WeiDong Zhong,Xu An Wang,Ziqing Wang,Yi Ding

DOI: https://doi.org/10.1109/CIS.2011.217

2011-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a cipher text for Alice (delegator) to be the one which can be decrypted by Bob (delegatee). Since it is introduced by Blaze et al. in 1998, many variants of PRE have been proposed. In this paper, we concentrate on two of them: anonymous conditional proxy re-encryption (ACPRE) and constrained proxy re-encryption with keyword search (PRES). Conditional proxy re-encryption (CPRE) is a primitive which only allows those cipher texts satisfying the condition can be re-encrypted correctly by the proxy. Anonymous conditional proxy re-encryption (ACPRE) requires the proxy not knowing which condition the cipher text associated with. PRES is a primitive which allows the proxy simultaneously re-encrypt and search the delegator's cipher text. Based on the PRES proposed by Shao et al., We show the definition of constrained proxy re-encryption with keyword search (CPRES), give its security models and discuss its potential applications. At last, based on a concrete ACPRE scheme, we construct a concrete CPRES scheme.

Goichiro Hanaoka,Yutaka Kawai,Noboru Kunihiro,Takahiro Matsuda,Jian Weng,Rui Zhang,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-27954-6_22

2012-01-01

Abstract:In this paper, we present the first generic construction of a chosen-ciphertext (CCA) secure uni-directional proxy re-encryption (PRE) scheme. In particular, full CCA security (i.e., not relaxed CCA security such as replayable CCA security) of our proposed scheme is proven even against powerful adversaries that are given a more advantageous attack environment than in all previous works, and furthermore, random oracles are not required. To achieve such strong security, we establish a totally novel methodology for designing PRE based on a specific class of threshold encryption. Via our generic construction, we present the first construction that is CCA secure in the standard model.

Yang Wang,Yanmin Zhao,Mingqiang Wang

DOI: https://doi.org/10.1016/j.csi.2023.103778

2023-07-20

Abstract:Proxy re-encryption (PRE) schemes, which nicely solve the problem of delegating decryption rights, enable a semi-trusted proxy to transform a ciphertext encrypted under one key into a ciphertext of the same message under another arbitrary key. Cohen first pointed out the insufficiency of the security under chosen-plaintext attacks (CPA) of PREs in PKC 2019, and proposed a strictly stronger security notion, named security under honest re-encryption attacks (HRA), of PREs. Surprisingly, a few PREs satisfy the stronger HRA security and almost all of them are paring-based till now. To the best of our knowledge, we present the first direct construction of HRA secure single-hop PREs based on standard LWE problems with comparably small and polynomially-bounded parameters in this paper. Combing known reductions, the HRA security of our PREs could also be guaranteed by the worst-case basic lattice problems (e.g. SIVP γ with γ=Õ(n3.5) ). Our single-hop PRE schemes are key-private, which means that the implicit identities of a re-encryption key will not be revealed even in the case of a proxy colluding with some corrupted users. Meanwhile, our single-hop PRE schemes are also post-compromise (PCS) secure, ensuring that a re-encrypted ciphertext remains confidential even when the past key, potential old ciphertexts and the re-encryption key have been exposed. Some discussions about key-privacy of multi-hop PREs are also proposed, which indicates that several constructions of multi-hop PREs do not satisfy their key-privacy definitions.

computer science, software engineering, hardware & architecture

Jianhong Zhang,Yuehai Wang

2019-01-01

Abstract:.As a significant cryptographical primitive, proxy re-signature(PRS) technique is broadly applied to distributed computation, copyright transfer and hidden path transfer because it permits that a proxy translates an entity’s signature into the other entity’s signature on the identical data. Recently, to discard time-consuming pairing operator and intricate certificate-maintenance, Wang et al. proposed two efficient pairing-free ID-based PRS schemes, and declared that their schemes were provably secure in the ROM. Very unluckily, in this investigation, we point out that Wang et al.’s schemes suffer from attacks of universal forgery by analysing their security, i.e., anyone can fabricate a signature on arbitrary file. After the relevant attacks are shown, the reasons which result in such attacks is analyzed. Finally, we discuss the corresponding improved method. Key–Words: ID-based PRS, integer factorization problem, universal forgeability, security attack

Song Luo,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1145/1866870.1866880

2010-01-01

Abstract:A proxy re-encryption (PRE) scheme involves three parties: Alice, Bob, and a proxy. PRE allows the proxy to translate a ciphertext encrypted under Alice's public key into one that can be decrypted by Bob's secret key. We present a general method to construct an identity-based proxy re-encryption scheme from an existing identity-based encryption scheme. The transformed scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted.

Song Luo,Qingni Shen,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-31912-9_8

2011-01-01

Abstract:Proxy re-encryption (PRE) allows the proxy to translate a ciphertext encrypted under Alice's public key into another ciphertext that can be decrypted by Bob's secret key. Identity-based proxy re-encryption (IB-PRE) is the development of identity-based encryption and proxy re-encryption, where ciphertexts are transformed from one identity to another. In this paper, we propose two novel unidirectional identity-based proxy re-encryption schemes, which are both non-interactive and proved secure in the standard model. The first scheme is a single-hop IB-PRE scheme and has master secret security, allows the encryptor to decide whether the ciphertext can be re-encrypted. The second scheme is a multi-hop IB-PRE scheme which allows the ciphertext re-encrypted multiple times but without the size of ciphertext growing linearly as previous multi-hop IB-PRE schemes.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Hu Xiong,Lili Wang,Zhida Zhou,Zetong Zhao,Xin Huang,Saru Kumari

DOI: https://doi.org/10.1109/jiot.2021.3126230

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Puncturable proxy re-encryption (PPRE) is envisioned to provide secure access control delegation and fine-grained forward security for asynchronous group messaging systems. Nevertheless, the existing PPRE scheme not only suffers from the burden of certificate management but also merely achieves selective security based on the nonstandard assumption. In this article, a puncturable identity-based PRE (P-IB-PRE) scheme is proposed to efficiently protect the security and privacy of the group message. The proposed scheme introduces a message server as the proxy to transform ciphertext for each participant in the group; thus, the heavy computation overhead is delegated to the message server with abundant resources. Most importantly, our scheme enables the recipient to revoke its private key’s decryption capability of the specific messages without affecting other messages. Moreover, the identity-based mechanism eliminates the burden of certificate management as well as improves efficiency. The proposed scheme achieves adaptive security under the standard decisional bilinear Diffie–Hellman (DBDH) assumption. Eventually, theoretical and experimental analyses demonstrate that the proposed scheme has an excellent performance in efficiency and practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhenfu Cao,Hongbing Wang,Yunlei Zhao

DOI: https://doi.org/10.1109/tdsc.2017.2714166

2019-01-01

Abstract:In this paper, we introduce a new cryptographic primitive, called autonomous path proxy re-encryption (AP-PRE), which is motivated by several application scenarios where the delegator would like to control the whole delegation path in a multi-hop delegation process. Compared with the traditional proxy re-encryption, AP-PRE provides much better fine-grained access control to delegation path. Briefly speaking, in an AP-PRE scheme, the delegator designates a path of his preferred delegatees. The path consists of several delegatees with the privilege from high to low. If the delegatee in the path cannot complete the decryption, the decryption right is automatically delegated to the next one in the path. In this way, the delegator can ensure that the delegation has always been done among those delegatees the delegator trusts. Moreover, an AP-PRE scheme has to obey the following path rules. The delegation, for ciphertexts of a delegator i, can only be carried out on the autonomous path Pa-i designated by the delegator i, in the sense that (1) re-encrypted ciphertexts along the autonomous path Pa-i cannot branch off Pa-i with meaningful decryption, and (2) original ciphertexts generated under pk(j) for j not equal i (i.e., for a path Pa-j different from Pa-i) cannot be inserted into (i.e., cannot be transformed along) the autonomous path Pa-i with meaningful decryption. We give the formal definition, as well as the formal security model, for this cryptographic primitive. Under this concept, we construct an IND-CPA secure AP-PRE scheme under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. Our scheme is with the useful properties of proxy re-encryption, i.e., unidirectionality and multi-hop.

Zengpeng Li,Chunguang Ma,Ding Wang,Minghao Zhao,Qian Zhao,Lu Zhou

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.300

2017-01-01

Abstract:Proxy re-encryption (PRE) is an important cryptographic primitive used for private information sharing. However, the recent advance in quantum computer has potentially crippled its security, as the traditional decisional Diffie-Hellman (DDH)-based PRE is venerable to the quantum attack. Thus, learning with errors (LWE)-based PRE schemes, as a kind of latticebased construction with the inherent quantum-resistant property, has attracted special research interest. Unfortunately, the main drawback of lattice-based public key encryption scheme is noise management after multiplication evaluation. Many cryptographers have been devoted to controlling the expansion of noise. In this line of work, Dagdelen-Gajek-G̈opfert (DGG) put forth the notion of learning with errors in the exponent (LWEE) which is based on lattice and group-theoretic assumption, meanwhile demonstrated a paradigm for constructing efficient quantum resistance public key schemes. In this paper, on top of DGG, we construct a single-bit, single-hop and unidirectional LWEE- based PRE scheme with indistinguishable chosen plaintext attack (IND-CPA) security. To the best of our knowledge, our scheme is the first LWEE-based PRE scheme.

Xu An Wang,Ziqing Wang,Yi Ding,Shujun Bai

DOI: https://doi.org/10.1109/cis.2011.213

2011-01-01

Abstract:The traditional proxy re-encryption (PRE) or conditional proxy re-encryption (CPRE) can re-encrypt infinite times on the delegator's cipher text. However many practical applications do not need this property, they prefer the delegator can control on the times the proxy can re-encrypt. In this paper, we introduce a new kind of proxy re-encryption: k-times proxy re-encryption (KPRE). To construct a concrete KPRE scheme, we add public/private key to the proxy. In k-times proxy re-encryption, the proxy can only re-encrypt k times, otherwise the proxy's private key will be exposed. We construct a concrete IND-RCCA secure KPRE scheme by combining the k-times signature and Libert et al's IND-RCCA PRE scheme in PKC'08.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-17650-0_28

2010-01-01

Abstract:We present a novel ciphertext policy attribute-based proxy re-encryption (CP-AB-PRE) scheme. The ciphertext policy realized in our scheme is AND-gates policy supporting multi-value attributes, negative attributes and wildcards. Our scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted and allows the proxy to add access policy when re-encrypting ciphertext. Furthermore, our scheme can be modified to have constant ciphertext size in original encryption.

Fucai Luo,Haiyan Wang,Willy Susilo,Xingfu Yan,Xiaofan Zheng

DOI: https://doi.org/10.1109/tifs.2024.3357240

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Proxy re-encryption (PRE), as a promising cryptographic primitive for secure data sharing in clouds, has been widely studied for decades. PRE allows the proxies to use the re-encryption keys to convert ciphertexts computed under the delegator's public key into ones that can be decrypted using the delegatees' secret keys, without knowing anything about the underlying plaintext. This delegable property of decryption rights enables flexible cloud data sharing, but it raises an important issue: if some proxies reveal their re-encryption keys, or collude with some delegatees to create a pirate decoder, then anyone who gains access to the pirate decoder can decrypt all ciphertexts computed under the delegator's public key without the delegator's permission. This paper opens up a potentially new avenue of research to address the above (re-encryption) key abuse problem by proposing the first public trace-and-revoke PRE system, where the malicious delegatees and proxies involved in the generation of a pirate decoder can be identified by anyone who gains access to the pirate decoder, and their decryption capabilities can subsequently be revoked by the content distributor. Our construction is multi-hop, supports user revocation and public (black-box) traceability, and achieves significant efficiency advantages over previous constructions. Technically, our construction is a generic transformation from inner-product functional PRE (IPFPRE) that we introduce to trace-and-revoke PRE. In addition, we instantiate our generic construction of trace-and-revoke PRE from the Learning with Errors (LWE) assumption, which was widely believed to be quantum-resistant. This is achieved by proposing the first LWE-based IPFPRE scheme, which may be of independent interest. Finally, we conduct a comprehensive performance evaluation of our LWE-based trace-and-revoke PRE scheme, and the experimental results show that the proposed LWE-based trace-and-revoke PRE scheme is practical and outperforms current state-of-the-art traceable PRE schemes.

computer science, theory & methods,engineering, electrical & electronic

Xian Yong Meng,Zhong Chen,Xiang Yu Meng

DOI: https://doi.org/10.4028/www.scientific.net/amm.631-632.897

2014-01-01

Applied Mechanics and Materials

Abstract:In this paper, a novel proxy re-encryption (PRE) scheme with keyword search is proposed, where only the ciphertext containing the keyword set by the delegator can be transformed by the semi-trusted proxy and then decrypted by delegatee. In the proposed scheme, the semi-trusted proxy can convert the ciphertext encrypted under the delegator’s public key into the ciphertext encrypted under the delegatee’s public key. In addition, only the delegatee’s email gateway with a trapdoor can test whether or not a given cipheretext containing some keyword, but can learn nothing else about the sensitive data of email. We proposed an identity-based proxy re-encryption with keyword search scheme, where the delegator and the delegatee extract keys from a trusted party called the key generator center (KGC), who generates public-private key pair for delegator and delegatee based on their identities. Meanwhile, the identity-based proxy re-encryption with keyword search scheme satisfies the properties of PRE including unidirectionality, multi-use and transparency. Additionally, the proposed scheme is efficient in terms of both computation and communication, and can realize security privacy preserving in cloud computing environments.

Fan Zhang,Ziyuan Liang,Cong Zuo,Jun Shao,Jianting Ning,Jun Sun,Joseph K. Liu,Yibao Bao

DOI: https://doi.org/10.1109/tcad.2020.3022841

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Proxy re-encryption (PRE) allows a proxy to transform one ciphertext to another under different encryption keys while keeping the underlying plaintext secret. Because of the ciphertext transformability of PRE, there are many potential private communicating applications of this feature. However, existing PRE schemes are not as full-fledged as expected. The lack of necessary features makes them hard to apply in real-world scenarios. So far, there does not exist a unidirectional multihop PRE scheme with constant decryption efficiency and constant ciphertext size without extensions. Impractical performance and weak scalability also hinder PRE from most real-world applications. In this work, we present a new PRE scheme with secure hardware enclave named hPRESS (hardware-enhanced PRE scheme using secure enclave). To the best of our knowledge, hPRESS is the first unidirectional multihop PRE scheme which achieves both constant decryption efficiency and constant ciphertext size without extensions. A detailed security analysis demonstrates that our proposal is CCA secure based on the security of the underlying encryption schemes and the secure enclave. We also implement a prototype based on Intel SGX, one of the most popular secure enclave techniques in recent years, and evaluate its performance. The experimental results show that, compared with previous PRE schemes, our hPRESS is almost one order of magnitude faster in terms of the decryption and transformation.

Xian Yong Meng,Zhong Chen,Xiang Yu Meng,Bing Sun

DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.74

2014-01-01

Applied Mechanics and Materials

Abstract:In this paper, an identity-based conditional proxy re-encryption (PRE) scheme is proposed, where a delegator provides a re-encryption key satisfying one condition to a semi-trusted proxy who can convert a ciphertext encrypted under the delegator’s public key into one that can be decrypted using the delegatee’s private key. We address the identity-based proxy re-encryption scheme, where the delegator and the delegatee request keys from a trusted party known as a key generator center (KGC), who generates private keys for delegator and delegatee based on their identities. Meanwhile, the identity-based conditional proxy re-encryption scheme satisfies the properties of PRE including unidirectionality, non-interactivity and multi-hop. Additionally, the identity-based conditional proxy re-encryption scheme is efficient in terms of both the communication cost and the computing cost, and can realize security secret sharing in cloud computing environments.

Licheng Wang,Jing Li,Jianhua Yan,Zhiguo Qu

DOI: https://doi.org/10.1109/incos.2016.12

2016-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to transfer Alice's secrets into Bob's secrets but without seeing the secrets. This functionality is very interesting for making balance between the information confidentiality and the mutual accessibility in various scenarios such as public cloud storage systems. During the past decades, many smart PRE schemes were built based on intractability assumptions such as integer factorization problems (IFP) and discrete logarithm problems (DLP). However, Shor's efficient quantum algorithms for IFP and DLP manifests a threat towards the security baseline of these schemes. Enlightened by Gu et al.'s recent work on resisting known quantum attacks, we propose an efficient PRE scheme based on the intractability of the (semi) group factorization problems in this paper. The security of the proposed scheme is analyzed according to some conceivable attacks.

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Xin-peng ZHANG,Chun-xiang XU,Xiao-jun ZHANG,Jiang DENG,Xin Huang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2016.06.015

2016-01-01

Abstract:Dynamic type information of ciphertext can be modified properly so that it can be well applied in a practical cloud storage environment. In order to meet the application requirements, Liuet al proposed a dynamic type and identity-based proxy re-encryption (PRE) scheme based on Ibraimiet al’s scheme. Their scheme not only keeps the traditional core function of PRE scheme, but also makes sure that the owner of ciphertext can modify the type information at any time. However, after careful security analysis it found that Liuet al.’s scheme has two security flaws. Firstly, the dynamic type information lacks of verification, the adversary can modify the type tag. Secondly, the dynamic type information causes a conditional chosen plaintext attack. Thus we further improve Liu et al.’s scheme and give the security analysis.

Yuriy Polyakov,Kurt Rohloff,Gyana Sahu,Vinod Vaikuntanathan

DOI: https://doi.org/10.1145/3128607

IF: 2.717

2017-10-26

ACM Transactions on Privacy and Security

Abstract:We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption. We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BV-PRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations.

computer science, information systems