Unidirectional Proxy Re-encryption Scheme Research Articles

HPRESS: A Hardware-Enhanced Proxy Re-Encryption Scheme Using Secure Enclave

Proxy re-encryption (PRE) allows a proxy to transform one ciphertext to another under different encryption keys while keeping the underlying plaintext secret. Because of the ciphertext transformability of PRE, there are many potential private communicating applications of this feature. However, existing PRE schemes are not as full-fledged as expected. The lack of necessary features makes them hard to apply in real-world scenarios. So far, there does not exist a unidirectional multihop PRE scheme with constant decryption efficiency and constant ciphertext size without extensions. Impractical performance and weak scalability also hinder PRE from most real-world applications. In this work, we present a new PRE scheme with secure hardware enclave named <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">hPRESS</monospace> (hardware-enhanced PRE scheme using secure enclave). To the best of our knowledge, <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">hPRESS</monospace> is the first unidirectional multihop PRE scheme which achieves both constant decryption efficiency and constant ciphertext size without extensions. A detailed security analysis demonstrates that our proposal is CCA secure based on the security of the underlying encryption schemes and the secure enclave. We also implement a prototype based on Intel SGX, one of the most popular secure enclave techniques in recent years, and evaluate its performance. The experimental results show that, compared with previous PRE schemes, our <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">hPRESS</monospace> is almost one order of magnitude faster in terms of the decryption and transformation.

Constant-size CCA-secure multi-hop unidirectional proxy re-encryption from indistinguishability obfuscation

In ACM CCS 2007, Canetti and Hohenberger left an open problem of how to construct a multi-hop unidirectional proxy re-encryption scheme secure against chosen-ciphertext attacks (CCA). To resolve this problem, we utilize the recent advances in indistinguishability obfuscation, overcome several obstacles and propose a multi-hop unidirectional proxy re-encryption scheme. The proposed scheme is proved to be CCA-secure in the standard model (i.e., without using the random oracle heuristic), and its ciphertext remains constant-size regardless of how many times it has been transformed. It is worth noting that, our techniques proposed in this paper can also be used to construct an identity-based multi-hop unidirectional PRE scheme with constant-size ciphertexts and CCA-security in the standard model.

Provably secure lattice based identity based unidirectional PRE and PRE[formula omitted] schemes

In 1998, at Eurocrypt, a novel primitive, called Proxy Re-Encryption (PRE) was introduced by Blaze, Bleumer and Strauss [1]. In the given concept, a delegator computes re-encryption key and gives it to the semi trusted proxy. Then proxy can convert a message, enciphered with Alice’s public key into a message, enciphered with Bob’s public key without knowing the message. Upto best our knowledge, we have proposed the first unidirectional PRE scheme, which is noninteractive and based on lattice based identity based cryptosystem. In this scheme a trapdoor function is used for lattices, which is proposed by Micciancio and Peikert [2]. It is simple, efficient, strong and easy to implement compared to [3]. In 2013, Wang et al.[4, 5] introduced a new primitive: PRE+, which is similar to the conventional PRE except that, in PRE+ scheme encryptor computes re-encryption keys. Here encryptor is the delegator. We have also constructed a lattice identity based unidirectional PRE+ scheme.

Improved collusion‐resistant unidirectional proxy re‐encryption scheme from lattice

Proxy re-encryption (PRE) is a promising cryptographic structure for pervasive data sharing in cloud-based social networks, which enables a semi-trusted proxy to convert a ciphertext for Alice into a ciphertext for Bob without seeing the corresponding plaintext. Since the proxy is semi-trust, a PRE scheme which can resist the collusion attack will be of great practical value. Jiang et al. in 2015 and Kim and Jeong in 2016 have proposed collusion-resistant PRE (CR-PRE) schemes from the lattice by a similar technique, respectively. However, through the analysis of their schemes, the authors find that both of them have defects in the construction of the re-encryption key, which will lead to the re-encryption ciphertext cannot be decrypted or decrypted error with high probability. In this study, the authors first point out the defects in the work of Jiang et al. 's work and Kim and Jeong's work and propose an improved collusion-resistant unidirectional PRE scheme from lattice, based on learning with errors problems. In addition to solving the defects, CR-PRE still has many useful properties similar to the previous schemes, such as unidirectional, collusion resistant, chosen-plaintext attack secure and so on.

Flexible, Efficient, and Secure Access Delegation in Cloud Computing

The convenience of the cloud-assisted Internet of Things has led to the need for improved protections for the large volumes of data collected from devices around the world and stored on cloud-based servers. Proxy re-encryption (PRE) has been presented as a suitable mechanism for secure transmission and sharing of files within the cloud. However, existing PRE schemes do not support unidirectional data transformation, fine-grained controls, multiple hops, and identity-based encryption simultaneously. To solve these problems, we propose a unidirectional multi-hop identity based-conditional PRE scheme that meets all of the above requirements. Our proposal has the additional benefits of a constant ciphertext size, non-interactivity, and collusion resistance. We also prove that our scheme is secure against adaptive identity chosen-ciphertext attacks in the standard model.

An Efficient Outsourced Privacy Preserving Machine Learning Scheme With Public Verifiability

Cloud computing has been widely applied in numerous applications for storage and data analytics tasks. However, cloud servers engaged through a third party cannot be fully trusted by multiple data users. Thus, security and privacy concerns become the main obstructions to use machine learning services, especially with multiple data providers. Additionally, some recent outsourcing machine learning schemes have been proposed in order to preserve the privacy of data providers. Yet, these schemes cannot satisfy the property of public verifiability. In this paper, we present an efficient privacy-preserving machine learning scheme for multiple data providers. The proposed scheme allows all participants in the system model to publicly verify the correctness of the encrypted data. Furthermore, a unidirectional proxy re-encryption (UPRE) scheme is employed to reduce the high computational costs along with multiple data providers. The cloud server embeds noise in the encrypted data, allowing the analytics to apply machine learning techniques and preserve the privacy of data providers’ information. The results and experiments tests demonstrate that the proposed scheme has the ability to reduce computational costs and communication overheads.

Provably secure group key management scheme based on proxy re-encryption with constant public bulletin size and key derivation time

Users share a group key to decrypt encryptions for the group using a group key management scheme. In this paper, we propose a re-encryption-based group key management scheme, which uses a unidirectional proxy re-encryption scheme with special properties to enable group members share the updated group key with minimum storage and computation overhead. In particular, we propose a proxy re-encryption scheme that supports direct re-encryption key derivation using intermediate re-encryption keys. Unlike multi-hop re-encryption, the proposed proxy re-encryption scheme does not involve repeated re-encryption of the message. All the computations are done on the re-encryption key level and only one re-encryption is sufficient for making the group key available to the users. The proposed scheme is the first for group key management based on proxy re-encryption that is secure against collusion. The individual users store just one individual secret key with group key derivation requiring O\((\log N)\) computation steps for a group of N users. Size of the public bulletin maintained to facilitate access to the most recent group key for off-line members is O(N) and remains constant with respect to the number of group updates. The proposed group key management scheme confronts attacks by a non-member and even a collusion attack under standard cryptographic assumptions.

Fast Proxy Re-Encryption for Publish/Subscribe Systems

We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption.We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BV-PRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations.

Proxy re‐encryption via indistinguishability obfuscation

AbstractIn this paper, we present a proxy re‐encryption (PRE) scheme via an indistinguishability obfuscation ( ) by adding two algorithms to the public key encryption scheme by Sahai and Waters' (STOC 2014). Although a re‐encryption function from one public key to another can be considered as a randomized functionality on the underlying plaintext and that functionality can be achieved by using a probabilistic by Canetti et al. (TCC2015), we need a sub‐exponential to construct the probabilistic . In our construction, we need not the probabilistic but the standard . In addition, our proposed PRE scheme has some good properties. That is, unidirectional re‐encryption, unbounded multi‐hop re‐encryption, constant‐size ciphertext, and fast decryption. To the best of our knowledge, this is the first construction of a multi‐hop and unidirectional PRE scheme. Copyright © 2016 John Wiley &amp; Sons, Ltd.

Collusion-resistant unidirectional proxy re-encryption scheme from lattices

Most of the previous proxy re-encryption schemes rely on the average-case hardness problems such as the integer factorization problems and the discrete logarithm problems. Therefore, they cannot guarantee its security under quantum analysis, since there exist quantum algorithms efficiently solving the factorization and logarithm problems. In the paper, we propose the first proxy re-encryption scheme based on the hard worst-case lattice problems. Our scheme has many useful properties as follows: Unidirectional, collusion-resistant, noninteractive, proxy invisible, key optimal, and nontransitive. We also provided the formal security proof of the proposed scheme in the random oracle model.

Secure and efficient data‐sharing in clouds

SummaryWith the rapid development of cloud computing, cloud storage has become a cost‐effective solution for many users with the demand of data storage. However, there are still two main concerns for users with sensitive/private data: (1) Is it secure to store private data in public cloud storages? (2) Is there an efficient way to share private data with other specified users? In the past years, several papers in the literature have used proxy re‐encryption (PRE) to address these two concerns, where the efficiency of the underlying PRE scheme is usually a bottleneck of the overall performance of cloud storages. In this paper, we dedicate to design a secure and practical PRE scheme for cloud‐based data‐sharing. First, we discuss a ‘pitfall’ in the security proof of several existing PREs. Then, we give a general framework for proving the chosen ciphertext attacks (CCA) security of single‐hop unidirectional PRE schemes. Finally, we propose a practical PRE scheme that is proven secure against CCA under the computational Diffie–Hellman problem in the random oracle model. We evaluate the performance of our PRE scheme both in theoretical comparisons with related schemes and in implementations at several security levels. The results indicate that our scheme can be practical in cloud‐based data‐sharing. Copyright © 2014 John Wiley &amp; Sons, Ltd.

Cryptanalysis of A Multi-use CCA-secure Proxy Re-encryption Scheme

Proxy re-encryption (PRE) can be classified as single-hop PRE and multi-use PRE according to the times which the ciphertext is transformed. Finding a unidirectional, multiuse, and chosen ciphertext attack (CCA) secure PRE is presented as an open problem by Canetti et al. Wang claimed to resolve this problem by proposing the first multi-use CCAsecure unidirectional PRE scheme. But Zhang et al. have shown their proposal is not CCAsecure by giving concrete attacks. In this paper, we propose an improvement for Wang-MultiUse-PRE to resist Zhang’s attack. But we also found that different with single-hop PRE, multi-use PRE without randomize encrypt key in its re-encryption algorithm could be vulnerable to attack. According to this principle we find a new type attack to multi-use CCAsecure PRE named proxy bypass attack. Then we give concrete attacks on Wang-Multi-UsePRE scheme. This attack is also effective for other multi-use scheme.

EFADS: Efficient, flexible and anonymous data sharing protocol for cloud computing with proxy re-encryption

The concept of cloud computing has emerged as the next generation of computing infrastructure to reduce the costs associated with the management of hardware and software resources. It is vital to its success that cloud computing is featured efficient, flexible and secure characteristics. In this paper, we propose an efficient and anonymous data sharing protocol with flexible sharing style, named EFADS, for outsourcing data onto the cloud. Through formal security analysis, we demonstrate that EFADS provides data confidentiality and data sharer's anonymity without requiring any fully-trusted party. From experimental results, we show that EFADS is more efficient than existing competing approaches. Furthermore, the proxy re-encryption scheme we propose in this paper may be independent of interests, i.e., compared to those previously reported proxy re-encryption schemes, the proposed scheme is the first pairing-free, anonymous and unidirectional proxy re-encryption scheme in the standard model.

Comments on “Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption”

Libert and Vergnaud proposed a unidirectional proxy re-encryption scheme with temporary delegation (IEEE Trans. Inf. Theory, vol. 57, no. 3, pp. 1786-1802, Mar. 2011). They claimed that the scheme is chosen ciphertext secure in the chosen key model. However, their proof has a minor error in the simulation of the re-encryption oracle. The adversary is able to distinguish between the simulated environment and the real attack environment by using responses from the re-encryption oracle. Fortunately, we can amend the proof without any modification of the original scheme.

SCEHSS: Secured Cloud Based Electronic Health Record Storage System with Re-Encryption at Cloud Service Provider

An electronic health record system is a collection of health related information. Instead of collecting data from single health care centre, data could be collected from various health care centers. Collected data could be further effectively utilized by healthcare and research community. Cloud computing paradigm gives better platform for connecting various communities providing data and location independence with less maintenance. A Cloud Electronic Health Record (CEHR) integrates data to serve different needs. The goal is to collect data once and use it multiple times to adopt latest technologies in medical domain. Security for data-in-transit is one of the major issues in cloud as well as in EHR systems. Our concentration is achieving highly secure data transmission through multiple encryption and re-encryption in the cloud environment without trusting cloud service provider cent percent. Using both symmetric and asymmetric algorithms the security levels of encryption is strengthened. In 2008, Libert and Vergnaud presented the first construction of unidirectional proxy re-encryption scheme with chosen-ciphertext security in the standard model. We extended the unidirectional proxy re-encryption scheme to cloud environment by assigning the responsibility of proxy to cloud service provider for securing data-in-transit.

Chosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes

A proxy re-encryption scheme enables a proxy to re-encrypt a ciphertext and designate it to a delegatee. Proxy re-encryption schemes have been found useful in many applications, including e-mail forwarding, law-enforcement monitoring, and content distribution. Libert and Vergnaud presented the first construction of unidirectional proxy re-encryption scheme with chosen ciphertext security in the standard model in PKC 2008. In this paper, we show the insecurity of Libert and Vergnaud's scheme against chosen public key attack. We note that this insecurity is not considered in the original model proposed by Libert and Vergnaud's, but we argue that our attack is very realistic and important in this scenario. Furthermore, we present a new and efficient construction proxy re-encryption (PRE) scheme. We provide chosen public key and chosen ciphertext attack security analysis for our scheme and compare their performance.

New Constructions for Identity-Based Unidirectional Proxy Re-Encryption

We address the cryptographic topic of proxy re-encryption (PRE), which is a special public-key cryptosystem. A PRE scheme allows a special entity, known as the proxy, to transform a message encrypted with the public key of a delegator (say Alice), into a new ciphertext that is protected under the public key of a delegatee (say Bob), and thus the same message can then be recovered with Bob’s private key. In this paper, in the identity-based setting, we first investigate the relationship between so called mediated encryption and unidirectional PRE. We provide a general framework which converts any secure identity-based unidirectional PRE scheme into a secure identity-based mediated encryption scheme, and vice versa. Concerning the security for unidirectional PRE schemes, Ateniese et al. previously suggested an important property known as the master secret security, which requires that the coalition of the proxy and Bob cannot expose Alice’s private key. In this paper, we extend the notion to the identity-based setting, and present an identity-based unidirectional PRE scheme, which not only is provably secure against the chosen ciphertext attack in the standard model but also achieves the master secret security at the same time.

CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles

Up to now, it is still an open question of how to construct a chosen-ciphertext secure unidirectional proxy re-encryption scheme in the adaptive corruption model. To address this problem, we propose a new unidirectional proxy re-encryption scheme, and prove its chosen-ciphertext security in the adaptive corruption model without random oracles. Compared with the best known unidirectional proxy re-encryption scheme proposed by Libert and Vergnaud in PKC’08, our scheme enjoys the advantages of both higher efficiency and stronger security.

Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption

In 1998, Blaze, Bleumer and Strauss introduced a cryptographic primitive called proxy re-encryption in which a proxy can transform-without seeing the plaintext-a ciphertext encrypted under one key into an encryption of the same plaintext under another key. The concept has recently drawn renewed interest. Notably, Canetti and Hohenberger showed how to properly define (and realize) chosen-ciphertext security for the primitive. Their system is bidirectional as the translation key allows converting ciphertexts in both directions. This paper presents the first unidirectional proxy re-encryption schemes with chosen-ciphertext security in the standard model (i.e., without the random oracle idealization). The first system provably fits a unidirectional extension of the Canetti-Hohenberger security model. As a second contribution, the paper considers a more realistic adversarial model where attackers may choose dishonest users' keys on their own. It is shown how to modify the first scheme to achieve security in the latter scenario. At a moderate expense, the resulting system provides additional useful properties such as non-interactive temporary delegations. Both constructions are efficient and rely on mild complexity assumptions in bilinear groups. Like the Canetti-Hohenberger scheme, they meet a relaxed flavor of chosen-ciphertext security introduced by Canetti, Krawczyk and Nielsen.