Re-encryption Scheme Research Articles

Secure collaborative EHR Sharing using multi-authority attribute-based proxy re-encryption in Web 3.0

Web 3.0 represents a transformative shift toward a decentralized, intelligent, and user-centric Internet. Existing electronic health record (EHR) sharing systems depend on centralized cloud servers for storage and management, with hospitals serving as primary custodians. This centralization often results in patients losing control and visibility over their EHR data, including who accesses it and how it is utilized, which contradicts the decentralized principles of Web 3.0. In this context, we propose a multi-authority attribute-based proxy re-encryption scheme that facilitates collaborative EHR sharing in Web 3.0. Our design allows the updating of ciphertext policies, thereby eliminating the need for frequent re-encryption of plaintext data amid varying cross-domain access policies. Furthermore, our scheme utilizes blockchain technology to create a decentralized and transparent environment that enables traceable cross-domain EHR sharing records. Additionally, we integrate hybrid encryption with decentralized data hosting platforms, significantly reducing the on-chain storage burden. The use of smart contracts automates the cross-domain EHR sharing and guarantees a fair distribution of benefits among all participants. Security analysis confirms that our scheme is secure against chosen plaintext attacks and resistant to collusion. Performance analysis and simulation experiments validate the efficiency and robustness of our scheme.

Obfuscating Ciphertext-Policy Attribute-Based Re-Encryption for Sensor Networks with Cloud Storage

With the rapid growth of wireless sensor networks, secure data transmission, storage, and distribution in such networks has become an urgent demand. To defend against security risks such as data leakage, key compromise, and unauthorized misuse of data simultaneously, we propose a novel obfuscatable ciphertext-policy attribute-based re-encryption scheme with a specially designed obfuscator. The proposed scheme leverages program obfuscation to transform the re-encryption program codes into an unintelligible form and embed the private keys into the obfuscated implementation. Consequently, the proposed scheme protects data confidentiality and keeps the secrecy of the private key while providing fine-grained access control. Formal proofs for the security of the proposed re-encryption scheme and the obfuscator are provided. Extensive experiments have been conducted on representative platforms, including cloud servers, workstations, and embedded devices, to evaluate the computational efficiency and energy consumption of the scheme. Experimental results indicate that the scheme achieves high efficiency on various platforms and economical energy consumption on typical embedded devices with constrained resources.

Weighted Attribute-Based Proxy Re-Encryption Scheme with Distributed Multi-Authority Attributes.

Existing attribute-based proxy re-encryption schemes suffer from issues like complex access policies, large ciphertext storage space consumption, and an excessive authority of the authorization center, leading to weak security and controllability of data sharing in cloud storage. This study proposes a Weighted Attribute Authority Multi-Authority Proxy Re-Encryption (WAMA-PRE) scheme that introduces attribute weights to elevate the expression of access policies from binary to multi-valued, simplifying policies and reducing ciphertext storage space. Simultaneously, the multiple attribute authorities and the authorization center construct a joint key, reducing reliance on a single authorization center. The proposed distributed attribute authority network enhances the anti-attack capability of cloud storage. Experimental results show that introducing attribute weights can reduce ciphertext storage space by 50%, proxy re-encryption saves 63% time compared to repeated encryption, and the joint key construction time is only 1% of the benchmark scheme. Security analysis proves that WAMA-PRE achieves CPA security under the decisional q-parallel BDHE assumption in the random oracle model. This study provides an effective solution for secure data sharing in cloud storage.

A blockchain-based proxy re-encryption scheme with conditional privacy protection and auditability

A blockchain-based proxy re-encryption scheme with conditional privacy protection and auditability

Pairing-free Proxy Re-Encryption scheme with Equality Test for data security of IoT

The construction of IoT cloud platform brings great convenience to the storage of massive IoT node data. To ensure security of data collected by the IoT nodes, the data must be encrypted when the nodes upload it. However, it arises some challenge problems, such as efficient retrieval on encrypted data, secure de-duplication and massive data recovery. Proxy Re-Encryption with Equality Test (PREET) can be used to solve these problems. But, existing PREET schemes are based on bilinear pairings, which have low operational efficiency. In order to improve the overall operational efficiency, this paper constructs a Pairing-Free PREET scheme (PF-PREET). Security of this scheme is guaranteed by the Gap Computational Diffie–Hellman assumption in random oracle model. It is demonstrated that the PF-PREET scheme can achieve ciphertext indistinguishability for malicious users and one-wayness for malicious servers. It still has the same security level compared to existing PREET schemes by expanding the scope of the equality test. We discussed the efficiency of the proposed PF-PREET scheme in terms of overall running time, average running time of each phase and time overhead of tag test. The simulated experiment shows a certain improvement compared to PREET schemes using bilinear pairing.

Enhancing privacy and security in smart healthcare: A blockchain-powered decentralized data dissemination scheme

Dissemination of health data in smart healthcare allows a patient’s health information to be accessible across healthcare communities for the improvement of patients’ care services. In our work, data collected from a patient’s automated health device is distributed to the communities through the blockchain network. Blockchain technology paves the way for the health sector to run in a decentralized system. To achieve a secure decentralized data dissemination, the transmitted health data must be reliable, that is, data is assured originated from a legitimate device without unlawful alteration. However, verification of such reliability may jeopardize a patient’s privacy. In healthcare, privacy is of the utmost importance to protect sensitive health data. At the same time, should misbehavior arise, malicious entities should be held accountable. We satisfy these conflicting requirements of reliability, privacy and accountability with our proposed secure decentralized data dissemination scheme for smart healthcare that integrates a certificate-based signcryption with a proxy re-encryption (Sign-Proxy) scheme and an Improved Delegated Proof-of-Stake (DPoS) consensus protocol for the system construction. The Sign-Proxy provides users a desirable level of security while delivering lightweight computation for limited computing capabilities of automated health devices. In parallel, the Improved DPoS facilitates the streamlined and secure adoption of a consortium blockchain framework. The security and performance analysis indicate that the proposed scheme is resilience against adversarial attacks, achieves overall efficiency, and feasible for real-world deployment.

A lattice-based efficient certificateless public key encryption for big data security in clouds

With the advancement of technology and the development of digitization, big data has become an integral component of modern society. Due to the huge volume of big data, users generally upload data to the cloud for storage and computation. Because data in the cloud is beyond the control of users, it faces threats such as data security and personal privacy leakage. To address these concerns and achieve big data security and privacy protection in clouds, data encryption is crucial. Traditional public key encryption involves complex certificate management in a public key infrastructure (PKI). Although the identity-based encryption (IBE) scheme avoids the management of public key certificates, it has issues with key escrows and identity revocation. The certificateless public key encryption (CL-PKE) not only solves the key escrows problem in IBE, but also maintains its advantage of not requiring the use of certificate in PKI, making it suitable for the security protection of big data in clouds. However, most CL-PKE schemes are constructed based on large integer factorization and discrete logarithm problems, which cannot resist quantum computing attacks. Therefore, this paper proposes an efficient lattice-based CL-PKE scheme for big data security in clouds. In addition, the proposed scheme is extended to a lattice-based certificateless proxy re-encryption scheme, facilitating secure big data sharing in clouds. The proposed CL-PKE scheme can resist attacks from both internal and external adversaries, and has been proven to be IND-CPA secure under the learning with errors (LWE) assumption. Experiments have shown that the proposed CL-PKE scheme has lower computational and communication costs. The proposed lattice-based schemes can effectively provide post quantum security for the security and privacy protection of big data in clouds.

QBDD: Quantum-resistant blockchain-assisted deep data deduplication protocol for vehicular crowdsensing system

Vehicular Crowdsensing System (VCS) has emerged as a promising paradigm for alleviating traffic congestion and improving driving safety due to its convenient collection and aggregation of various driving and traffic-related reports. However, the rapidly growing number of vehicles means that VCS faces the severe challenge of large-capacity data storage. It has been observed that various data deduplication techniques have been devised for VCS. Unfortunately, in most solutions, the deduplication operations are centralized, unable to simultaneously reduce storage costs and bandwidth consumption. Moreover, these schemes are mainly constructed based on number-theoretic assumptions, which makes them susceptible to quantum attacks. Inspired by this fact, we introduce QBDD, a quantum-resistant blockchain-assisted second-level data deduplication protocol for privacy-preserving VCS, enabling efficient deduplication on the Road Side Unit (RSU) and Cloud Service Platform (CSP). We construct this protocol based on the Ring Learning with Errors (RLWE) problem signcryption and proxy re-encryption schemes to ensure data security. The improved Message Locking Encryption (MLE) mechanism hides the label of ciphertext and allows for quick duplicate crowdsensing report checks without compromising data privacy. Additionally, a blockchain-based distributed system is used to store crowdsensing data and maintain greedy lists, enhancing the system’s efficiency and fairness. We provide theoretical proof of QBDD’s security and conduct extensive experiments to demonstrate its practicality in post-quantum secure VCS.

Proxy re-encryption with plaintext checkable encryption for integrating digital twins into IIoT

Digital Twin (DT) technology has emerged as a robust mechanism for overseeing and improving the lifecycle processes of the Industrial Internet of Things (IIoT) by creating their virtual counterparts. The widespread employment of cloud computing is apparent in delivering computational and storage services for the DT within the IIoT environment. Ensuring the confidentiality of DT data is crucial since data owners, cloud service providers, and users operate across separate trust domains. Accordingly, public key encryption is a viable solution for managing access. However, traditional public key encryption encounters challenges in achieving effective search and secure sharing of encrypted DT data in the cloud. This paper introduces a proxy re-encryption scheme with plaintext checkable encryption for data access control (PRE-IBSC-PCE), which addresses the challenges associated with searching for and sharing encrypted digital twin data in the cloud. The PRE-IBSC-PCE achieves efficient data search and sharing while ensuring privacy, integrity, non-repudiation, and authenticity. Meanwhile, we prove that PRE-IBSC-PCE is secure under the decisional bilinear Diffie–Hellman assumption in the random oracle model. Lastly, when compared to similar schemes, the performance analysis of the PRE-IBSC-PCE is more efficient and suitable for DT applications in IIoT.

Attribute-Based Proxy Re-Encryption With Direct Revocation Mechanism for Data Sharing in Clouds

Cloud computing, which provides adequate storage and computation capability, has been a prevalent information infrastructure. Secure data sharing is a basic demand when data was outsourced to a cloud server. Attribute-based proxy re-encryption has been a promising approach that allows secure encrypted data sharing on clouds. With attribute-based proxy re-encryption, a delegator can designate a set of shared users through issuing a re-encryption key which will be used by the cloud server to transform the delegator's encrypted data to the shared users'. However, the existing attribute-based proxy re-encryption schemes lack a mechanism of revoking users from the sharing set which is critical for data sharing systems. Therefore, in this paper, we propose a concrete attribute-based proxy re-encryption with direct revocation mechanism (ABPRE-DR) for encrypted data sharing that enables the cloud server to directly revoke users from the original sharing set involved in the re-encryption key. We implemented the new schemes and evaluated its performance. The experimental results show that the proposed ABPRE-DR scheme is efficient and practical.

PREEN: An Aggregation Mechanism for Privacy-Preserving Smart-Metering Communications

The widespread use of home consumer eletronics (CEs) provides residents facility, assistance and comfort. Meanwhile, smart meters are deployed at households to optimize electricity supply and demand and improve electricity efficiency. These meters monitor, collect and aggregate the electricity consumption of the home CEs in a near-real-time way. However, such processes seriously invade consumer privacy, e.g., household occupancy and economic status. Many existing privacy-preserving schemes rely on the assumption that certain components can be trusted, which is hard to be ensured, and cannot resist against collusion attacks. In this study, we leverage differential privacy and a re-encryption model to produce a privacy-preserving aggregation mechanism, called PREEN, for smart-metering communications. PREEN simultaneously facilitates data aggregation, differential privacy, and protection against various attacks. Specifically, we adopt ElGamal algorithm to construct the re-encryption scheme and differential privacy to aggregate the consumption measurements of residential users at the gateways and control center, thereby enabling resistance against slashing privacy attacks. Strict and detailed security proofs as well as extensive performance evaluations are adopted to demonstrate that the proposed PREEN provides rigorous privacy preservation and confidentiality against diverse external and internal attacks, while remaining a comparable or even lower computational overhead and a negligible communication overhead and a reasonable accuracy in terms of the utility of differential privacy, compared to the state-of-the-art mechanisms.

Pairing-Free Certificate-Based Proxy Re-Encryption Plus Scheme for Secure Cloud Data Sharing

The popularity of secure cloud data sharing is on the rise, but it also comes with significant concerns about privacy violations and data tampering. While existing Proxy Re-Encryption (PRE) schemes effectively protect data in the cloud, challenges persist with certificate administration and key escrow. Moreover, the increasing number of users and prevalence of lightweight devices demand functional and cost-effective solutions. To address these issues, this paper presents a novel Pairing-free Certificate-Based Proxy Re-Encryption Plus scheme that leverages elliptic curve groups for improved effectiveness and performance. This scheme successfully resolves challenges related to certificate management and key escrow in traditional PRE schemes, while also introducing non-transferable and message-level fine-grained control characteristics. These enhancements bolster data security during sharing and minimize the risk of malicious information leakage. Our proposed scheme’s correctness, security, and effectiveness are rigorously verified and analyzed. The results demonstrate that the scheme achieves the chosen ciphertext security in the random oracle model. Compared to current PRE schemes, our approach offers greater advantages, lower computational overhead, and enhanced suitability for practical cloud computing applications.

AI-assisted Blockchain-enabled Smart and Secure E-prescription Management Framework

Traditional medical prescriptions based on physical paper-based documents are prone to manipulation, errors, and unauthorized reproduction due to their format. Addressing the limitations of the traditional prescription system, e-prescription systems have been introduced in several countries. However, e-prescription systems lead to several concerns like the risk of privacy loss, the problem of double-spending prescriptions, lack of interoperability, and single point of failure, all of which need to be addressed immediately. We propose an AI-assisted blockchain-enabled smart and secure e-prescription management framework to address these issues. Our proposed system overcomes the problems of the centralized e-prescription systems and enables efficient consent management to access prescriptions by incorporating blockchain-based smart contracts. Our work incorporates the Umbral proxy re-encryption scheme in the proposed system, avoiding the need for repeated encryption and decryption of the prescriptions when transferred between different entities in the network. In our work, we employ two different machine learning models(Random Forest classifier and LightGBM classifier) to assist the doctor in prescribing medicines. One is a drug recommendation model, which is aimed at providing drug recommendations considering the medical history of the patients and the general prescription pattern for the particular ailment of the patient. We have fine-tuned the SciBERT model for adverse drug reaction detection. The extensive experimentation and results show that the proposed e-prescription framework is secure, scalable, and interoperable. Further, the proposed machine learning models produce results higher than 95%.

A Robust and Lightweight Privacy-Preserving Data Aggregation Scheme for Smart Grid

Privacy-preserving data aggregation (PPDA) enables data availability and privacy preservation simultaneously in smart grid. However, existing methods, such as masking and homomorphic encryption, cannot simultaneously offer strong privacy preservation, fault tolerance for both smart meters and aggregators, verifiable aggregation, and lightweight encryption. To tackle these challenges, we design HTV-PRE, a homomorphic threshold proxy re-encryption scheme with re-encryption verifiability. HTV-PRE involves only linear operations and resists quantum attacks after being instanced by ideal lattices. By leveraging HTV-PRE, we propose a robust and lightweight data aggregation scheme with strong privacy preservation for smart grid. Robustness ensures fault tolerance and error detection. Even if some smart meters or aggregators are faulty, data aggregation can still work without imposing expensive computation on other smart meters or requiring additional trust assumptions. Additionally, to detect aggregators' errors, a proof for the aggregated result is presented so that anyone can verify whether the result has been correctly computed or not. The verifiable aggregation adds no computation/communication overhead on the user side. The performance evaluations demonstrate that our PPDA scheme significantly offloads computation overhead from smart meters and control center to the edge, and its user encryption is up to 4x faster than existing approaches.

MBP: Multi-channel broadcast proxy re-encryption for cloud-based IoT devices

The broadcast proxy re-encryption methods extend traditional proxy re-encryption mechanisms, where a single user shares the cloud data with multiple receivers. When the sender has different data to share with different sets of users, the existing broadcast proxy re-encryption schemes allow him/her to calculate distinct re-encryption keys for different groups in terms of additional computation time and overhead. To overcome these issues, we propose a scheme, named MBP, in IoT application scenario that allows the sender to calculate a single re-encryption key for all the groups of users, i.e., IoT devices. We use the multi-channel broadcast encryption concept in the broadcast proxy re-encryption method, so as single re-encryption key calculation and single re-encryption are done for different groups of IoT devices. It reduces the size of the security elements. However, it increases the computation time of the receiver IoT devices at the time of decryption of both the ciphertexts. To address this issue, we use the Rubinstein-Ståhl bargaining game approach. MBP is secure under a selective group chosen-ciphertext attack using the random oracle model. The implementation of MBP shows that it reduces the communication overhead from the data owner to the cloud server and from the cloud server to the receiver than existing algorithms.

A Blockchain-Based Secure Searching Strategy for Metadata in Mobile Edge Computing

With intelligent devices’ prevalence, mobile edge computing technology can effectively process the massive data in the Internet of Things (IoT). The metadata produced in mobile edge computing plays a role in colossal data management. However, it also includes lots of user privacy information. Traditional privacy protection solutions sacrifice the metadata’s availability or are incompatible with the distributed environment. To overcome this dilemma, we propose a blockchain-based secure searching strategy for metadata (BSSMeta) in mobile edge computing. By leveraging a lightweight proxy re-encryption scheme and a decentralized key generation method on the blockchain, BSSMeta keeps the security of the metadata searching tasks. Meanwhile, a master-slave smart contract method and a buffer uploading strategy are proposed for the efficiency of the searching and uploading processes. As a byproduct, BSSMeta also supports searching metadata in a multi-user environment and gives users access control to metadata. Finally, we provide a security analysis of BSSMeta and implement a prototype on the Hyperledger Fabric platform. The results of experiments on various workloads show that BSSMeta is feasible and flexible in security and efficiency.

Secure and efficient multi-key aggregation for federated learning

Federated learning (FL) is a distributed machine learning framework that aims to provide privacy for local datasets while learning a global machine learning model. However, the updates exchanged in FL may indirectly reveal information about the local training datasets. To protect the confidentiality of updates, various solutions using cryptographic schemes such as secret sharing, differential privacy, and homomorphic encryption have been developed. The solutions using secret sharing often have high communication costs, while those using differential privacy require a trade-off between accuracy and privacy. Homomorphic encryption has been used to address these challenges to reduce communication costs and provide provable security. However, existing solutions based on homomorphic encryption require clients to use the same public-private key pair, which may lead to local updates disclosure. To address the existing challenges, we propose a secure and efficient multi-key aggregation protocol (MKAgg) that utilizes homomorphic encryption. The protocol allows clients to drop out at any point during the process. We construct MKAgg based on a two-server model and adopt a proxy re-encryption scheme with additively homomorphic properties to implement secure and efficient ciphertext transformation and calculation. We provide security proof to demonstrate that our MKAgg protocol meets the required security standards. Furthermore, we perform an efficiency analysis of MKAgg and evaluate its performance on various datasets. The results affirm that MKAgg is both effective and efficient for aggregation in the multi-key setting. We then apply MKAgg in FL and develop a multi-key privacy-preserving neural network scheme called MKPNFL. We analyze the security of MKPNFL and conduct tests using real-world datasets. The results demonstrate that MKPNFL is secure and practical for real-world applications.

FABRIC: Fast and Secure Unbounded Cross-System Encrypted Data Sharing in Cloud Computing

Existing proxy re-encryption (PRE) schemes to secure cloud data sharing raise challenges such as supporting the heterogeneous system efficiently and achieving the unbounded feature. To address this problem, we proposed a fast and secure unbounded cross-domain proxy re-encryption scheme, named FABRIC, which enables the delegator to authorize the semi-trusted cloud server to convert one ciphertext of an identity-based encryption (IBE) scheme to another ciphertext of an attribute-based encryption (ABE) scheme. As the first scheme to achieve the feature mentioned above, FABRIC not only enjoys constant computation overhead in the encryption, decryption, and re-encryption phases when the quantity of attributes increases, but is also unbounded such that the new attributes or roles could be adopted into the system anytime. Furthermore, FABRIC achieves adaptive security under the decisional linear assumption (DLIN). Eventually, detailed theoretical and experimental analysis proved that FABRIC enjoys excellent performance in efficiency and practicality in the cloud computing scenario.

A provably secure collusion-resistant identity-based proxy re-encryption scheme based on NTRU

Proxy re-encryption (PRE) technology realizes the transformation of decryption right from a delegator to a delegatee. In response to the rapid development of quantum attack technology, scholars have proposed the lattice-based PRE schemes, and the underlying encryption scheme of most lattice-based PRE schemes is the dual cryptosystem, which has the defects of large storage overhead, computational overhead and low efficiency. To address these deficiencies, we present a novel identity-based proxy re-encryption (IB-PRE) scheme based on NTRU. By means of the underlying efficient NTRU scheme, the proposed scheme reduces the storage overhead and computational overhead on key size and computational complexity, and improves efficiency. Our scheme possesses desired properties such as multi-hop property, unidirectionality and collusion-resistance. Meanwhile, based on the decisional Hermite normal form of ring learning with errors (D-RLWEHNF) hard problem, it is carefully designed and demonstrated to be secure under selective identity and chosen plaintext attacks in the standard model.

Privacy-preserving multi-party deep learning based on homomorphic proxy re-encryption

Deep learning is an important branch of artificial intelligence. However, the first task of deep learning is to collect data, which will seriously threaten user data privacy. The existing dual server privacy-preserving deep learning schemes operate under the assumption that two semi-honest servers will not collude, but this security assumption may be too robust. This paper proposes a privacy-preserving multiparty deep learning scheme based on a homomorphic proxy re-encryption scheme, which can resist collusion between the semi-honest servers. Introducing a fog node with high response and low latency characteristics as a proxy and leveraging a one-way homomorphic proxy re-encryption scheme to convert the user-end ciphertext to server-end ciphertext reduces the possibility of privacy leakage due to cooperation between two servers or participants and servers. To avoid a rise in the rounds of interaction caused by the increase in the number of participants, a multi-party random numbers aggregation method is proposed based on verifiable secret sharing. Ensuring the sensitive data remains undisclosed while enhancing the global model’s precision. Theoretical analysis and experimental evaluation have both demonstrated that this privacy-preserving deep learning scheme is equipped to handle multiple keys, resist collusion attacks, and achieve higher accuracy.