A Novel Revocable and Identity-Based Conditional Proxy Re-Encryption Scheme With Ciphertext Evolution for Secure Cloud Data Sharing

Proxy re-encryption (PRE), with the unique ciphertext transformation ability, enables various ciphertext authorization applications to be implemented efficiently. However, most existing PRE schemes mainly focus on access authorization while ignoring the situation where the key needs to be changed and the ciphertext needs to be evolved, making the scheme’s practicability and security inadequate. Moreover, the few schemes that simultaneously combine ciphertext authorization, key update, and ciphertext evolution are not satisfactory in terms of security. For solving this problem, based on Xiong et al.’s scheme, this paper proposes an improved revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution (RIB-CPRE-CE) for secure and efficient cloud data sharing. The proposed scheme inherits the characteristics of multi-use, constant ciphertext length, fine-grained authorization, collision-resistance security, and chosen ciphertext attack (CCA) security from the original method. Also, it supports updating ciphertext to adapt to the new key after changing the identity (key) or achieves authorization revocation by evolving ciphertext. Two new algorithms, URKeyGen and UpReEnc, have been integrated into the original delegation scheme to support ciphertext evolution. The formal definition, security model, concrete construction, and security analysis of RIB-CPRE-CE have been presented. The comparison and analysis show that the proposed scheme is practical and secure. Although it adds a ciphertext evolution function for supporting key update and delegation revocation, its efficiency and security are not reduced. The proposed scheme can also be used in other access authorization systems that need to change the key or revoke the authorization. It has certain practicability and security.

[1]  Yunlei Zhao,et al.  Direct Constructions of Bidirectional Proxy Re-Encryption with Alleviated Trust in Proxy , 2011, IACR Cryptol. ePrint Arch..

[2]  Robert H. Deng,et al.  Conditional proxy re-encryption secure against chosen-ciphertext attack , 2009, ASIACCS '09.

[3]  Gunasekaran Manogaran,et al.  E-Health Cloud Security Using Timing Enabled Proxy Re-Encryption , 2018, Mobile Networks and Applications.

[4]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[5]  Elaine B. Barker Recommendation for Key Management, Part 1: General , 2016 .

[6]  Anmin Fu,et al.  CCA-Secure Revocable Identity-Based Encryption With Ciphertext Evolution in the Cloud , 2018, IEEE Access.

[7]  Robert H. Deng,et al.  On the security of two identity-based conditional proxy re-encryption schemes , 2016, Theor. Comput. Sci..

[8]  Joseph K. Liu,et al.  An Efficient Cloud-Based Revocable Identity-Based Proxy Re-encryption Scheme for Public Clouds Data Sharing , 2014, ESORICS.

[9]  Jinyue Xia,et al.  Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds , 2019, IEEE Transactions on Dependable and Secure Computing.

[10]  Chien-Ming Chen,et al.  Flexible, Efficient, and Secure Access Delegation in Cloud Computing , 2019, ACM Trans. Manag. Inf. Syst..

[11]  Man Ho Au,et al.  Constant-Size CCA-Secure Multi-hop Unidirectional Proxy Re-encryption from Indistinguishability Obfuscation , 2018, ACISP.

[12]  Yuan Li,et al.  Cloud‐aided scalable revocable identity‐based encryption scheme with ciphertext update , 2017, Concurr. Comput. Pract. Exp..

[13]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[14]  Zhong Chen,et al.  Fully Secure Unidirectional Identity-Based Proxy Re-encryption , 2011, ICISC.

[15]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[16]  Zhenfu Cao,et al.  Multi-use unidirectional identity-based proxy re-encryption from hierarchical identity-based encryption , 2012, Inf. Sci..

[17]  Xiao Tan,et al.  Chosen-ciphertext secure multi-hop identity-based conditional proxy re-encryption with constant-size ciphertexts , 2014, Theor. Comput. Sci..

[18]  AtenieseGiuseppe,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006 .

[19]  Simon Duquennoy,et al.  Secure Sharing of Partially Homomorphic Encrypted IoT Data , 2017, SenSys.

[20]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[21]  Zhiguang Qin,et al.  A Survey of Proxy Re-Encryption for Secure Data Sharing in Cloud Computing , 2016 .

[22]  In-Ho Ra,et al.  A Collusion-Resistant Identity-Based Proxy Reencryption Scheme with Ciphertext Evolution for Secure Cloud Sharing , 2020, Secur. Commun. Networks.

[23]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[24]  Jian Wang,et al.  A novel authorization delegation scheme for multimedia social networks by using proxy re-encryption , 2015, Multimedia Tools and Applications.

[25]  Yao Wang,et al.  A Source Hiding Identity-Based Proxy Reencryption Scheme for Wireless Sensor Network , 2018, Secur. Commun. Networks.

[26]  Mihir Bellare,et al.  Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles , 2007, Public Key Cryptography.