A Multi-hop and Distributed Proxy Re-encryption Scheme with Dynamic Re-sharing

Abstract

In order to achieve delegated data sharing, a reliable proxy is required for both data storage and execution of the delegated authorization. The PRE scheme is a representative technique for delegating data sharing, which involves a single proxy to transform the encryption by reencrypting algorithm with an auth-key, without knowing any knowledge about the plaintext. However, most PRE schemes are performed in a centralized environment, which means the system will crash upon the proxy is off-work. In this paper, we optimize the PRE scheme from two aspects. Firstly, the proxy acting as the key path is decentralized in a thresholdbased network, which will provide continuous PRE service when any t out of N nodes work. Moreover, considering the flexible entry and exit mechanism of the decentralized nodes, this proposal presents a re-share algorithm to ensure N live nodes. Secondly, we adopt the multi-hop re-encryption strategy for transitivity of ciphertext, so that the data owner is released from re-encryption key generation task upon user requests, and the authorized delegatees are able to retransform the encryption to designated users by using its own secret key.