovative and do lead the way towards the solutions to the major practical cloud storage application problems; however, of all the researches that follow, none has had both searching on encrypted data and conditional proxy re-encryption combined. In this paper, we propose a new scheme for cloud storage services that integrates keyword search with conditional proxy re-encryption. This say, with a newly added keyword or new proxy, the cloud service provider is able to generate a hierarchical key. As far as data security is concerned, our scheme provides proven data owner authentication, re-delegation, and chosen-ciphertext security. The superior performance of the proposed scheme has been established by comparing it with related works, and our security analysis as well as BAN logic correctness check also offered solid proof that the new scheme is both secure and practical.DOI: http://dx.doi.org/10.5755/j01.itc.45.3.13224

Collusion-resistant unidirectional proxy re-encryption scheme from lattices

Abstract: Most of the previous proxy re-encryption schemes rely on the average-case hardness problems such as the integer factorization problems and the discrete logarithm problems. Therefore, they cannot guarantee its security under quantum analysis, since there exist quantum algorithms efficiently solving the factorization and logarithm problems. In the paper, we propose the first proxy re-encryption scheme based on the hard worst-case lattice problems. Our scheme has many useful properties as follows: Unidirectional, collusion-resistant, noninteractive, proxy invisible, key optimal, and nontransitive. We also provided the formal security proof of the proposed scheme in the random oracle model.