HPRESS: A Hardware-Enhanced Proxy Re-Encryption Scheme Using Secure Enclave

Abstract

Proxy re-encryption (PRE) allows a proxy to transform one ciphertext to another under different encryption keys while keeping the underlying plaintext secret. Because of the ciphertext transformability of PRE, there are many potential private communicating applications of this feature. However, existing PRE schemes are not as full-fledged as expected. The lack of necessary features makes them hard to apply in real-world scenarios. So far, there does not exist a unidirectional multihop PRE scheme with constant decryption efficiency and constant ciphertext size without extensions. Impractical performance and weak scalability also hinder PRE from most real-world applications. In this work, we present a new PRE scheme with secure hardware enclave named <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">hPRESS</monospace> (hardware-enhanced PRE scheme using secure enclave). To the best of our knowledge, <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">hPRESS</monospace> is the first unidirectional multihop PRE scheme which achieves both constant decryption efficiency and constant ciphertext size without extensions. A detailed security analysis demonstrates that our proposal is CCA secure based on the security of the underlying encryption schemes and the secure enclave. We also implement a prototype based on Intel SGX, one of the most popular secure enclave techniques in recent years, and evaluate its performance. The experimental results show that, compared with previous PRE schemes, our <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">hPRESS</monospace> is almost one order of magnitude faster in terms of the decryption and transformation.