AnImprovedCloud-BasedRevocableIdentity-BasedProxyRe-encryptionScheme资源-CSDN文库

44 浏览量 2021-02-09 17:35:58 上传评论收藏 249KB PDF 举报

资源推荐

资源详情

资源评论

An Improved Cloud-Based Revocable

Identity-Based Proxy Re-encryption Scheme

Changji Wang

1,2(

)

, Jian Fang

2,3

,andYuanLi

2,3

School of Software, Yunnan University, Kunming 650500, China

wchangji@gmail.com

Guangdong Key Laboratory of Information Security Technology,

Sun Yat-sen University, Guangzhou 510275, China

School of Information Science and Technology, Sun Yat-sen University,

Guangzhou 510275, China

Abstract. Key revocation and ciphertext update are two prominent

security requirements for identity-based encryption systems from a prac-

tical view. Several solutions to oﬀer eﬃcient key revocation or cipher-

text update for identity-based encryption systems have been proposed in

the literature. However, how to achieve both key revocation and cipher-

text update functionalities simultaneously in identity-based encryption

systems is still an open problem. Recently, Liang et al. introduce the

notion of cloud-based revocable identity-based proxy re-encryption (CR-

IB-PRE) scheme with the aim to achieve both ciphertext update and

key revocation functionalities, and present a CR-IB-PRE scheme from

bilinear pairings. In this paper, we ﬁrst showed Liang et al.’s scheme has

serious security pitfalls such as re-encryption key forgery and collusion

attack, which lead to revoked users can decrypt any ciphertext regard-

ing their identities at any time period. We then redeﬁned the syntax

and security model of CR-IB-PRE scheme and proposed an improved

CR-IB-PRE scheme from bilinear pairings. The improved scheme not

only achieves collusion resistance, but also takes lower decryption com-

putation and achieves constant size re-encrypted ciphtertext. Finally,

we proved the improved CR-IB-PRE scheme is adaptively secure in the

standard model under DBDH assumption.

Keywords: Identity-based encryption

· Proxy re-encryption · Key

revocation

· Ciphertext update · Cloud computing

1 Introduction

The concept of identity-based public key cryptography (ID-PKC) was originally

introduced by Shamir [1] to avoid cumbersome certiﬁcate management. In an

identity-based crypto-system, users do not need to pre-compute public key and

private key pairs and obtain certiﬁcates for their public keys. Instead, users’ iden-

tiﬁers information such as email addresses, telephone numbers or social security

numbers can be used as users’ public keys, while private keys are derived at

 Springer-Verlag Berlin Heidelberg 2015

W. Niu et al. (Eds.): ATIS 2015, CCIS 557, pp. 14–26, 2015.

DOI: 10.1007/978-3-662-48683-2

An Improved CR-IB-PRE Scheme 15

any time by a trusted third party, called private key generator (PKG), upon

request by the designated users. Since Boneh and Franklin [2] proposed the ﬁrst

practical and provable secure identity-based encryption (IBE) scheme in 2001,

research on ID-PKC has become a hot topic in cryptography [3–6].

Revocation capability is indispensable to IBE systems from a practical point

of view [2]. Suppose that a user Alice whose private key is compromised or

stolen, or she has left the organization, the PKG should revoke Alice’s private

key in time to mitigate the damage that an adversary with Alice’s compromised

private key to access conﬁdential data encrypted under her identity. Note that

revocable IBE only assures that revoked users cannot decrypt ciphertexts gener-

ated after revocation, however, it cannot prevent a revoked user from accessing

ciphertexts which were created before the revocation, since the old private key of

the revoked user is enough to decrypt these ciphertexts. Thus, ciphertext update

or re-encryption is necessary and crucial to IBE systems [7].

Several solutions to oﬀer eﬃcient revocation functionality or ciphertext

update functionality for IBE systems have been proposed in the literatures

[8–16]. However, how to achieve both key revocation and ciphertext update

functionalities simultaneously in IBE systems is still an open problem. Recently,

Liang et al. [17] introduce the notion of cloud-based revocable identity-based

proxy re-encryption (CR-IB-PRE) scheme with the aim to achieve both cipher-

text update and revocation functionalities for IBE systems. In a CR-IB-PRE

scheme, ciphertexts are encrypted under a certain identity and time period and

stored in the cloud. At the end of a given time period, the cloud service provider

(CSP), acting as a semi-trust proxy, will re-encrypt all ciphertexts of the user

under the current time period to the next time period, no matter a user is

revoked or not. If a user Alice is revoked in the forthcoming time period, she

cannot decrypt the ciphertexts by using her expired private key anymore.

In this paper, we ﬁrst showed that Liang et al.’s scheme has serious secu-

rity pitfalls such as re-encryption key forgery and collusion attack, which lead

to revoked users can decrypt any ciphertext regarding their identities at any

time period. Then, we reﬁned the syntax deﬁnition and security model for CR-

IB-PRE scheme. The reﬁned syntax for CR-IB-PRE scheme is similar to that

of self-updatable encryption scheme recently proposed by Lee [18], where the

CSP can update stored ciphertexts without any interaction with data owners as

long as the revocation event happens. In our reﬁned security model for CR-IB-

PRE scheme, an adversary can choose an original ciphertext or a re-encrypted

ciphertext as the challenge ciphertext. In particular, we consider the decryption

key exposure attack [10], which means an adversary can obtain long-term pri-

vate keys and decryption keys corresponding to identities and some time periods

of his choice. Next, we proposed an improved CR-IB-PRE scheme from bilin-

ear pairings. The improved scheme not only achieves collusion resistance, but

also takes lower decryption computation and achieves constant size re-encrypted

ciphtertext. Finally, we proved the improved CR-IB-PRE scheme is adaptively

secure in the standard model under DBDH assumption.

剩余12页未读，继续阅读

评论收藏

内容反馈

weixin_38547397

粉丝: 2
资源: 907

An Improved Cloud-Based Revocable Identity-Based Proxy Re-encryp...

最新资源

An Improved Cloud-Based Revocable Identity-Based Proxy Re-encryp...

An Improved ID-based Proxy Signature Scheme with Message Recovery

An improved neuro-dynamics-based approach to online path planning for multi-robots in unknown dynamic environments

code:AN IMPROVED NON-LOCAL DENOISING ALGORITHM

A New VLSI Structure for An Improved Near-lossless Color Image

Performance optimization of an improved movement-based location update scheme in real PCS networks

An Improved Non-isolated LED Converter

Cepstrum-Based Pitch Detection Using a New.pdf

An improved edge-based level set method combining local regional fitting information for noisy image segmentation

Differential evolution with improved individual-based parameter setting and selection strategy

眼底血管分割with an improved cross-entropy loss function.pdf

An Improved AM-FM-Based Approach for Reconstructing Fingerprints from Minutiae

An Improved Teaching-Learning-Based Optimization with the Social Character of PSO for Global Optimization

Improved Recurrent Neural Networks for Session-based Recommendations.pdf

Improved MDS-Based Localization（mds-map(p)）

An improved self-calibration approach based on adaptive genetic algorithm for position-based visual servo (2008年)

Qt 5实现串口调试助手 （源工程文件、0积分下载）

【SystemVerilog】路科验证V2学习笔记（全600页）.pdf

AutoSAR标准协议4.2.2

光伏-储能并网系统仿真.rar

XCP协议的规范文档

GD32替换STM32注意事项.pdf

NPPJSONViewer.zip

蓝牙BLE协议中文版.pdf

CANoe通过CAPL脚本实现自动测试

AD20官方中文教程.pdf

最新资源

Qt 5实现串口调试助手（源工程文件、0积分下载）