Abstract
Proxy re-encryption (PRE), with the unique ciphertext transformation ability, enables various ciphertext authorization applications to be implemented efficiently. However, most existing PRE schemes mainly focus on access authorization while ignoring the situation where the key needs to be changed and the ciphertext needs to be evolved, making the scheme's practicability and security inadequate. Moreover, the few schemes that simultaneously combine ciphertext authorization, key update, and ciphertext evolution are not satisfactory in terms of security. For solving this problem, based on Xiong et al.'s scheme, this paper proposes an improved revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution (RIB-CPRE-CE) for secure and efficient cloud data sharing. The proposed scheme inherits the characteristics of multi-use, constant ciphertext length, fine-grained authorization, collision-resistance security, and chosen ciphertext attack (CCA) security from the original method. Also, it supports updating ciphertext to adapt to the new key after changing the identity (key) or achieves authorization revocation by evolving ciphertext. Two new algorithms, URKeyGen and UpReEnc, have been integrated into the original delegation scheme to support ciphertext evolution. The formal definition, security model, concrete construction, and security analysis of RIB-CPRE-CE have been presented. The comparison and analysis show that the proposed scheme is practical and secure. Although it adds a ciphertext evolution function for supporting key update and delegation revocation, its efficiency and security are not reduced. The proposed scheme can also be used in other access authorization systems that need to change the key or revoke the authorization. It has certain practicability and security.
Highlights
P ROXY re-encryption (PRE) enables a semi-trusted proxy to convert a ciphertext encrypted under one user’s public key into a new ciphertext that can be decrypted by another user’s private key without revealing the underlying plaintext, which is considered a promising solution for efficiently and securely delegating data access among users [1]
PRE has been widely used in encrypted email forwarding [2], [3], digital rights management [12], cloud data sharing [13], and other delegation occasions [14], [15]
The other is the secure cloud access authorization scheme in cloud computing presented by Xiong et al [19]
Summary
P ROXY re-encryption (PRE) enables a semi-trusted proxy to convert a ciphertext encrypted under one user’s public key into a new ciphertext that can be decrypted by another user’s private key without revealing the underlying plaintext, which is considered a promising solution for efficiently and securely delegating data access among users [1]. Considering functions of the key update, authorization revocation, and ciphertext evolution in the secure data sharing scheme using PRE for delegation is necessary. For the sake of efficiency and practicability, the length of ciphertext and the complexity of decryption cannot be increased linearly with the number of re-encryption times In this aspect, the multi-hop schemes [2], [7], [8], [17] based on the GA (Green and Ateniese [6]) paradigm are not suitable due to the increment of ciphertext length. A PRE scheme that supports key update and ciphertext evolution should have the characteristics of multihop, a constant ciphertext length, collusion-resistance, and CCA security. The other is the secure cloud access authorization scheme in cloud computing presented by Xiong et al [19] Since the former does not give an efficiency analysis, its practicability needs to be verified. The latter is chosen as the underlying scheme to be improved
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
