Xuyang Wang,Aiqun Hu,Hao Fang

DOI: https://doi.org/10.1145/3058060.3058080

2017-01-01

Abstract:Proxy Re-encryption (PRE) is a useful cryptographic structure who enables a semi-trusted proxy to convert a ciphertext for Alice into a ciphertext for Bob without seeing the corresponding plaintext. Although there are many PRE schemes in recent years, few of them are set up based on lattice. Not only this, these lattice-based PRE schemes are all more complicated than the traditional PRE schemes. In this paper, through the study of the common lattice problems such as the Small integer solution (SIS) and the Learning with Errors (LWE), we analyze the feasibility of efficient lattice-based PRE scheme combined with the previous results. Finally, we propose an efficient lattice-based PRE scheme L-PRE without losing the hardness of lattice problems.

Priyanka Dutta,Willy Susilo,Dung Hoang Duong,Partha Sarathi Roy

DOI: https://doi.org/10.48550/arXiv.2011.08456

2020-11-16

Abstract:The concept of proxy re-encryption (PRE) dates back to the work of Blaze, Bleumer, and Strauss in 1998. PRE offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. PRE allows a semi-trusted third party termed as a ``proxy" to securely divert encrypted files of user A (delegator) to user B (delegatee) without revealing any information about the underlying files to the proxy. To eliminate the necessity of having a costly certificate verification process, Green and Ateniese introduced an identity-based PRE (IB-PRE). The potential applicability of IB-PRE sprung up a long line of intensive research from its first instantiation. Unfortunately, till today, there is no collusion-Resistant unidirectional IB-PRE secure in the standard model, which can withstand quantum attack. In this paper, we present the first concrete constructions of collusion-Resistant unidirectional IB-PRE, for both selective and adaptive identity, which are secure in standard model based on the hardness of learning with error problem.

Cryptography and Security

Fucai Luo,Haiyan Wang,Willy Susilo,Xingfu Yan,Xiaofan Zheng

DOI: https://doi.org/10.1109/tifs.2024.3357240

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Proxy re-encryption (PRE), as a promising cryptographic primitive for secure data sharing in clouds, has been widely studied for decades. PRE allows the proxies to use the re-encryption keys to convert ciphertexts computed under the delegator's public key into ones that can be decrypted using the delegatees' secret keys, without knowing anything about the underlying plaintext. This delegable property of decryption rights enables flexible cloud data sharing, but it raises an important issue: if some proxies reveal their re-encryption keys, or collude with some delegatees to create a pirate decoder, then anyone who gains access to the pirate decoder can decrypt all ciphertexts computed under the delegator's public key without the delegator's permission. This paper opens up a potentially new avenue of research to address the above (re-encryption) key abuse problem by proposing the first public trace-and-revoke PRE system, where the malicious delegatees and proxies involved in the generation of a pirate decoder can be identified by anyone who gains access to the pirate decoder, and their decryption capabilities can subsequently be revoked by the content distributor. Our construction is multi-hop, supports user revocation and public (black-box) traceability, and achieves significant efficiency advantages over previous constructions. Technically, our construction is a generic transformation from inner-product functional PRE (IPFPRE) that we introduce to trace-and-revoke PRE. In addition, we instantiate our generic construction of trace-and-revoke PRE from the Learning with Errors (LWE) assumption, which was widely believed to be quantum-resistant. This is achieved by proposing the first LWE-based IPFPRE scheme, which may be of independent interest. Finally, we conduct a comprehensive performance evaluation of our LWE-based trace-and-revoke PRE scheme, and the experimental results show that the proposed LWE-based trace-and-revoke PRE scheme is practical and outperforms current state-of-the-art traceable PRE schemes.

computer science, theory & methods,engineering, electrical & electronic

Minqing Zhang,Liqiang Wu,Xu An Wang,Xiaoyuan Yang

DOI: https://doi.org/10.1007/s12652-015-0260-4

IF: 3.662

2015-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Identity based proxy re-encryption (IB-PRE) is a powerful cryptographic primitive, which allows a proxy to transform a ciphertext under Alice’s identity to another ciphertext of the same message for Bob. Almost all of the existing IB-PRE schemes are based on the number theoretic assumptions whose security will be seriously threatened by quantum computers. Recently, cryptosystems from lattices have attracted many attentions due to their average-case to worst-case equivalence and their conjectured resistance to quantum attacks. In this paper, we first propose a property of backward collusion safety, which means that the collusion between Alice and the proxy cannot extract secret key of Bob, and then present an IB-PRE scheme based on lattices with the highly desirable properties of anonymity, uni-directionality, multi-use and backward collusion safety, to the best of our knowledge, it is the first IB-PRE scheme from lattices which provides those properties. Besides, the IND-PrID-CPA security proof of our proposal is given in the random oracle model based on the decisional learning with errors hardness assumption.

Wu Li-qiang,Yang Xiao-yuan,Zhang Min-qing,Wang Xu-an

DOI: https://doi.org/10.1007/s12652-021-02911-9

IF: 3.662

2021-02-16

Journal of Ambient Intelligence and Humanized Computing

Abstract:Identity-based proxy re-encryption (IB-PRE) can convert the ciphertext encrypted under Alice’s identity to Bob’s ciphertext of the same message by a semi-trusted proxy with the proper transformation key. The main purpose of our work is to enhance the security of IB-PRE. For outside attacks, all existing IB-PRE constructions from lattices have only achieved a limited or weak security model called IND-sID-CPA security. Therefore, by embedding re-encryption key generation and re-encryption algorithms appropriately in Agrawal et al.’s identity-based encryption scheme from lattices, we construct an IND-ID-CPA secure IB-PRE scheme over decisional learning with errors (LWE) under the standard model. For inside attacks, we propose a new primitive IB-VPRE by extending the basic IB-PRE scheme with a new functionality called re-encryption verifiability, meaning that a re-encrypted ciphertext receiver or a third party can verify whether the received ciphertext is correctly transformed from an original ciphertext or not, and thus can detect illegal activities of the proxy. We realize re-encryption verifiability using the homomorphic signature technique as a black box, making the resulting scheme non-interactive and quantum-immune after instanced by a lattice-based homomorphic signature scheme.

computer science, information systems,telecommunications, artificial intelligence

Xu An Wang,Ziqing Wang,Yi Ding,Shujun Bai

DOI: https://doi.org/10.1109/cis.2011.213

2011-01-01

Abstract:The traditional proxy re-encryption (PRE) or conditional proxy re-encryption (CPRE) can re-encrypt infinite times on the delegator's cipher text. However many practical applications do not need this property, they prefer the delegator can control on the times the proxy can re-encrypt. In this paper, we introduce a new kind of proxy re-encryption: k-times proxy re-encryption (KPRE). To construct a concrete KPRE scheme, we add public/private key to the proxy. In k-times proxy re-encryption, the proxy can only re-encrypt k times, otherwise the proxy's private key will be exposed. We construct a concrete IND-RCCA secure KPRE scheme by combining the k-times signature and Libert et al's IND-RCCA PRE scheme in PKC'08.

Licheng Wang,Jing Li,Jianhua Yan,Zhiguo Qu

DOI: https://doi.org/10.1109/incos.2016.12

2016-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to transfer Alice's secrets into Bob's secrets but without seeing the secrets. This functionality is very interesting for making balance between the information confidentiality and the mutual accessibility in various scenarios such as public cloud storage systems. During the past decades, many smart PRE schemes were built based on intractability assumptions such as integer factorization problems (IFP) and discrete logarithm problems (DLP). However, Shor's efficient quantum algorithms for IFP and DLP manifests a threat towards the security baseline of these schemes. Enlightened by Gu et al.'s recent work on resisting known quantum attacks, we propose an efficient PRE scheme based on the intractability of the (semi) group factorization problems in this paper. The security of the proposed scheme is analyzed according to some conceivable attacks.

Xuyang Wang,Aiqun Hu,Hao Fang

DOI: https://doi.org/10.1049/iet-ifs.2018.5246

2020-01-01

IET Information Security

Abstract:Proxy re-encryption (PRE) is a promising cryptographic structure for pervasive data sharing in cloud-based social networks, which enables a semi-trusted proxy to convert a ciphertext for Alice into a ciphertext for Bob without seeing the corresponding plaintext. Since the proxy is semi-trust, a PRE scheme which can resist the collusion attack will be of great practical value. Jianget al.in 2015 and Kim and Jeong in 2016 have proposed collusion-resistant PRE (CR-PRE) schemes from the lattice by a similar technique, respectively. However, through the analysis of their schemes, the authors find that both of them have defects in the construction of the re-encryption key, which will lead to the re-encryption ciphertext cannot be decrypted or decrypted error with high probability. In this study, the authors first point out the defects in the work of Jianget al.'s work and Kim and Jeong's work and propose an improved collusion-resistant unidirectional PRE scheme from lattice, based on learning with errors problems. In addition to solving the defects, CR-PRE still has many useful properties similar to the previous schemes, such as unidirectional, collusion resistant, chosen-plaintext attack secure and so on.

Yanli Ren,Dawu Gu,Shuozhong Wang,Xinpengu Zhang

DOI: https://doi.org/10.1142/s0129054110007726

2010-01-01

International Journal of Foundations of Computer Science

Abstract:In a proxy re-encryption scheme, a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. A number of solutions have been proposed in public key settings. Hierarchical identity-based cryptography is a generalization of identity-based encryption that mirrors an organizational hierarchy, which allows a root private key generator to distribute the work load by delegating private key generation and identity authentication to lower-level private key generators. In this paper, we propose a hierarchical identity-based proxy re-encryption (HIBPRE) scheme which achieves IND-PrID-CCA2 security without random oracles. This is the first HIBPRE scheme up to now, and our scheme satisfies unidirectionality, non-interactivity and permits multiple re-encryptions.

Jinqiu Hou,Changgen Peng,Weijie Tan,Hongfa Ding

DOI: https://doi.org/10.32604/cmes.2023.027276

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:Cloud-based services have powerful storage functions and can provide accurate computation. However, the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight. Although the attribute-based proxy re-encryption (ABPRE) schemes based on number theory can solve this problem, it is still difficult to resist quantum attacks and have limited expression capabilities. To address these issues, we present a novel linear secret sharing schemes (LSSS) matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research. Additionally, to detect the activities of illegal proxies, homomorphic signature (HS) technology is introduced to realize the verifiability of re-encryption. Moreover, the non-interactivity, unidirectionality, proxy transparency, multi-use, and anti-quantum attack characteristics of our system are all advantageous. Besides, it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud. Furthermore, under the standard model, the proposed learning with errors (LWE)-based scheme was proven to be IND-sCPA secure.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Hu Xiong,Lili Wang,Zhida Zhou,Zetong Zhao,Xin Huang,Saru Kumari

DOI: https://doi.org/10.1109/jiot.2021.3126230

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Puncturable proxy re-encryption (PPRE) is envisioned to provide secure access control delegation and fine-grained forward security for asynchronous group messaging systems. Nevertheless, the existing PPRE scheme not only suffers from the burden of certificate management but also merely achieves selective security based on the nonstandard assumption. In this article, a puncturable identity-based PRE (P-IB-PRE) scheme is proposed to efficiently protect the security and privacy of the group message. The proposed scheme introduces a message server as the proxy to transform ciphertext for each participant in the group; thus, the heavy computation overhead is delegated to the message server with abundant resources. Most importantly, our scheme enables the recipient to revoke its private key’s decryption capability of the specific messages without affecting other messages. Moreover, the identity-based mechanism eliminates the burden of certificate management as well as improves efficiency. The proposed scheme achieves adaptive security under the standard decisional bilinear Diffie–Hellman (DBDH) assumption. Eventually, theoretical and experimental analyses demonstrate that the proposed scheme has an excellent performance in efficiency and practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

LOU Sheng-ming,CAO Zhen-fu

DOI: https://doi.org/10.3969/j.issn.1001-7011.2010.02.004

2010-01-01

Abstract:An efficient ID-based proxy re-encryption scheme with threshold multi-proxy is proposed. Unlike the previous proxy re-encryption schemes,the proxy in this proposal is a group of entities instead of a single entity,only t or more entities out of n entities in the group can realize the functionality of the proxy. Furthermore,this proposal is selective ID-IND-CCA secure in the standard model.

Er-Shuo Zhuang,Chun-I Fan

DOI: https://doi.org/10.3390/math11183830

IF: 2.4

2023-09-07

Mathematics

Abstract:To protect the privacy of cloud data, encryption before uploading provides a solution. However, searching for target data in ciphertext takes effort. Therefore, searchable encryption has become an important research topic. On the other hand, since the advancement of quantum computers will lead to the crisis of cracking traditional encryption algorithms, it is necessary to design encryption schemes that can resist quantum attacks. Therefore, we propose a multi-keyword searchable identity-based proxy re-encryption scheme from lattices. In addition to resisting quantum attacks, the proposed scheme uses several cryptographic techniques to improve encryption efficiency. First, identity-based encryption is used to reduce the computation and transmission costs caused by certificates. Second, the proposed scheme uses proxy re-encryption to achieve the purpose of outsourced computing, allowing the proxy server to reduce the computation and transmission costs of the users. Third, the proposed multi-keyword searchable encryption can provide AND and OR operators to increase the flexibility of searchability. Moreover, the access structure of the proposed scheme is not based on a linear secret sharing scheme (LSSS), avoiding the errors caused by an LSSS-based structure in decryption or search results. Finally, we also give formal security proof of the proposed scheme under the decisional learning with errors assumption.

mathematics

Zengpeng Li,Chunguang Ma,Ding Wang,Minghao Zhao,Qian Zhao,Lu Zhou

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.300

2017-01-01

Abstract:Proxy re-encryption (PRE) is an important cryptographic primitive used for private information sharing. However, the recent advance in quantum computer has potentially crippled its security, as the traditional decisional Diffie-Hellman (DDH)-based PRE is venerable to the quantum attack. Thus, learning with errors (LWE)-based PRE schemes, as a kind of latticebased construction with the inherent quantum-resistant property, has attracted special research interest. Unfortunately, the main drawback of lattice-based public key encryption scheme is noise management after multiplication evaluation. Many cryptographers have been devoted to controlling the expansion of noise. In this line of work, Dagdelen-Gajek-G̈opfert (DGG) put forth the notion of learning with errors in the exponent (LWEE) which is based on lattice and group-theoretic assumption, meanwhile demonstrated a paradigm for constructing efficient quantum resistance public key schemes. In this paper, on top of DGG, we construct a single-bit, single-hop and unidirectional LWEE- based PRE scheme with indistinguishable chosen plaintext attack (IND-CPA) security. To the best of our knowledge, our scheme is the first LWEE-based PRE scheme.

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Eric Affum,Xiaosong Zhang,Xiaofen Wang,Isaac Amankona Obiri

DOI: https://doi.org/10.1007/978-3-030-98015-3_52

2022-01-01

Abstract:This work presents the first attempt to build a feasible puncturable attribute-based proxy encryption from the lattice. Our system provides flexible and fine-grained access control. In this scheme, the private keys are punctured, allowing the decryption abilities to be revoked for specific messages or receivers and securing sensitive content even if the users’ present keys are compromised. As opposed to the traditional encryption scheme, the proposed technique has the advantage of allowing users to update their keys without requiring key re-issuance from the key generator. Also, it does not necessitate regular communication between the user and the key generation authority, nor does it necessitate deleting elements to remove current keys to generate fresh keys. We developed a new approach for embedding attribute-based keys and punctured keys. This was done in such a way that the secret key size is nearly the same as that of the original attribute-based encryption without a punctured key. Also, we demonstrate that our scheme is secure against a selected plaintext attack in the selective security model under the Learning With Errors (LWE) assumptions. Finally, we implemented our scheme and integrated it with ICN. The implantation results show that our scheme is practical.

Xian Yong Meng,Zhong Chen,Xiang Yu Meng,Bing Sun

DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.74

2014-01-01

Applied Mechanics and Materials

Abstract:In this paper, an identity-based conditional proxy re-encryption (PRE) scheme is proposed, where a delegator provides a re-encryption key satisfying one condition to a semi-trusted proxy who can convert a ciphertext encrypted under the delegator’s public key into one that can be decrypted using the delegatee’s private key. We address the identity-based proxy re-encryption scheme, where the delegator and the delegatee request keys from a trusted party known as a key generator center (KGC), who generates private keys for delegator and delegatee based on their identities. Meanwhile, the identity-based conditional proxy re-encryption scheme satisfies the properties of PRE including unidirectionality, non-interactivity and multi-hop. Additionally, the identity-based conditional proxy re-encryption scheme is efficient in terms of both the communication cost and the computing cost, and can realize security secret sharing in cloud computing environments.

Fagen Li,Xiangjun Xin,Yupu Hu

DOI: https://doi.org/10.1504/IJSN.2008.020095

2008-01-01

Abstract:A (t, n) threshold proxy signcryption scheme allows t or more proxy signcrypters from a designated group of n proxy signcrypters to signcrypt messages on behalf of an original signcrypter. In this paper, a new identity-based threshold proxy signcryption scheme from bilinear pairings is proposed. Our construction is based on Baek and Zheng's pairing-based verifiable secret sharing scheme and Libert and Quisquater's identity-based signcryption scheme. As compared to Wang and Liu's identity-based threshold proxy signcryption scheme, our scheme is more secure and efficient.

Juyan Li,Zhiqi Qiao,Kejia Zhang,Chen Cui

DOI: https://doi.org/10.3390/s21010288

2021-01-04

Abstract:The homomorphic proxy re-encryption scheme combines the characteristics of a homomorphic encryption scheme and proxy re-encryption scheme. The proxy can not only convert a ciphertext of the delegator into a ciphertext of the delegatee, but also can homomorphically calculate the original ciphertext and re-encryption ciphertext belonging to the same user, so it is especially suitable for cloud computing. Yin et al. put forward the concept of a strong collusion attack on a proxy re-encryption scheme, and carried out a strong collusion attack on the scheme through an example. The existing homomorphic proxy re-encryption schemes use key switching algorithms to generate re-encryption keys, so it can not resist strong collusion attack. In this paper, we construct the first lattice-based homomorphic proxy re-encryption scheme with strong anti-collusion (HPRE-SAC). Firstly, algorithm TrapGen is used to generate an encryption key and trapdoor, then trapdoor sampling is used to generate a decryption key and re-encryption key, respectively. Finally, in order to ensure the homomorphism of ciphertext, a key switching algorithm is only used to generate the evaluation key. Compared with the existing homomorphic proxy re-encryption schemes, our HPRE-SAC scheme not only can resist strong collusion attacks, but also has smaller parameters.

Wei Luo,Wenping Ma

DOI: https://doi.org/10.1007/s10586-018-2862-z

2018-01-01

Cluster Computing

Abstract:With the rapid development of cloud computing, its security and privacy are of great concern. Since the cloud service provider is not completely trustworthy, the security of the outsourced files has become serious issues. Identity-based proxy re-encryption (IBPRE) schemes have been proposed to achieve feasible access control of encrypted data under the condition of guaranteeing the confidentiality of data, which can transfer the original ciphertexts to the re-encrypted ciphertexts for a designated decryptor. However, most of the existing IBPRE schemes either do not support revocation or computational complexity is too high. In this paper, we combine the properties of constrained pseudorandom functions (PRFs) and key homomorphic PRFs to construct a secure and efficient proxy re-encryption scheme for cloud computing. In our proposed scheme, the data owner authenticates the requesters and distributes the decryption keys by using an identity-based key exchange method. Meanwhile, a proxy re-encryption scheme is used to achieve data sharing and ciphertext update. We present the security proof of our scheme. In addition, compared with other existing schemes, our scheme has low computational complexity and communication cost.