FENG Chaosheng,LUO Wangping,QIN Zhiguang,YUAN Ding,ZOU Liping

DOI: https://doi.org/10.11959/j.issn.1000-436x.2019127

2019-01-01

Abstract:A ideal proxy re-encryption scheme has five features,such as one-way encryption,non-interaction,repeatability,controllability and verifiability.The existing schemes,however,have only two or three of the five features,which reduces the utility of them to some extent.For this,a new ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme with the above five features was proposed.In the proposed scheme,the cloud proxy server could only re-encrypt the ciphertext specified by the delegator by using the re-encryption key,and resist the collusion attack between the user and the proxy satisfying the re-encryption sharing policy.Most of encryption and decryption were outsourced to cloud servers so that it reduced the computing burden on the user’s client.The security analysis show that the proposed scheme resists the selective chosen plaintext attack (SCPA).

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-17650-0_28

2010-01-01

Abstract:We present a novel ciphertext policy attribute-based proxy re-encryption (CP-AB-PRE) scheme. The ciphertext policy realized in our scheme is AND-gates policy supporting multi-value attributes, negative attributes and wildcards. Our scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted and allows the proxy to add access policy when re-encrypting ciphertext. Furthermore, our scheme can be modified to have constant ciphertext size in original encryption.

Zhiniang Peng,Shaohua Tang,Linzhi Jiang

DOI: https://doi.org/10.1007/978-3-319-68542-7_8

2017-01-01

Abstract:In crypto 2013, Dan et al. proposed a symmetric proxy re-encryption scheme based on key homomorphic PRF. It can be used to ensure the data privacy in cloud storage systems. However, it only focuses on preventing a honest-but-curious proxy from learning anything about the encrypted data. Although it can be made to provide integrity without disrupting the key homomorphism property by using MAC then encrypt with counter-mode, it's not a symmetric authenticated proxy re-encryption scheme because only the data owner can verify the integrity of some encrypted data. In this paper, we propose a symmetric authenticated proxy re-encryption scheme which can prevent a malicious proxy from tampering users' data. It can update the authentication tag as well as the ciphertext so that any intended user can verify the integrity of the encrypted data.

Minyu Teng,Jingxuan Han,Jintao Xie,Jiayao Gao,Jiangfeng Li,Yang Shi

DOI: https://doi.org/10.1145/3687127

2024-09-20

ACM Transactions on Sensor Networks

Abstract:With the rapid growth of wireless sensor networks, secure data transmission, storage, and distribution in such networks has become an urgent demand. To defend against security risks such as data leakage, key compromise, and unauthorized misuse of data simultaneously, we propose a novel obfuscatable ciphertext-policy attribute-based re-encryption scheme with a specially designed obfuscator. The proposed scheme leverages program obfuscation to transform the re-encryption program codes into an unintelligible form and embed the private keys into the obfuscated implementation. Consequently, the proposed scheme protects data confidentiality and keeps the secrecy of the private key while providing fine-grained access control. Formal proofs for the security of the proposed re-encryption scheme and the obfuscator are provided. Extensive experiments have been conducted on representative platforms, including cloud servers, workstations, and embedded devices, to evaluate the computational efficiency and energy consumption of the scheme. Experimental results indicate that the scheme achieves high efficiency on various platforms and economical energy consumption on typical embedded devices with constrained resources.

computer science, information systems,telecommunications

Yanli Ren,Dawu Gu,Shuozhong Wang,Xinpengu Zhang

DOI: https://doi.org/10.1142/s0129054110007726

2010-01-01

International Journal of Foundations of Computer Science

Abstract:In a proxy re-encryption scheme, a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. A number of solutions have been proposed in public key settings. Hierarchical identity-based cryptography is a generalization of identity-based encryption that mirrors an organizational hierarchy, which allows a root private key generator to distribute the work load by delegating private key generation and identity authentication to lower-level private key generators. In this paper, we propose a hierarchical identity-based proxy re-encryption (HIBPRE) scheme which achieves IND-PrID-CCA2 security without random oracles. This is the first HIBPRE scheme up to now, and our scheme satisfies unidirectionality, non-interactivity and permits multiple re-encryptions.

Robert H. Deng,Jian Weng,Shengli Liu,Kefei Chen

DOI: https://doi.org/10.1007/978-3-540-89641-8_1

2008-01-01

Abstract:In a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such as encrypted email forwarding, secure distributed file systems, and outsourced filtering of encrypted spam. In ACM CCS'07, Canetti and Hohenberger presented a proxy re-encryption scheme with chosen-ciphertext security, and left an important open problem to construct a chosen-ciphertext secure proxy re-encryption scheme without pairings. In this paper, we solve this open problem by proposing a new proxy re-encryption scheme without resort to bilinear pairings. Based on the computational Diffie-Hellman (CDH) problem, the chosen-ciphertext security of the proposed scheme is proved in the random oracle model.

Wenlong Yi,Chuang Wang,Sergey Kuzmin,Igor Gerasimov,Xiangping Cheng

DOI: https://doi.org/10.3390/s24154939

2024-07-30

Abstract:Existing attribute-based proxy re-encryption schemes suffer from issues like complex access policies, large ciphertext storage space consumption, and an excessive authority of the authorization center, leading to weak security and controllability of data sharing in cloud storage. This study proposes a Weighted Attribute Authority Multi-Authority Proxy Re-Encryption (WAMA-PRE) scheme that introduces attribute weights to elevate the expression of access policies from binary to multi-valued, simplifying policies and reducing ciphertext storage space. Simultaneously, the multiple attribute authorities and the authorization center construct a joint key, reducing reliance on a single authorization center. The proposed distributed attribute authority network enhances the anti-attack capability of cloud storage. Experimental results show that introducing attribute weights can reduce ciphertext storage space by 50%, proxy re-encryption saves 63% time compared to repeated encryption, and the joint key construction time is only 1% of the benchmark scheme. Security analysis proves that WAMA-PRE achieves CPA security under the decisional q-parallel BDHE assumption in the random oracle model. This study provides an effective solution for secure data sharing in cloud storage.

Xin Qian,Zhen Yang,Shihui Wang,Yongfeng Huang

DOI: https://doi.org/10.1007/978-3-030-24274-9_8

2019-01-01

Abstract:To protect data sharing from leakage in untrusted cloud, proxy re-encryption is commonly exploited for access control. However, most proposed schemes require bilinear pair to attain secure data sharing, which gives too heavy burden on the data owner. In this paper, we propose a novel lightweight proxy re-encryption scheme without pairing. Our scheme builds the pre-encryption algorithm based on computational Diffie–Hellman problem, and designs a certificateless protocol based on a semi-trusted Key Generation Center. Theoretical analysis proves that our scheme is Chosen-Ciphertext-Attack secure. The performance is also shown to achieve less computation burden for the data owner compared with the state-of-the-art.

WeiDong Zhong,Xu An Wang,Ziqing Wang,Yi Ding

DOI: https://doi.org/10.1109/CIS.2011.217

2011-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a cipher text for Alice (delegator) to be the one which can be decrypted by Bob (delegatee). Since it is introduced by Blaze et al. in 1998, many variants of PRE have been proposed. In this paper, we concentrate on two of them: anonymous conditional proxy re-encryption (ACPRE) and constrained proxy re-encryption with keyword search (PRES). Conditional proxy re-encryption (CPRE) is a primitive which only allows those cipher texts satisfying the condition can be re-encrypted correctly by the proxy. Anonymous conditional proxy re-encryption (ACPRE) requires the proxy not knowing which condition the cipher text associated with. PRES is a primitive which allows the proxy simultaneously re-encrypt and search the delegator's cipher text. Based on the PRES proposed by Shao et al., We show the definition of constrained proxy re-encryption with keyword search (CPRES), give its security models and discuss its potential applications. At last, based on a concrete ACPRE scheme, we construct a concrete CPRES scheme.

Xian Yong Meng,Zhong Chen,Xiang Yu Meng,Bing Sun

DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.74

2014-01-01

Applied Mechanics and Materials

Abstract:In this paper, an identity-based conditional proxy re-encryption (PRE) scheme is proposed, where a delegator provides a re-encryption key satisfying one condition to a semi-trusted proxy who can convert a ciphertext encrypted under the delegator’s public key into one that can be decrypted using the delegatee’s private key. We address the identity-based proxy re-encryption scheme, where the delegator and the delegatee request keys from a trusted party known as a key generator center (KGC), who generates private keys for delegator and delegatee based on their identities. Meanwhile, the identity-based conditional proxy re-encryption scheme satisfies the properties of PRE including unidirectionality, non-interactivity and multi-hop. Additionally, the identity-based conditional proxy re-encryption scheme is efficient in terms of both the communication cost and the computing cost, and can realize security secret sharing in cloud computing environments.

Song Luo,Qingni Shen,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-31912-9_8

2011-01-01

Abstract:Proxy re-encryption (PRE) allows the proxy to translate a ciphertext encrypted under Alice's public key into another ciphertext that can be decrypted by Bob's secret key. Identity-based proxy re-encryption (IB-PRE) is the development of identity-based encryption and proxy re-encryption, where ciphertexts are transformed from one identity to another. In this paper, we propose two novel unidirectional identity-based proxy re-encryption schemes, which are both non-interactive and proved secure in the standard model. The first scheme is a single-hop IB-PRE scheme and has master secret security, allows the encryptor to decide whether the ciphertext can be re-encrypted. The second scheme is a multi-hop IB-PRE scheme which allows the ciphertext re-encrypted multiple times but without the size of ciphertext growing linearly as previous multi-hop IB-PRE schemes.

Yuling Huang,Chuang Ma,Guangxia Xu

DOI: https://doi.org/10.1109/CloudNet59005.2023.10490083

2023-11-01

Abstract:With the rapid development of the internet economy, blockchain has emerged as one of the leading methods for data sharing. However, due to the high value and sensitivity of data assets, electronic data sharing faces challenges such as access control and privacy leakage. Traditional encryption schemes based on attributes have been ineffective in addressing these problems and still suffer from security vulnerabilities. In this paper, we propose a decentralized data sharing framework that combines keyword-searchable attributes encryption with proxy re-encryption using blockchain technology and Interplanetary File Systems. This framework offers high flexibility and efficiency by addressing the issues of a single point of failure and privacy leaks. We provide comprehensive and rigorous proofs of security and efficiency for our scheme, considering security proof and storage overhead. The simulation results demonstrate that our scheme satisfies the requirements for ciphertext and keyword security and is capable of resisting collusive attacks. Furthermore, our proposed scheme exhibits higher computational efficiency and better feasibility compared to existing schemes.

Computer Science

Han-Yu Lin,Pei-Ru Chen

DOI: https://doi.org/10.3390/s24196290

2024-09-28

Abstract:As technology advances rapidly, a diverse array of Internet of Things (IoT) devices finds widespread application across numerous fields. The intelligent nature of these devices not only gives people more convenience, but also introduces new challenges especially in security when transmitting data in fog-based cloud environments. In fog computing environments, data need to be transmitted across multiple devices, increasing the risk of data being intercepted or tampered with during transmission. To securely share cloud ciphertexts, an alleged proxy re-encryption approach is a commonly adopted solution. Without decrypting the original ciphertext, such a mechanism permits a ciphertext intended for user A to be easily converted into the one intended for user B. However, to revoke the decryption privilege of data users usually relies on the system authority to maintain a user revocation list which inevitably increases the storage space. In this research, the authors come up with a fog-based proxy re-encryption system with revocable identity. Without maintaining the traditional user revocation list, the proposed scheme introduces a time-updated key mechanism. The time-update key could be viewed as a partial private key and should be renewed with different time periods. A revoked user is unable to obtain the renewed time-update key and hence cannot share or decrypt cloud ciphertexts. We formally demonstrate that the introduced scheme satisfies the security of indistinguishability against adaptively chosen identity and chosen plaintext attacks (IND-PrID-CPA) assuming the hardness of the Decisional Bilinear Diffie-Hellman (DBDH) problem in the random oracle model. Furthermore, compared with similar systems, the proposed one also has lower computational complexity as a whole.

Fengli Zhang,Qinyi Li,Hu Xiong

DOI: https://doi.org/10.1109/cis.2012.113

2012-01-01

Abstract:In this paper, an efficient and fully secure revocable key policy ABE scheme is proposed. In our scheme, each user is assigned a key according to its attributes and unique identity. A sender can specify the list of revoked users and attributes of the cipher text explicitly. If the users have been revoked, they can not decrypt the message no matter whether their attributes satisfies the access formula or they combine their keys. The security of the proposed scheme can be reduced to three static intractable complexity assumptions through dual system encryption approach in the fully secure model. Comparing with the existing schemes, our scheme enjoys high security level and efficiency simultaneously.

Kaitai Liang,Zhen Liu,Xiao Tan,Duncan S. Wong,Chunming Tang

DOI: https://doi.org/10.1007/978-3-642-37682-5_17

2012-01-01

Abstract:Although a few unidirectional single-hop Identity-Based Proxy Re-Encryption (IBPRE) systems are available in the literature, none of them is CCA secure in the standard model. Besides, they can not support conditional re-encryption property, which allows a delegator to specify a condition for ciphertexts so that the proxy can re-encrypt ciphertexts only if the re-encryption key corresponding to the same condition is given. This paper, for the first time, proposes a new unidirectional single-hop Identity-Based Conditional Proxy Re-Encryption (IBCPRE) scheme that not only captures the property of IBPRE (i.e. identity-based re-encryption), but also supports conditional re-encryption. Moreover, the scheme can be proved secure against adaptive condition and adaptive identity chosen-ciphertext attacks in the standard model.

Yongli Tang,Minglu Jin,Hui Meng,Li Yang,Chengfu Zheng

DOI: https://doi.org/10.3390/e25050822

2023-05-19

Abstract:There are mostly semi-honest agents in cloud computing, so agents may perform unreliable calculations during the actual execution process. In this paper, an attribute-based verifiable conditional proxy re-encryption (AB-VCPRE) scheme using a homomorphic signature is proposed to solve the problem that the current attribute-based conditional proxy re-encryption (AB-CPRE) algorithm cannot detect the illegal behavior of the agent. The scheme implements robustness, that is the re-encryption ciphertext, can be verified by the verification server, showing that the received ciphertext is correctly converted by the agent from the original ciphertext, thus, meaning that illegal activities of agents can be effectively detected. In addition, the article demonstrates the reliability of the constructed AB-VCPRE scheme validation in the standard model, and proves that the scheme satisfies CPA security in the selective security model based on the learning with errors (LWE) assumption.

BaoHong Li,JieFei Xu,YanZhi Liu

DOI: https://doi.org/10.3966/160792642019092005006

2019-01-01

Abstract:As an extension to conditional proxy re-encryption, fuzzy conditional proxy re-encryption allows for a proxy to re-encrypt a ciphertext only if it satisfies some t-out-of-d threshold condition. Therefore, it is more desirable in some applications where fine-grained control of the decryption delegation is required. In this paper, we construct the first lattice-based fuzzy conditional proxy re-encryption scheme as a post-quantum alternative to this primitive. In our construction, original ciphertexts and re-encryption ciphertexts have the same form, thus only one decryption algorithm is needed for both kinds of ciphertexts. We formalize its security model and prove that it is selective secure under the LWE assumption.

Jinqiu Hou,Changgen Peng,Weijie Tan,Hongfa Ding

DOI: https://doi.org/10.32604/cmes.2023.027276

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:Cloud-based services have powerful storage functions and can provide accurate computation. However, the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight. Although the attribute-based proxy re-encryption (ABPRE) schemes based on number theory can solve this problem, it is still difficult to resist quantum attacks and have limited expression capabilities. To address these issues, we present a novel linear secret sharing schemes (LSSS) matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research. Additionally, to detect the activities of illegal proxies, homomorphic signature (HS) technology is introduced to realize the verifiability of re-encryption. Moreover, the non-interactivity, unidirectionality, proxy transparency, multi-use, and anti-quantum attack characteristics of our system are all advantageous. Besides, it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud. Furthermore, under the standard model, the proposed learning with errors (LWE)-based scheme was proven to be IND-sCPA secure.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Wenchao Li,Hu Xiong

DOI: https://doi.org/10.3837/tiis.2021.05.015

2021-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the development of information and communication technologies, especially wireless networks and cell phones, the e-voting system becomes popular as its cost-effectiveness, swiftness, scalability, and ecological sustainability. However, the current e-voting schemes are faced with the problem of privacy leakage and further cause worse vote-buying and voter-coercion problems. Moreover, in large-scale voting, some previous e-voting system encryption scheme with pairing operation also brings huge overhead pressure to the voting system. Thus, it is a vital problem to design a protocol that can protect voter privacy and simultaneously has high efficiency to guarantee the effective implementation of e-voting. To address these problems, our paper proposes an efficient unidirectional proxy re-encryption scheme that provides the re-encryption of vote content and the verification of users’ identity. This function can be exactly applied in the e-voting system to protect the content of vote and preserve the privacy of the voter. Our proposal is proven to be CCA secure and collusion resistant. The detailed analysis also shows that our scheme achieves higher efficiency in computation cost and ciphertext size than the schemes in related fields.

Chao Ma,Haiying Gao,Bin Hu

DOI: https://doi.org/10.1007/s11227-023-05867-z

IF: 3.3

2024-02-03

The Journal of Supercomputing

Abstract:Attribute-based encryption is a new cryptographic primitive that supports fine-grained access control of cloud data, and its access control function relies on the interaction of attributes and access structures. To achieve more flexible access control, attribute revocation has become an important problem that must be considered in the application process of attribute-based encryption. We propose and implement an efficient revocable ciphertext policy attribute-based encryption scheme based on the improvement of the scheme proposed by Tomida et al. Our scheme has the following characteristics: (1) It is adaptively secure under the Matrix Decisional Diffie–Hellman assumption; (2) it supports the multi-use of attribute classes and the negation of attribute values; (3) it supports the revocation of system attributes; and (4) the update of the key and ciphertext is completed by the trusted center and the cloud server, respectively, thereby decreasing revocation overhead for users.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture