A CCA-Secure Collusion-Resistant Identity-Based Proxy Re-Encryption Scheme

Cloud storage enables its users to store confidential information as encrypted files in the cloud. A cloud user (say Alice) can share her encrypted files with another user (say Bob) by availing proxy re-encryption services of the cloud. Proxy Re-Encryption (PRE) is a cryptographic primitive that allows transformation of ciphertexts from Alice to Bob via a semi-trusted proxy, who should not learn anything about the shared message. Typically, the re-encryption rights are enabled only for a bounded, fixed time and malicious parties may want to decrypt or learn messages encrypted for Alice, even beyond that time. The basic security notion of PRE assumes the proxy (cloud) is semi-trusted, which is seemingly insufficient in practical applications. The proxy may want to collude with Bob to obtain the private keys of Alice for later use. Such an attack is called collusion attack, allowing colluders to illegally access all encrypted information of Alice in the cloud. Hence, achieving collusion resistance is indispensable to real-world scenarios. Realizing collusion-resistant PRE has been an interesting problem in the ID-based setting. To this end, several attempts have been made to construct a collusion-resistant IB-PRE scheme and we discuss their properties and weaknesses in this paper. We also present a new collusion-resistant IB-PRE scheme that meets the adaptive CCA security under the decisional bilinear Diffie-Hellman hardness assumption in the random oracle model.

[1]  Yi Mu,et al.  Identity-based data storage in cloud computing , 2013, Future Gener. Comput. Syst..

[2]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[3]  Robert H. Deng,et al.  Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security , 2009, ISC.

[4]  C. Pandu Rangan,et al.  EFFICIENT CONDITIONAL PROXY RE- ENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY , 2012 .

[5]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[6]  Hua Ma,et al.  Security Analysis and Improvement of A Collusion-Resistant Identity-Based Proxy Re-Encryption Scheme , 2016, BWCCA.

[7]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[8]  Zhenfu Cao,et al.  SCCR: a generic approach to simultaneously achieve CCA security and collusion-resistance in proxy re-encryption , 2011, Secur. Commun. Networks.

[9]  Xu An Wang,et al.  A New Identity Based Proxy Re-Encryption Scheme , 2010, 2010 International Conference on Biomedical Engineering and Computer Science.

[10]  Dong Hoon Lee,et al.  Security vulnerability in a non-interactive ID-based proxy re-encryption scheme , 2009, Inf. Process. Lett..

[11]  Robert H. Deng,et al.  Efficient Unidirectional Proxy Re-Encryption , 2010, AFRICACRYPT.

[12]  Kim-Kwang Raymond Choo,et al.  MDMR-IBE: efficient multiple domain multi-receiver identity-based encryption , 2014, Secur. Commun. Networks.

[13]  Eiji Okamoto,et al.  New Identity-Based Proxy Re-encryption Schemes to Prevent Collusion Attacks , 2010, Pairing.

[14]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[15]  Benoît Libert,et al.  Tracing Malicious Proxies in Proxy Re-encryption , 2008, Pairing.

[16]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..