Threshold- Based Pairing-free Conditional Anonymous Proxy Re-Encryption Scheme
-
摘要: 条件代理重加密(CPRE)可以根据条件对密文进行细粒度的授权,现有的CPRE方案只检查原密文的条件,忽略了重加密密钥的条件符合性,也不对条件信息进行保护,容易造成隐私泄露。该文构造了基于门限的无双线性对条件匿名代理重加密方案(TB-CAPRE),对密文和重加密密钥的条件同时进行验证,并将敏感的条件信息进行匿名化处理,利用门限将重加密分布到多个代理节点完成,能够抵御合谋攻击。理论分析证明了该方案在随机预言模型下满足适应性选择密文攻击下的不可区分安全性(IND-CCA)。效率和计算量分析表明TB-CAPRE在增加安全性和相关功能后并没有引入过大的开销,可以应用到分布式环境中。Abstract: Conditional Proxy Re-Encryption (CPRE) can grant fine-grained authorization to the original ciphertext according to the conditions. The existing CPRE schemes only check the conditions of the original ciphertext, but ignore the conditions of the re-encryption key. No effective measures are taken to protect the conditions in these CPRE schemes, which may lead to privacy disclosure of conditions. A Threshold-Based Conditional Anonymous Proxy Re-Encryption scheme (TB-CAPRE) is constructed, which can not only verify the conditions of ciphertext and re-encryption key at the same time, but also make sensitive conditional information anonymous. The re-encryption processes are completed by multiple agent nodes, so TB-CAPRE can resist the collusion attacks. The theoretical analysis proves that the new scheme is INDistinguishable against adaptive Chosen-Ciphertext Attack(simply donoted by IND-CCA) in the random oracle. The analysis of performance and computation shows that TB-CAPRE does not introduce excessive overhead while increasing security and related functions. It is possible that TB-CAPRE is applied to distributed environment.
-
Key words:
- Conditional Proxy Re-Encryption (CPRE) /
- Threshold /
- Conditional anonymous /
- Pairing-free
-
表 1 计算效率与特点对比
表 2 本方案计算量
ReKeyGen Encrypt ReEncrypt Dcrypt1 Decypt2 计算量 $ 3e+3h $ $ 2e+4h $ $ 5ke+2kh $ $ 3e+2h $ $ 4e+3h $ -
[1] BLAZE M, BLEUMER G, and STRAUSS M. Divertible protocols and atomic proxy cryptography[C]. International Conference on the Theory and Application of Cryptographic Techniques, Espoo, Finland, 1998: 127–144. [2] CANETTI R and HOHENBERGER S. Chosen-ciphertext secure proxy re-encryption[C]. The 14th ACM Conference on Computer and Communications Security, Alexandria, USA, 2007: 185–194. [3] JIANG M M, HU Y P, WANG B C, et al. Lattice-based multi-use unidirectional proxy re-encryption[J]. Security and Communication Networks, 2015, 8(18): 3796–3803. doi: 10.1002/sec.1300 [4] WENG Jian, DENG R H, LIU Shengli, et al. Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings[J]. Information Sciences, 2010, 180(24): 5077–5089. doi: 10.1016/j.ins.2010.08.017 [5] LIBERT B and VERGNAUD D. Unidirectional chosen-ciphertext secure proxy re-encryption[J]. IEEE Transactions on Information Theory, 2011, 57(3): 1786–1802. doi: 10.1109/TIT.2011.2104470 [6] RAWAL B S. Proxy re-encryption architect for storing and sharing of cloud contents[J]. International Journal of Parallel, Emergent and Distributed Systems, 2020, 35(3): 219–235. doi: 10.1080/17445760.2018.1439491 [7] VIJAYAKUMAR V, PRIYAN M K, USHADEVI G, et al. E-health cloud security using timing enabled proxy re-encryption[J]. Mobile Networks and Applications, 2019, 24(3): 1034–1045. doi: 10.1007/s11036-018-1060-9 [8] SU Mang and WANG Liangchen. PreBAC: A novel access control scheme based proxy re-encryption for cloud computing[J]. KSII Transactions on Internet and Information Systems, 2019, 13(5): 2754–2767. doi: 10.3837/tiis.2019.05.028 [9] QIAN Xin, YANG Zhen, WANG Shihui, et al. A no-pairing proxy re-encryption scheme for data sharing in untrusted cloud[C]. The 5th International Conference on Artificial Intelligence and Security, New York, USA, 2019: 85–96. [10] WANG Xu’an, YANG Xiaoyuan, LI Cong, et al. Improved functional proxy re-encryption schemes for secure cloud data sharing[J]. Computer Science and Information Systems, 2018, 15(3): 585–614. doi: 10.2298/CSIS171218024W [11] 苏铓, 曹梦元, 谢绒娜, 等. 基于代理重加密的物联网云节点授权可信更新机制[J]. 计算机研究与发展, 2018, 55(7): 1479–1487. doi: 10.7544/issn1000-1239.2018.20180056SU Mang, CAO Mengyuan, XIE Rongna, et al. PRE-TUAN: Proxy re-encryption based trusted update scheme of authorization for nodes on IoT cloud[J]. Journal of Computer Research and Development, 2018, 55(7): 1479–1487. doi: 10.7544/issn1000-1239.2018.20180056 [12] WENG Jian, DENG R H, DING Xuhua, et al. Conditional proxy re-encryption secure against chosen-ciphertext attack[C]. The 4th International Symposium on Information, Computer, and Communications Security, Sydney, Australia, 2009: 322–332. [13] ZENG Peng and CHOO K K R. A new kind of conditional proxy re-encryption for secure cloud storage[J]. IEEE Access, 2018, 6: 70017–70024. doi: 10.1109/ACCESS.2018.2879479 [14] SUN Maosheng, GE Chunpeng, FANG Liming, et al. Conditional proxy broadcast re-encryption with fine grain policy for cloud data sharing[J]. International Journal of Embedded Systems, 2019, 11(2): 115–124. doi: 10.1504/IJES.2019.098296 [15] HUANG Qinlong, YANG Yixian, and FU Jingyi. PRECISE: Identity-based private data sharing with conditional proxy re-encryption in online social networks[J]. Future Generation Computer Systems, 2018, 86: 1523–1533. doi: 10.1016/j.future.2017.05.026 [16] LIU Yepeng, REN Yongjun, GE Chunpeng, et al. A CCA-secure multi-conditional proxy broadcast re-encryption scheme for cloud storage system[J]. Journal of Information Security and Applications, 2019, 47: 125–131. doi: 10.1016/j.jisa.2019.05.002 [17] 徐洁如, 陈克非, 沈忠华, 等. 无双线性对的基于证书多域条件代理重加密方案[J]. 密码学报, 2018, 5(1): 55–67. doi: 10.13868/j.cnki.jcr.000218XU Jieru, CHEN Kefei, SHEN Zhonghua, et al. Pairing-free certificate-based multi-domain conditional proxy re-encryption scheme[J]. Journal of Cryptologic Research, 2018, 5(1): 55–67. doi: 10.13868/j.cnki.jcr.000218 [18] LI Jiguo, ZHAO Xuexia, ZHANG Yichen, et al. Provably secure certificate-based conditional proxy re-encryption[J]. Journal of Information Science and Engineering, 2016, 32(4): 813–830. [19] LU Yang. Efficient certificate-based proxy re-encryption scheme for data sharing in public clouds[J]. KSII Transactions on Internet and Information Systems, 2015, 9(7): 2703–2718. doi: 10.3837/tiis.2015.07.021 [20] PAUL A, SELVI S S D, and RANGAN C P. A provably secure conditional proxy re-encryption scheme without pairing[J]. IACR Cryptology ePrint Archive, 2019, 2019: 1135. [21] JAKOBSSON M. On quorum controlled asymmetric proxy re-encryption[C]. The 2nd International Workshop on Practice and Theory in Public Key Cryptography, Kamakura, Japan, 1999: 112–121. [22] PATIL S M and PURUSHOTHAMA B R. Non-transitive and collusion resistant quorum controlled proxy re-encryption scheme for resource constrained networks[J]. Journal of Information Security and Applications, 2020, 50: 102411. doi: 10.1016/j.jisa.2019.102411 [23] CHEN Xi, LIU Yong, LI Yong, et al. Threshold proxy re-encryption and its application in blockchain[C]. The 4th International Conference on Cloud Computing and Security, Haikou, China, 2018: 16–25. [24] PATIL S M and PURUSHOTHAMA B R. RSA-based collusion resistant quorum controlled proxy re-encryption scheme for distributed secure communication[C]. The 15th International Conference on Distributed Computing and Internet Technology, Bhubaneswar, India, 2019: 349–363. [25] CHOW S S M, WENG Jian, YANG Yanjiang, et al. Efficient unidirectional proxy re-encryption[C]. The 3rd International Conference on Cryptology in Africa, Stellenbosch, South Africa, 2010: 316–332. [26] CORON J S. On the exact security of full domain hash[C]. The 20th Annual International Cryptology Conference, Santa Barbara, USA, 2000: 229–235.
表(2)
计量
- 文章访问数: 1131
- HTML全文浏览量: 523
- PDF下载量: 91
- 被引次数: 0