Proxy re-encryption

About: Proxy re-encryption is a research topic. Over the lifetime, 708 publications have been published within this topic receiving 33624 citations.

Generally Hybrid Proxy Re-Encryption: A Secure Data Sharing among Cryptographic Clouds

Abstract: Proxy Re-Encryption (PRE) is a favorable primitive to realize a cryptographic cloud with secure and flexible data sharing mechanism. A number of PRE schemes with versatile capabilities have been proposed for different applications. The secure data sharing can be internally achieved in each PRE scheme. But no previous work can guarantee the secure data sharing among different PRE schemes in a general manner. Moreover, it is challenging to solve this problem due to huge differences among the existing PRE schemes in their algebraic systems and public-key types. To solve this problem more generally, this paper uniforms the definitions of the existing PRE and Public Key Encryption (PKE) schemes, and further uniforms their security definitions. Then taking any uniformly defined PRE scheme and any uniformly defined PKE scheme as two building blocks, this paper constructs a Generally Hybrid Proxy Re-Encryption (GHPRE) scheme with the idea of temporary public and private keys to achieve secure data sharing between these two underlying schemes. Since PKE is a more general definition than PRE, the proposed GHPRE scheme also is workable between any two PRE schemes. Moreover, the proposed GHPRE scheme can be transparently deployed even if the underlying PRE schemes are implementing.

Cryptanalysis of a Certificateless Proxy Re-encryption Scheme

Abstract: Recently, Sur et al. introduced a new primitive named certificateless proxy re-encryption, which enjoys the advantages of certificateless public key cryptography while providing the functionalities of proxy re-encryption. They further proposed a certificateless proxy re-encryption scheme, and claimed that their scheme is secure against chosen-cipher text attacks in the random oracle model. However, by giving a concrete attack, in this paper we indicate that their PRE scheme is not secure against chosen-cipher text attacks.

Comments on Shao-Cao's Unidirectional Proxy Re-Encryption Scheme from PKC 2009.

Abstract: In Eurocrypt’98, Blaze, Bleumer and Strauss [4] introduced a primitive named proxy reencryption (PRE), in which a semi-trusted proxy can convert - without seeing the plaintext a ciphertext originally intended for Alice into an encryption of the same message intended for Bob. PRE systems can be categorized into bidirectional PRE, in which the proxy can transform from Alice to Bob and vice versa, and unidirectional PRE, in which the proxy cannot transform ciphertexts in the opposite direction. How to construct a PRE scheme secure against chosen-ciphertext attack (CCA) without pairings is left as an open problem in ACM CCS’07 by Canetti and Hohenberger [7]. In CANS’08, Deng et al. [8] successfully proposed a CCAsecure bidirectional PRE scheme without pairings. In PKC’09, Shao and Cao [10] proposed a unidirectional PRE without pairings, and claimed that their scheme is CCA-secure. They compared their scheme with Libert-Vergnaud’s pairing-based unidirectional PRE scheme from PKC’08, and wanted to indicate that their scheme gains advantages over Libert-Vergnaud’s scheme. However, Weng et al. [13] recently pointed out that Shao-Cao’s scheme is not CCAsecure by giving a concrete chosen-ciphertext attack, and they also presented a more e‐cient CCA-secure unidirectional PRE scheme without parings. In this paper, we further point out that, Shao-Cao’s comparison between their scheme and Libert-Vergnaud’s scheme is unfair, since Shao-Cao’s scheme is even not secure against chosen-plaintext attack (CPA) in LibertVergnaud’s security model.

Ciphertext-policy attribute-based proxy re-encryption via constrained PRFs

Abstract: College of Computer Science and Technology, Qingdao University, Qingdao 266071, China; Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China; ISTD Pillar, Singapore University of Technology and Design (SUTD), Singapore 487372, Singapore; College of Computer Science and Engineering, Shandong University of Science and Technology, Qingdao 266590, China; College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China; School of Computing and Information Technology, University of Wollongong, Wollongong NSW 2522, Australia

An Improved Cloud-Based Revocable Identity-Based Proxy Re-encryption Scheme

Abstract: Key revocation and ciphertext update are two prominent security requirements for identity-based encryption systems from a practical view. Several solutions to offer efficient key revocation or ciphertext update for identity-based encryption systems have been proposed in the literature. However, how to achieve both key revocation and ciphertext update functionalities simultaneously in identity-based encryption systems is still an open problem. Recently, Liang et al. introduce the notion of cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme with the aim to achieve both ciphertext update and key revocation functionalities, and present a CR-IB-PRE scheme from bilinear pairings. In this paper, we first showed Liang et al.’s scheme has serious security pitfalls such as re-encryption key forgery and collusion attack, which lead to revoked users can decrypt any ciphertext regarding their identities at any time period. We then redefined the syntax and security model of CR-IB-PRE scheme and proposed an improved CR-IB-PRE scheme from bilinear pairings. The improved scheme not only achieves collusion resistance, but also takes lower decryption computation and achieves constant size re-encrypted ciphtertext. Finally, we proved the improved CR-IB-PRE scheme is adaptively secure in the standard model under DBDH assumption.