Proxy re-encryption

About: Proxy re-encryption is a research topic. Over the lifetime, 708 publications have been published within this topic receiving 33624 citations.

Non-transferable Unidirectional Proxy Re-Encryption Scheme for Secure Social Cloud Storage Sharing

Abstract: Proxy re-encryption (PRE), introduced by Blaze et al in 1998, allows a semi-trusted proxy with the re-encryption key to translatea ciphertext under the delegator into another ciphertext, which can be decrypted by the delegatee In this process, the proxy is required to know nothing about the plaintext Many PRE schemes have been proposed so far, however until now almost all the unidirectional PRE schemes suffer from the transferable property That is, if the proxy and a set of delegatees collude, they can re-delegate the delegator's decryption rights to the other ones, while the delegator has no agreement on this Thus designing non-transferable unidirectional PRE scheme is an important open research problem in the field In this paper, we tackle this open problem by using the composite order bilinear pairing Concretely, we design a non-transferable unidirectional PRE scheme based on Hohenberger et al's unidirectional PRE scheme Furthermore, we discuss our scheme's application to secure cloud storage, especially for sharing private multimedia content for social cloud storage users

A Key-insulated Proxy Re-encryption Scheme for Data Sharing in a Cloud Environment.

Abstract: Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Hierarchical identity-based proxy re-encryption without random oracles

Abstract: In a proxy re-encryption scheme, a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. A number of solutions have been proposed in public key settings. Hierarchical identity-based cryptography is a generalization of identity-based encryption that mirrors an organizational hierarchy, which allows a root private key generator to distribute the workload by delegating private key generation and identity authentication to lower-level private key generators. In this paper, we propose a hierarchical identity-based proxy re-encryption (HIBPRE) scheme which achieves IND-PrID-CCA2 security without random oracles. This is the first HIBPRE scheme up to now, and our scheme satisfies unidirectionality, non-interactivity and permits multiple re-encryptions.

How to Solve Key Escrow Problem in Proxy Re-encryption from CBE to IBE

Abstract: In 1998, Blaze, Bleumer, and Strauss proposed a kind of cryptographic primitive called proxy re-encryption. In proxy re-encryption, a proxy can transform a ciphertext computed under Alice's public key into one that can be opened under Bob's decryption key. In 2007, Matsuo proposed a new type of re-encryption scheme which can re-encrypt the ciphertext in the certificate based encryption(CBE) setting to one that can be decrypted in identity based setting (IBE). Now this scheme is being standardized by IEEEP1363.3 working group. In this paper, we further extend their research. One feature of their scheme is that it inherits the key escrow problem from IBE, that is, KGC can decrypt every re-encrypted ciphertext for IBE users.We ask question like this: can the malicious KGC not decrypt the re-encryption ciphertext? Surprisingly, the answer is affirmative. We construct such a scheme and prove its security in the standard model. So we give the conclusion that key escrow problem is not unavoidable in re-encryption from CBE to IBE.

More efficient CCA‐secure unidirectional proxy re‐encryption schemes without random oracles

Abstract: In this paper, we present a more efficient chosen-ciphertext secure proxy re-encryption scheme in the standard model with less ciphertext size and without any strong unforgeable one-time signature. Our scheme is unidirectional and single-hop. The security of our scheme is under the reasonable complexity assumption—the decisional bilinear Diffie–Hellman assumption in bilinear groups. There are no proxy re-encryption schemes achieving chosen-ciphertext security in the standard model without a strong unforgeable one-time signature in the literature. Copyright © 2012 John Wiley & Sons, Ltd.