Privacy-Preserving Proxy Re-encryption with Fine-Grained Access Control

Abstract

Proxy re-encryption is a useful cryptographic primitive in which a semi-trusted proxy agent is given delegation power to transform a ciphertext for Alice into a ciphertext for Bob without viewing the underlying plaintext. Attribute Based Encryption (ABE) is a promising cryptographic algorithm that provides confidentiality of data along with owner-enforced fine-grained access control. With attribute-based encryption, a data owner can use a set of attribute values (i.e., access policy) for encrypting a message such that only authorized entity who possesses the required set of attribute values can decrypt the ciphertext. In this paper, we propose a proxy re-encryption scheme using the merits of ciphertext-policy anonymous attribute-based encryption. The proposed scheme, termed as PRE-AABE, reduces the computation burden significantly for updating the access policy of a ciphertext to a semi-trusted proxy agent (e.g., cloud server). The proposed PRE-AABE scheme hides the access policy inside the ciphertext, so that parties except the intended receiver will not be able to figure out the purpose of the ciphertext. At the same time, the proxy agent is able to perform the re-encryption successfully without learning anything about the plaintext contents or the access policy. We show that the proposed PRE-AABE scheme is secure in IND-CP-CPA (indistinguishability against ciphertext-policy and chosen-plaintext attack) under the Decisional Bilinear Diffie-Hellman Assumption. We provide the experimental results of the scheme and show that PRE-AABE scheme is efficient and practical.