Xu An Wang,Ziqing Wang,Yi Ding,Shujun Bai

DOI: https://doi.org/10.1109/cis.2011.213

2011-01-01

Abstract:The traditional proxy re-encryption (PRE) or conditional proxy re-encryption (CPRE) can re-encrypt infinite times on the delegator's cipher text. However many practical applications do not need this property, they prefer the delegator can control on the times the proxy can re-encrypt. In this paper, we introduce a new kind of proxy re-encryption: k-times proxy re-encryption (KPRE). To construct a concrete KPRE scheme, we add public/private key to the proxy. In k-times proxy re-encryption, the proxy can only re-encrypt k times, otherwise the proxy's private key will be exposed. We construct a concrete IND-RCCA secure KPRE scheme by combining the k-times signature and Libert et al's IND-RCCA PRE scheme in PKC'08.

WeiDong Zhong,Xu An Wang,Ziqing Wang,Yi Ding

DOI: https://doi.org/10.1109/CIS.2011.217

2011-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a cipher text for Alice (delegator) to be the one which can be decrypted by Bob (delegatee). Since it is introduced by Blaze et al. in 1998, many variants of PRE have been proposed. In this paper, we concentrate on two of them: anonymous conditional proxy re-encryption (ACPRE) and constrained proxy re-encryption with keyword search (PRES). Conditional proxy re-encryption (CPRE) is a primitive which only allows those cipher texts satisfying the condition can be re-encrypted correctly by the proxy. Anonymous conditional proxy re-encryption (ACPRE) requires the proxy not knowing which condition the cipher text associated with. PRES is a primitive which allows the proxy simultaneously re-encrypt and search the delegator's cipher text. Based on the PRES proposed by Shao et al., We show the definition of constrained proxy re-encryption with keyword search (CPRES), give its security models and discuss its potential applications. At last, based on a concrete ACPRE scheme, we construct a concrete CPRES scheme.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-17650-0_28

2010-01-01

Abstract:We present a novel ciphertext policy attribute-based proxy re-encryption (CP-AB-PRE) scheme. The ciphertext policy realized in our scheme is AND-gates policy supporting multi-value attributes, negative attributes and wildcards. Our scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted and allows the proxy to add access policy when re-encrypting ciphertext. Furthermore, our scheme can be modified to have constant ciphertext size in original encryption.

Zhenfu Cao,Hongbing Wang,Yunlei Zhao

DOI: https://doi.org/10.1109/tdsc.2017.2714166

2019-01-01

Abstract:In this paper, we introduce a new cryptographic primitive, called autonomous path proxy re-encryption (AP-PRE), which is motivated by several application scenarios where the delegator would like to control the whole delegation path in a multi-hop delegation process. Compared with the traditional proxy re-encryption, AP-PRE provides much better fine-grained access control to delegation path. Briefly speaking, in an AP-PRE scheme, the delegator designates a path of his preferred delegatees. The path consists of several delegatees with the privilege from high to low. If the delegatee in the path cannot complete the decryption, the decryption right is automatically delegated to the next one in the path. In this way, the delegator can ensure that the delegation has always been done among those delegatees the delegator trusts. Moreover, an AP-PRE scheme has to obey the following path rules. The delegation, for ciphertexts of a delegator i, can only be carried out on the autonomous path Pa-i designated by the delegator i, in the sense that (1) re-encrypted ciphertexts along the autonomous path Pa-i cannot branch off Pa-i with meaningful decryption, and (2) original ciphertexts generated under pk(j) for j not equal i (i.e., for a path Pa-j different from Pa-i) cannot be inserted into (i.e., cannot be transformed along) the autonomous path Pa-i with meaningful decryption. We give the formal definition, as well as the formal security model, for this cryptographic primitive. Under this concept, we construct an IND-CPA secure AP-PRE scheme under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. Our scheme is with the useful properties of proxy re-encryption, i.e., unidirectionality and multi-hop.

Fucai Luo,Haiyan Wang,Willy Susilo,Xingfu Yan,Xiaofan Zheng

DOI: https://doi.org/10.1109/tifs.2024.3357240

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Proxy re-encryption (PRE), as a promising cryptographic primitive for secure data sharing in clouds, has been widely studied for decades. PRE allows the proxies to use the re-encryption keys to convert ciphertexts computed under the delegator's public key into ones that can be decrypted using the delegatees' secret keys, without knowing anything about the underlying plaintext. This delegable property of decryption rights enables flexible cloud data sharing, but it raises an important issue: if some proxies reveal their re-encryption keys, or collude with some delegatees to create a pirate decoder, then anyone who gains access to the pirate decoder can decrypt all ciphertexts computed under the delegator's public key without the delegator's permission. This paper opens up a potentially new avenue of research to address the above (re-encryption) key abuse problem by proposing the first public trace-and-revoke PRE system, where the malicious delegatees and proxies involved in the generation of a pirate decoder can be identified by anyone who gains access to the pirate decoder, and their decryption capabilities can subsequently be revoked by the content distributor. Our construction is multi-hop, supports user revocation and public (black-box) traceability, and achieves significant efficiency advantages over previous constructions. Technically, our construction is a generic transformation from inner-product functional PRE (IPFPRE) that we introduce to trace-and-revoke PRE. In addition, we instantiate our generic construction of trace-and-revoke PRE from the Learning with Errors (LWE) assumption, which was widely believed to be quantum-resistant. This is achieved by proposing the first LWE-based IPFPRE scheme, which may be of independent interest. Finally, we conduct a comprehensive performance evaluation of our LWE-based trace-and-revoke PRE scheme, and the experimental results show that the proposed LWE-based trace-and-revoke PRE scheme is practical and outperforms current state-of-the-art traceable PRE schemes.

computer science, theory & methods,engineering, electrical & electronic

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

FENG Chaosheng,LUO Wangping,QIN Zhiguang,YUAN Ding,ZOU Liping

DOI: https://doi.org/10.11959/j.issn.1000-436x.2019127

2019-01-01

Abstract:A ideal proxy re-encryption scheme has five features,such as one-way encryption,non-interaction,repeatability,controllability and verifiability.The existing schemes,however,have only two or three of the five features,which reduces the utility of them to some extent.For this,a new ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme with the above five features was proposed.In the proposed scheme,the cloud proxy server could only re-encrypt the ciphertext specified by the delegator by using the re-encryption key,and resist the collusion attack between the user and the proxy satisfying the re-encryption sharing policy.Most of encryption and decryption were outsourced to cloud servers so that it reduced the computing burden on the user’s client.The security analysis show that the proposed scheme resists the selective chosen plaintext attack (SCPA).

Yunxiao Zhou,Shengli Liu,Shuai Han,Haibin Zhang

DOI: https://doi.org/10.1007/978-981-99-8736-8_7

2023-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy with a reencryption key to translate a ciphertext intended for Alice (delegator) to another ciphertext intended for Bob (delegatee) without revealing the underlying message. However, with PRE, Bob can obtain the whole message from the re-encrypted ciphertext, and Alice cannot take flexible control of the extent of the message transmitted to Bob. In this paper, we propose a new variant of PRE, called Fine-Grained PRE (FPRE), to support fine-grained re-encryptions. An FPRE is associated with a function family F, and each re-encryption key rk(A -> B)(f) is associated with a function f is an element of F. With FPRE, Alice now can authorize re-encryption power to proxy by issuing rk(A -> B)(f) to it, with f chosen by herself. Then the proxy can translate ciphertext encrypting m to Bob's ciphertext encrypting f(m) with such a fine-grained re-encryption key, and Bob only obtains a function of message m. In this way, Alice can take flexible control of the message spread by specifying functions. For FPRE, we formally define its syntax and formalize security notions including CPA security, ciphertext pseudo-randomness, unidirectionality, non-transitivity, collusion-safety under adaptive corruptions in the multi-user setting. Moreover, we propose a new security notion named ciphertext unlinkability, which blurs the link between a ciphertext and its re-encrypted ciphertext to hide the proxy connections between users. We establish the relations between those security notions. As for constructions, we propose two FPRE schemes, one for bounded linear functions and the other for deletion functions, based on the learning-with-errors (LWE) assumption. Our FPRE schemes achieve all the aforementioned desirable securities under adaptive corruptions in the standard model. As far as we know, our schemes provide the first solution to PRE with security under adaptive corruptions in the standard model.

Song Luo,Qingni Shen,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-31912-9_8

2011-01-01

Abstract:Proxy re-encryption (PRE) allows the proxy to translate a ciphertext encrypted under Alice's public key into another ciphertext that can be decrypted by Bob's secret key. Identity-based proxy re-encryption (IB-PRE) is the development of identity-based encryption and proxy re-encryption, where ciphertexts are transformed from one identity to another. In this paper, we propose two novel unidirectional identity-based proxy re-encryption schemes, which are both non-interactive and proved secure in the standard model. The first scheme is a single-hop IB-PRE scheme and has master secret security, allows the encryptor to decide whether the ciphertext can be re-encrypted. The second scheme is a multi-hop IB-PRE scheme which allows the ciphertext re-encrypted multiple times but without the size of ciphertext growing linearly as previous multi-hop IB-PRE schemes.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1145/1755688.1755720

2010-01-01

Abstract:Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical applications usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we resolve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In addition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

Song Luo,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1145/1866870.1866880

2010-01-01

Abstract:A proxy re-encryption (PRE) scheme involves three parties: Alice, Bob, and a proxy. PRE allows the proxy to translate a ciphertext encrypted under Alice's public key into one that can be decrypted by Bob's secret key. We present a general method to construct an identity-based proxy re-encryption scheme from an existing identity-based encryption scheme. The transformed scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted.

Yunxiao Zhou,Shengli Liu,Shuai Han

DOI: https://doi.org/10.1007/978-3-031-57728-4_6

2024-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a ciphertext intended for Alice (delegator) to another ciphertext intended for Bob (delegatee) without revealing the underlying message. Recently, a new variant of PRE, namely fine-grained PRE (FPRE), was proposed in [Zhou et al., Asiacrypt 2023]. Generally, FPRE is designed for a function family F: each re-encryption key rk(A -> B)(f) is associated with a function f is an element of F, and with rk(A -> B)(f), a proxy can transform Alice's ciphertext encrypting m to Bob's ciphertext encrypting f(m). However, their scheme only supports single-hop re-encryption and achieves only CPA security. In this paper, we formalize multi-hop FPRE (mFPRE) that supports multi-hop re-encryptions in the fine-grained setting, and propose two mFPRE schemes achieving CPA security and stronger HRA security (security against honest re-encryption attacks), respectively. - For multi-hop FPRE, we formally define its syntax and formalize a set of security notions including CPA security, HRA security, undirectionality and ciphertext unlinkablity. HRA security is stronger and more reasonable than CPA security, and ciphertext unlinkablity blurs the proxy relations among a chain of multi-hop re-encryptions, hence providing better privacy. We establish the relations between these security notions. - Our mFPRE schemes support fine-grained re-encryptions for bounded linear functions and have security based on the learning-with-errors (LWE) assumption in the standard model. In particular, one of our schemes is HRA secure and enjoys all the aforementioned desirable securities. To achieve CPA security and HRA security for mFPRE, we extend the framework of [Jafargholi et al., Crypto 2017] and the technique of the [Fuchsbauer et al., PKC 2019].

Lixue Sun,Chunxiang Xu,Fugeng Zeng

DOI: https://doi.org/10.1016/j.jpdc.2024.104956

IF: 4.542

2024-01-01

Journal of Parallel and Distributed Computing

Abstract:Cloud computing is a promising service architecture that enables a data owner to share data in an economic and efficient manner. To ensure data privacy, a data owner will generate the ciphertext of the data before outsourcing. Attribute-based encryption (ABE) provides an elegant solution for a data owner to enforce fine-grained access control on the data to be outsourced. However, ABE cannot support ciphertext transformation when needing to share the underlying data with a public-key infrastructure (PKI) user further. In addition, an untrusted cloud server may return random ciphertexts to the PKI user to save expensive computational costs of ciphertext transformation. To address above issues, we introduce a novel cryptographic primitive namely verifiable and hybrid attribute-based proxy re-encryption (VHABPRE). VHABPRE provides a transformation mechanism that re-encrypts an ABE ciphertext to a PKI-based public key encryption (PKE) ciphertext such that the PKI user can access the underlying data, meanwhile this PKI user can ensure the validity of the transformed ciphertext. By leveraging a key blinding technique and computing the commitment of the data, we construct two VHABPRE schemes to achieve flexible data sharing. We give formal security proofs and comprehensive performance evaluation to show the security and efficiency of the VHABPRE schemes.

Jun-Zuo Lai,Wen-Tao Zhu,Robert H. Deng,Sheng-Li Liu,Wei-Dong Kou

DOI: https://doi.org/10.1007/s11390-010-9366-5

IF: 1.871

2010-01-01

Journal of Computer Science and Technology

Abstract:We address the cryptographic topic of proxy re-encryption (PRE), which is a special public-key cryptosystem. A PRE scheme allows a special entity, known as the proxy, to transform a message encrypted with the public key of a delegator (say Alice), into a new ciphertext that is protected under the public key of a delegatee (say Bob), and thus the same message can then be recovered with Bob’s private key. In this paper, in the identity-based setting, we first investigate the relationship between so called mediated encryption and unidirectional PRE. We provide a general framework which converts any secure identity-based unidirectional PRE scheme into a secure identity-based mediated encryption scheme, and vice versa. Concerning the security for unidirectional PRE schemes, Ateniese et al. previously suggested an important property known as the master secret security, which requires that the coalition of the proxy and Bob cannot expose Alice’s private key. In this paper, we extend the notion to the identity-based setting, and present an identity-based unidirectional PRE scheme, which not only is provably secure against the chosen ciphertext attack in the standard model but also achieves the master secret security at the same time.

Licheng Wang,Jing Li,Jianhua Yan,Zhiguo Qu

DOI: https://doi.org/10.1109/incos.2016.12

2016-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to transfer Alice's secrets into Bob's secrets but without seeing the secrets. This functionality is very interesting for making balance between the information confidentiality and the mutual accessibility in various scenarios such as public cloud storage systems. During the past decades, many smart PRE schemes were built based on intractability assumptions such as integer factorization problems (IFP) and discrete logarithm problems (DLP). However, Shor's efficient quantum algorithms for IFP and DLP manifests a threat towards the security baseline of these schemes. Enlightened by Gu et al.'s recent work on resisting known quantum attacks, we propose an efficient PRE scheme based on the intractability of the (semi) group factorization problems in this paper. The security of the proposed scheme is analyzed according to some conceivable attacks.

Xian Yong Meng,Zhong Chen,Xiang Yu Meng,Bing Sun

DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.74

2014-01-01

Applied Mechanics and Materials

Abstract:In this paper, an identity-based conditional proxy re-encryption (PRE) scheme is proposed, where a delegator provides a re-encryption key satisfying one condition to a semi-trusted proxy who can convert a ciphertext encrypted under the delegator’s public key into one that can be decrypted using the delegatee’s private key. We address the identity-based proxy re-encryption scheme, where the delegator and the delegatee request keys from a trusted party known as a key generator center (KGC), who generates private keys for delegator and delegatee based on their identities. Meanwhile, the identity-based conditional proxy re-encryption scheme satisfies the properties of PRE including unidirectionality, non-interactivity and multi-hop. Additionally, the identity-based conditional proxy re-encryption scheme is efficient in terms of both the communication cost and the computing cost, and can realize security secret sharing in cloud computing environments.

Jian Weng,Robert H. Deng,Shengli Liu,Kefei Chen

DOI: https://doi.org/10.1016/j.ins.2010.08.017

IF: 8.1

2010-01-01

Information Sciences

Abstract:Proxy re-encryption (PRE) is a useful primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one key into an encryption of the same plaintext under another key. A PRE scheme is bidirectional if the proxy is able to transform ciphertexts in both directions. In ACM CCS’07, Canetti and Hohenberger presented a bidirectional PRE scheme with chosen-ciphertext security, which captures the indistinguishability of ciphertexts even if the adversary has access to the standard decryption oracle as well as a re-encryption oracle and a re-encryption key oracle. They also left an important open problem to come up with a chosen-ciphertext secure PRE scheme without pairings. To resolve this problem, we propose a bidirectional PRE scheme without pairings, and prove its chosen-ciphertext security under the computational Diffie–Hellman assumption in the random oracle model. Based on this scheme, we further present a non-transitive bidirectional PRE scheme, in which the proxy alone cannot re-delegate the decryption rights.

Yanli Ren,Dawu Gu,Shuozhong Wang,Xinpengu Zhang

DOI: https://doi.org/10.1142/s0129054110007726

2010-01-01

International Journal of Foundations of Computer Science

Abstract:In a proxy re-encryption scheme, a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. A number of solutions have been proposed in public key settings. Hierarchical identity-based cryptography is a generalization of identity-based encryption that mirrors an organizational hierarchy, which allows a root private key generator to distribute the work load by delegating private key generation and identity authentication to lower-level private key generators. In this paper, we propose a hierarchical identity-based proxy re-encryption (HIBPRE) scheme which achieves IND-PrID-CCA2 security without random oracles. This is the first HIBPRE scheme up to now, and our scheme satisfies unidirectionality, non-interactivity and permits multiple re-encryptions.

Wenlong Yi,Chuang Wang,Sergey Kuzmin,Igor Gerasimov,Xiangping Cheng

DOI: https://doi.org/10.3390/s24154939

2024-07-30

Abstract:Existing attribute-based proxy re-encryption schemes suffer from issues like complex access policies, large ciphertext storage space consumption, and an excessive authority of the authorization center, leading to weak security and controllability of data sharing in cloud storage. This study proposes a Weighted Attribute Authority Multi-Authority Proxy Re-Encryption (WAMA-PRE) scheme that introduces attribute weights to elevate the expression of access policies from binary to multi-valued, simplifying policies and reducing ciphertext storage space. Simultaneously, the multiple attribute authorities and the authorization center construct a joint key, reducing reliance on a single authorization center. The proposed distributed attribute authority network enhances the anti-attack capability of cloud storage. Experimental results show that introducing attribute weights can reduce ciphertext storage space by 50%, proxy re-encryption saves 63% time compared to repeated encryption, and the joint key construction time is only 1% of the benchmark scheme. Security analysis proves that WAMA-PRE achieves CPA security under the decisional q-parallel BDHE assumption in the random oracle model. This study provides an effective solution for secure data sharing in cloud storage.