Song Luo,Qingni Shen,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-31912-9_8

2011-01-01

Abstract:Proxy re-encryption (PRE) allows the proxy to translate a ciphertext encrypted under Alice's public key into another ciphertext that can be decrypted by Bob's secret key. Identity-based proxy re-encryption (IB-PRE) is the development of identity-based encryption and proxy re-encryption, where ciphertexts are transformed from one identity to another. In this paper, we propose two novel unidirectional identity-based proxy re-encryption schemes, which are both non-interactive and proved secure in the standard model. The first scheme is a single-hop IB-PRE scheme and has master secret security, allows the encryptor to decide whether the ciphertext can be re-encrypted. The second scheme is a multi-hop IB-PRE scheme which allows the ciphertext re-encrypted multiple times but without the size of ciphertext growing linearly as previous multi-hop IB-PRE schemes.

Zengpeng Li,Chunguang Ma,Ding Wang,Minghao Zhao,Qian Zhao,Lu Zhou

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.300

2017-01-01

Abstract:Proxy re-encryption (PRE) is an important cryptographic primitive used for private information sharing. However, the recent advance in quantum computer has potentially crippled its security, as the traditional decisional Diffie-Hellman (DDH)-based PRE is venerable to the quantum attack. Thus, learning with errors (LWE)-based PRE schemes, as a kind of latticebased construction with the inherent quantum-resistant property, has attracted special research interest. Unfortunately, the main drawback of lattice-based public key encryption scheme is noise management after multiplication evaluation. Many cryptographers have been devoted to controlling the expansion of noise. In this line of work, Dagdelen-Gajek-G̈opfert (DGG) put forth the notion of learning with errors in the exponent (LWEE) which is based on lattice and group-theoretic assumption, meanwhile demonstrated a paradigm for constructing efficient quantum resistance public key schemes. In this paper, on top of DGG, we construct a single-bit, single-hop and unidirectional LWEE- based PRE scheme with indistinguishable chosen plaintext attack (IND-CPA) security. To the best of our knowledge, our scheme is the first LWEE-based PRE scheme.

Song Luo,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1145/1866870.1866880

2010-01-01

Abstract:A proxy re-encryption (PRE) scheme involves three parties: Alice, Bob, and a proxy. PRE allows the proxy to translate a ciphertext encrypted under Alice's public key into one that can be decrypted by Bob's secret key. We present a general method to construct an identity-based proxy re-encryption scheme from an existing identity-based encryption scheme. The transformed scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted.

Fucai Luo,Haiyan Wang,Willy Susilo,Xingfu Yan,Xiaofan Zheng

DOI: https://doi.org/10.1109/tifs.2024.3357240

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Proxy re-encryption (PRE), as a promising cryptographic primitive for secure data sharing in clouds, has been widely studied for decades. PRE allows the proxies to use the re-encryption keys to convert ciphertexts computed under the delegator's public key into ones that can be decrypted using the delegatees' secret keys, without knowing anything about the underlying plaintext. This delegable property of decryption rights enables flexible cloud data sharing, but it raises an important issue: if some proxies reveal their re-encryption keys, or collude with some delegatees to create a pirate decoder, then anyone who gains access to the pirate decoder can decrypt all ciphertexts computed under the delegator's public key without the delegator's permission. This paper opens up a potentially new avenue of research to address the above (re-encryption) key abuse problem by proposing the first public trace-and-revoke PRE system, where the malicious delegatees and proxies involved in the generation of a pirate decoder can be identified by anyone who gains access to the pirate decoder, and their decryption capabilities can subsequently be revoked by the content distributor. Our construction is multi-hop, supports user revocation and public (black-box) traceability, and achieves significant efficiency advantages over previous constructions. Technically, our construction is a generic transformation from inner-product functional PRE (IPFPRE) that we introduce to trace-and-revoke PRE. In addition, we instantiate our generic construction of trace-and-revoke PRE from the Learning with Errors (LWE) assumption, which was widely believed to be quantum-resistant. This is achieved by proposing the first LWE-based IPFPRE scheme, which may be of independent interest. Finally, we conduct a comprehensive performance evaluation of our LWE-based trace-and-revoke PRE scheme, and the experimental results show that the proposed LWE-based trace-and-revoke PRE scheme is practical and outperforms current state-of-the-art traceable PRE schemes.

computer science, theory & methods,engineering, electrical & electronic

WeiDong Zhong,Xu An Wang,Ziqing Wang,Yi Ding

DOI: https://doi.org/10.1109/CIS.2011.217

2011-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a cipher text for Alice (delegator) to be the one which can be decrypted by Bob (delegatee). Since it is introduced by Blaze et al. in 1998, many variants of PRE have been proposed. In this paper, we concentrate on two of them: anonymous conditional proxy re-encryption (ACPRE) and constrained proxy re-encryption with keyword search (PRES). Conditional proxy re-encryption (CPRE) is a primitive which only allows those cipher texts satisfying the condition can be re-encrypted correctly by the proxy. Anonymous conditional proxy re-encryption (ACPRE) requires the proxy not knowing which condition the cipher text associated with. PRES is a primitive which allows the proxy simultaneously re-encrypt and search the delegator's cipher text. Based on the PRES proposed by Shao et al., We show the definition of constrained proxy re-encryption with keyword search (CPRES), give its security models and discuss its potential applications. At last, based on a concrete ACPRE scheme, we construct a concrete CPRES scheme.

Hu Xiong,Lili Wang,Zhida Zhou,Zetong Zhao,Xin Huang,Saru Kumari

DOI: https://doi.org/10.1109/jiot.2021.3126230

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Puncturable proxy re-encryption (PPRE) is envisioned to provide secure access control delegation and fine-grained forward security for asynchronous group messaging systems. Nevertheless, the existing PPRE scheme not only suffers from the burden of certificate management but also merely achieves selective security based on the nonstandard assumption. In this article, a puncturable identity-based PRE (P-IB-PRE) scheme is proposed to efficiently protect the security and privacy of the group message. The proposed scheme introduces a message server as the proxy to transform ciphertext for each participant in the group; thus, the heavy computation overhead is delegated to the message server with abundant resources. Most importantly, our scheme enables the recipient to revoke its private key’s decryption capability of the specific messages without affecting other messages. Moreover, the identity-based mechanism eliminates the burden of certificate management as well as improves efficiency. The proposed scheme achieves adaptive security under the standard decisional bilinear Diffie–Hellman (DBDH) assumption. Eventually, theoretical and experimental analyses demonstrate that the proposed scheme has an excellent performance in efficiency and practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yang Wang,Yanmin Zhao,Mingqiang Wang

DOI: https://doi.org/10.1016/j.csi.2023.103778

2023-07-20

Abstract:Proxy re-encryption (PRE) schemes, which nicely solve the problem of delegating decryption rights, enable a semi-trusted proxy to transform a ciphertext encrypted under one key into a ciphertext of the same message under another arbitrary key. Cohen first pointed out the insufficiency of the security under chosen-plaintext attacks (CPA) of PREs in PKC 2019, and proposed a strictly stronger security notion, named security under honest re-encryption attacks (HRA), of PREs. Surprisingly, a few PREs satisfy the stronger HRA security and almost all of them are paring-based till now. To the best of our knowledge, we present the first direct construction of HRA secure single-hop PREs based on standard LWE problems with comparably small and polynomially-bounded parameters in this paper. Combing known reductions, the HRA security of our PREs could also be guaranteed by the worst-case basic lattice problems (e.g. SIVP γ with γ=Õ(n3.5) ). Our single-hop PRE schemes are key-private, which means that the implicit identities of a re-encryption key will not be revealed even in the case of a proxy colluding with some corrupted users. Meanwhile, our single-hop PRE schemes are also post-compromise (PCS) secure, ensuring that a re-encrypted ciphertext remains confidential even when the past key, potential old ciphertexts and the re-encryption key have been exposed. Some discussions about key-privacy of multi-hop PREs are also proposed, which indicates that several constructions of multi-hop PREs do not satisfy their key-privacy definitions.

computer science, software engineering, hardware & architecture

Yang Wang,Mingqiang Wang

DOI: https://doi.org/10.1049/2024/4333883

2024-09-28

IET Information Security

Abstract:Attribute‐based conditional proxy re‐encryption protocols (AB‐CPREs) enable a delegator to delegate his decryption rights via different policies and grant the data owner greater flexibility in allocating their encrypted private data stored in the cloud. However, existing lattice‐based AB‐CPREs suffer from some drawbacks such as large parameters and weak passive securities. To the best of our knowledge, the first quantum‐safe key‐policy AB‐CPREs with polynomially bounded parameters (for certain NC 0 circuits/policies) that is selective attribute secure against honest re‐encryption attacks (HRA) is presented. The security of our proposed AB‐CPREs is based on standard LWE assumptions. We further introduce the directly revocable AB‐CPREs, a primitive that enables a delegator to authorize and revoke his delegation of decryption rights dynamically and offers more flexible access control on externally stored encrypted data. Definition and security model of single‐hop directly revocable AB‐CPREs are given, and the first detailed construction of single‐hop directly revocable AB‐CPREs based on standard LWE assumptions is also proposed.

computer science, information systems, theory & methods

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-17650-0_28

2010-01-01

Abstract:We present a novel ciphertext policy attribute-based proxy re-encryption (CP-AB-PRE) scheme. The ciphertext policy realized in our scheme is AND-gates policy supporting multi-value attributes, negative attributes and wildcards. Our scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted and allows the proxy to add access policy when re-encrypting ciphertext. Furthermore, our scheme can be modified to have constant ciphertext size in original encryption.

Yongli Tang,Minglu Jin,Hui Meng,Li Yang,Chengfu Zheng

DOI: https://doi.org/10.3390/e25050822

2023-05-19

Abstract:There are mostly semi-honest agents in cloud computing, so agents may perform unreliable calculations during the actual execution process. In this paper, an attribute-based verifiable conditional proxy re-encryption (AB-VCPRE) scheme using a homomorphic signature is proposed to solve the problem that the current attribute-based conditional proxy re-encryption (AB-CPRE) algorithm cannot detect the illegal behavior of the agent. The scheme implements robustness, that is the re-encryption ciphertext, can be verified by the verification server, showing that the received ciphertext is correctly converted by the agent from the original ciphertext, thus, meaning that illegal activities of agents can be effectively detected. In addition, the article demonstrates the reliability of the constructed AB-VCPRE scheme validation in the standard model, and proves that the scheme satisfies CPA security in the selective security model based on the learning with errors (LWE) assumption.

Yuriy Polyakov,Kurt Rohloff,Gyana Sahu,Vinod Vaikuntanathan

DOI: https://doi.org/10.1145/3128607

IF: 2.717

2017-10-26

ACM Transactions on Privacy and Security

Abstract:We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption. We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BV-PRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations.

computer science, information systems

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Jian Weng,Yunlei Zhao,Goichiro Hanaoka

DOI: https://doi.org/10.1007/978-3-642-19379-8_18

2011-01-01

Abstract:In ACM CCS 2007, Canetti and Hohenberger left an interesting open problem of how to construct a chosen-ciphertext secure proxy re-encryption (PRE) scheme without bilinear maps. This is a rather interesting problem and has attracted great interest in recent years. In PKC 2010, Matsuda, Nishimaki and Tanaka introduced a novel primitive named re-applicable lossy trapdoor function, and then used it to construct a PRE scheme without bilinear maps. Their scheme is claimed to be chosen-ciphertext secure in the standard model. In this paper, we make a careful observation on their PRE scheme, and indicate that their scheme does not satisfy chosen-ciphertext security. The purpose of this paper is to clarify the fact that, it is still an open problem to come up with a chosen-ciphertext secure PRE scheme without bilinear maps in the standard model.

Xu An Wang,Ziqing Wang,Yi Ding,Shujun Bai

DOI: https://doi.org/10.1109/cis.2011.213

2011-01-01

Abstract:The traditional proxy re-encryption (PRE) or conditional proxy re-encryption (CPRE) can re-encrypt infinite times on the delegator's cipher text. However many practical applications do not need this property, they prefer the delegator can control on the times the proxy can re-encrypt. In this paper, we introduce a new kind of proxy re-encryption: k-times proxy re-encryption (KPRE). To construct a concrete KPRE scheme, we add public/private key to the proxy. In k-times proxy re-encryption, the proxy can only re-encrypt k times, otherwise the proxy's private key will be exposed. We construct a concrete IND-RCCA secure KPRE scheme by combining the k-times signature and Libert et al's IND-RCCA PRE scheme in PKC'08.

Xin-peng ZHANG,Chun-xiang XU,Xiao-jun ZHANG,Jiang DENG,Xin Huang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2016.06.015

2016-01-01

Abstract:Dynamic type information of ciphertext can be modified properly so that it can be well applied in a practical cloud storage environment. In order to meet the application requirements, Liuet al proposed a dynamic type and identity-based proxy re-encryption (PRE) scheme based on Ibraimiet al’s scheme. Their scheme not only keeps the traditional core function of PRE scheme, but also makes sure that the owner of ciphertext can modify the type information at any time. However, after careful security analysis it found that Liuet al.’s scheme has two security flaws. Firstly, the dynamic type information lacks of verification, the adversary can modify the type tag. Secondly, the dynamic type information causes a conditional chosen plaintext attack. Thus we further improve Liu et al.’s scheme and give the security analysis.

Zhenfu Cao,Hongbing Wang,Yunlei Zhao

DOI: https://doi.org/10.1109/tdsc.2017.2714166

2019-01-01

Abstract:In this paper, we introduce a new cryptographic primitive, called autonomous path proxy re-encryption (AP-PRE), which is motivated by several application scenarios where the delegator would like to control the whole delegation path in a multi-hop delegation process. Compared with the traditional proxy re-encryption, AP-PRE provides much better fine-grained access control to delegation path. Briefly speaking, in an AP-PRE scheme, the delegator designates a path of his preferred delegatees. The path consists of several delegatees with the privilege from high to low. If the delegatee in the path cannot complete the decryption, the decryption right is automatically delegated to the next one in the path. In this way, the delegator can ensure that the delegation has always been done among those delegatees the delegator trusts. Moreover, an AP-PRE scheme has to obey the following path rules. The delegation, for ciphertexts of a delegator i, can only be carried out on the autonomous path Pa-i designated by the delegator i, in the sense that (1) re-encrypted ciphertexts along the autonomous path Pa-i cannot branch off Pa-i with meaningful decryption, and (2) original ciphertexts generated under pk(j) for j not equal i (i.e., for a path Pa-j different from Pa-i) cannot be inserted into (i.e., cannot be transformed along) the autonomous path Pa-i with meaningful decryption. We give the formal definition, as well as the formal security model, for this cryptographic primitive. Under this concept, we construct an IND-CPA secure AP-PRE scheme under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. Our scheme is with the useful properties of proxy re-encryption, i.e., unidirectionality and multi-hop.

Licheng Wang,Jing Li,Jianhua Yan,Zhiguo Qu

DOI: https://doi.org/10.1109/incos.2016.12

2016-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to transfer Alice's secrets into Bob's secrets but without seeing the secrets. This functionality is very interesting for making balance between the information confidentiality and the mutual accessibility in various scenarios such as public cloud storage systems. During the past decades, many smart PRE schemes were built based on intractability assumptions such as integer factorization problems (IFP) and discrete logarithm problems (DLP). However, Shor's efficient quantum algorithms for IFP and DLP manifests a threat towards the security baseline of these schemes. Enlightened by Gu et al.'s recent work on resisting known quantum attacks, we propose an efficient PRE scheme based on the intractability of the (semi) group factorization problems in this paper. The security of the proposed scheme is analyzed according to some conceivable attacks.

Feixiang Zhao,Jian Weng,Wenli Xie,Lin Hou,Ming Li

DOI: https://doi.org/10.1007/s10623-024-01467-x

IF: 1.4

2024-09-03

Designs Codes and Cryptography

Abstract:Proxy re-encryption (PRE) is a cryptosystem that realizes efficient encrypted data sharing by allowing a third party proxy to transform a ciphertext intended for a delegator (i.e., Alice) to a ciphertext intended for a delegatee (i.e., Bob). Attribute-based proxy re-encrypftion (AB-PRE) generalizes PRE to the attribute-based scenarios, enabling fine-grained access control on ciphertexts. However, the existing AB-PRE schemes do not adequately address the following problems: (1) the risk of decryption key leakage, and (2) the need of time-based delegation. To resolve these problems, we introduce a primitive called time-based attribute-based proxy re-encryption (TB-AB-PRE) with decryption key update. TB-AB-PRE associates keys with the current time information and supports efficient periodical decryption key update for each time transition. This property guarantees that a compromise of a decryption key for some time does not breach the security of ciphertexts from the others. Leveraging this time-based property, the proposed TB-AB-PRE elegantly achieves time-based delegation which enables Alice to decide which ciphertexts can be transformed and their decryptable timeframe after being transformed. The proposed construction is proven to be secure against honest re-encryption attacks with decryption key exposure resistance, under the learning with errors assumption.

mathematics, applied,computer science, theory & methods

Yuyang Zhou,Liang Zhao,Yuqiao Jin,Fagen Li

DOI: https://doi.org/10.1016/j.ins.2022.05.007

IF: 8.1

2022-08-01

Information Sciences

Abstract:The wireless body area network (WBAN) provides users with real-time medical services. Meanwhile, the cloud technology provides greater storage space and computing power for medical data. Both of them have contribute to the development of telemedicine. In a cloud-assisted WBAN, the open network environment and the semi-trust cloud service providers expose the user’s private medical data to backdoor adversaries who can make exfiltration attacks, such as the algorithm substitution attack (ASA) through the process of data sharing. Therefore, it is necessary to find a secure and efficient medical data sharing scheme for the huge amount of medical data. In this paper, we first design an identity-based proxy re-encryption scheme with cryptographic reverse firewall (IBPRE-CRF), then show the application in a multiple-access telemedicine data sharing scenario. Security analysis shows that the IBPRE-CRF scheme provides chosen plaintext attack security and resists exfiltration attacks. Performance analysis shows that the IBPRE-CRF scheme has a significant communication and computational cost advantage while being resistant to exfiltration attacks in clouds. Therefore, our IBPRE-CRF scheme is suitable for telemedicine data sharing in a cloud-assisted WBAN.

computer science, information systems

Xinyu Feng,Cong Li,Dan Li,Yuejian Fang,Qingni Shen

DOI: https://doi.org/10.1007/978-3-319-89500-0_17

2017-01-01

Abstract:We propose a hidden ciphertext-policy attribute-based proxy re-encryption scheme. A data owner can delegate the capability of transforming a ciphertext under an access policy to another one with the same plaintext but different access policy to a semi-trusted proxy. Compared with traditional schemes, our scheme can hide the user's attributes information in the encryption and re-encryption process, which can obtain a better protection of the user's privacy. We also prove our scheme to be fully secure under standard assumptions using the dual system technique. As far as we know, this is the first scheme to achieve all these properties simultaneously.