A Source Hiding Identity-Based Proxy Reencryption Scheme for Wireless Sensor Network

Ge, Chunpeng; Xia, Jinyue; Wu, Aaron; Li, Hongwei; Wang, Yao

doi:https://doi.org/10.1155/2018/6395362

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Machine Learning for Wireless Multimedia Data Security

View this Special Issue

Research Article | Open Access

Volume 2018 | Article ID 6395362 | https://doi.org/10.1155/2018/6395362

A Source Hiding Identity-Based Proxy Reencryption Scheme for Wireless Sensor Network

Chunpeng Ge,¹Jinyue Xia,²Aaron Wu,³Hongwei Li,⁴and Yao Wang⁴

Guest Editor: Zhaoqing Pan

Received31 May 2018

Accepted02 Oct 2018

Published17 Oct 2018

Abstract

Wireless sensor network (WSN), which extends the typical Internet environment to Internet of Things, has been deployed in various environments such as safety monitoring, intelligent transportation, and smart home. In a WSN, encryption is typically used to protect data that are stored in wireless devices. However some features like data sharing can be affected if the traditional encryption is used. A secure mechanism should support a gateway of the network to directly convert a user’s encrypted data (encrypted pollution data) to a new user’s encryption without exposing the underlying plaintext data during the whole sharing phase. In this work, a new source hiding identity-based proxy reencryption scheme (SHIB-PRE) is proposed to deal with the issue. The proposed SHIB-PRE scheme supports a proxy (gateway or cloud server) to transform a user’s encrypted date to a new user’s ciphertext as long as the proxy has the proxy reencryption key. In SHIB-PRE, the encrypted pollution data is kept secure from the proxy and the relationship between a source ciphertext and a reencrypted ciphertext is concealed from the outside eavesdropper. In this paper, we give an introduction to the definition of a source hiding identity-based proxy reencryption and its chosen plaintext security model. Further, a concrete construction will be presented and proven chosen plaintext secure under the assumption in the standard model.

1. Introduction

With the growth of wireless sensor devices, people are facing a formidable problem of huge sensor data management and maintenance [1, 2]. One cost-effective and convenient approach to resolve this issue is to deploy the sensor data on the cloud, for example, IBM cloud [3] and Amazon AWS [4]. People can adopt data encryption as an intuitive defense to ensure data confidentiality on the cloud [5]. By encrypting the sensor data and saving on the cloud, however, sharing sensor data within the wireless sensor network is limited. As a result, traditional public key encryption only guarantees the confidentiality of wireless sensor data, yet it is frustrating with the data sharing functionality.

Considering the following scenario, we will need a secure mechanism that supports a gateway of the network to directly convert a user’s encrypted data (encrypted pollution data) to a new user’s encrypted data without revealing the underlying plaintext data. Suppose many wireless sensor nodes are deployed in a wireless pollution sensor network to monitor the campus air quality. All sensor nodes send their monitoring data to the sink node and then send to the cloud through the gateway. For the purpose of confidentiality, we could encrypt the monitoring data before sending it to the sink node. In some situations, the campus administrator Alice may want to cooperate with the government institute researcher Bob to analyze the environment. As the data is encrypted by Alice’s public key, Bob cannot decrypt the encryption to get the underlying plaintext due to the fact that he does not access to Alice’s private key. What we can do in this case is that let the campus administrator Alice fetch the secret data off the cloud and then reencrypt the data with Bob’s public key. However, it can significantly increase Alice workload and violates the original intention of cloud computing, leaving heavy workload to the cloud. What is worse is that Alice should be online all time during each sharing phase. Another native solution is that Alice can store the private key in cloud. Thus the cloud can perform the download-decrypt-reencrypt work instead of Alice. But, it may be a disaster if the cloud is disclosed as the attacker can use Alice’s private key.

In addition to secure data sharing, another security requirement for above scenario is privacy preservation. If the government system is disclosed, the campus’ identity should not be revealed. This privacy-preserving property enables that, even if the government system is assailed by an adversary, the adversary can not know who is sharing the data with the government system. This requires the relationship between the campus and the government system can not be revealed by an attacker.

Therefore, a new public key encryption mechanism is desired to support data sharing and privacy preservation at the same time. Enabling the confidentiality of data and preserving the privacy without losing efficiency [6] are an important problem to be issued. In this work, we focus on solving these elusive problems by presenting a novel notion of source hiding identity-based proxy reencryption. In our proposed source hiding identity-based proxy reencryption scheme, a proxy (gateway or cloud server) with a proxy reencryption key can convert a delegator’s (campus) ciphertext to a delegate’s (government institute researcher) ciphertext without exposing the plaintext. At the meanwhile, an outsider eavesdropper can not gain the relationship between the original ciphertext and the reencrypted ciphertext.

In related work, proxy reencryption (PRE) was proposed to enable a semitrusted proxy to convert Alice’s ciphertext to Bob’s ciphertext by a reencryption key [7]. Proxy reencryption has been applied into several places, such as secure email forwarding [7, 8] and cloud computing [9]. Green et al. [10] introduced identity-based proxy reencryption in which a user’s public key is viewed as his identity. After their work, a great number of identity-based proxy reencryptions have came out [11–13] to deal with the efficiency and security property. An AB-PRE scheme was presented to apply attribute-based setting to proxy reencryption [14]. Luo, Hu, and Chen [15] revealed another scheme to provide “AND” gates on both positive and negative attributes. Later on, a ciphertext-policy attribute-based proxy reencryption (CPAB-PRE) [16, 17] was presented to support a monotonic access formula in the selective model. Further, they enhanced its security in the adaptive model [18]. Meanwhile, Ge et al. [19, 20] presented two key-policy attribute-based proxy reencryption (KPAB-PRE) schemes in both the selective and adaptive model, respectively. Recently, a DFA-based proxy reencryption scheme [21] allows the access to be described as a DFA. Unfortunately, none of these schemes support the functionality of privacy-preserving keyword search.

To capture the source hiding property, Emura, Miyaji, and Omote [22] introduced the notion of source hiding and they presented the first source hiding IB-PRE scheme in the random oracle model. However, their proof is only a heuristic argument and might lead to the scheme insecure [23]. Furthermore, the previous source hiding scheme [22] is found not collusion resistant. As a result, if a proxy colludes a set of delegates, the delegator’s message is revealed as well as the delegator’s private key.

1.1. Our Contribution

To address above problems [22], this work presents a CPA secure collusion resistant source hiding identity-based proxy scheme. Additionally, we prove the security without random oracles. More specifically, a proxy and a set of delegates can only collude to reveal the plaintext but not the delegator’s private key. The paper organizes as follows: first we describe our scheme, second we prove our scheme secure in the standard model, and finally we show it is collusion resistant.

2. Preliminaries

2.1. Bilinear Map

and denote two multiplicative cyclic groups with the same prime order . is a generator of group . A bilinear pairing is a bilinear map with the following properties [24]:(1) for all and .(2).(3)There is an efficient algorithm to compute for all .

2.2. Complexity Assumption

Our proposed system security relies on the truncated decisional Diffie-Hellman exponent (q-DDHE) assumption. Here is the assumption: given a vector of elementsit is difficult to distinguish from a random value in . Formally speaking, for all probability polynomial time adversaries , the following probability is negligible:

2.3. Identity-Based Proxy Reencryption

The encryption level in our paper is defined as follows: A “level ” ciphertext is a ciphertext generated directly by the Encrypt algorithm. A “level ” ciphertext is a reencryption result of a “level ” ciphertext by using the Reencryption algorithm. is the highest-possible ciphertext level. It is obvious that, for a single-hop IB-PRE scheme, . In this paper, we deal with single-hop IB-PRE scheme, as the max level equals 2. In our scheme, the first and second level ciphertext denote the original and reencrypted ciphertext, respectively.

Definition 1 (identity-based proxy reencryption). The following algorithms describe a single-hop identity-based proxy reencryption scheme [10]: (i)Setup(): the private key generator (PKG) runs setup with a security parameter input. This step generates the global public parameters and a master secret key .(ii)KeyGen(): in this step, KeyGen takes the master secret key and an identity as the input; it returns a private key for identity .(iii)Encrypt(): the input for this algorithm is an identity and a message (: message space); it generates the ciphertext .(iv)RKeyGen(): RKeyGen takes identities and and outputs the reencryption key .(v)ReEncrypt(): a reencryption key and a ciphertext corresponding to identity are the input; it returns the reencrypted ciphertext .(vi)Decrypt(): given a private key and a ciphertext , it outputs the plaintext or it aborts with an error symbol .

Correctness. Suppose , , , and . The correctness of IB-PRE means that

2.4. Security Notion for Key-Private IB-PRE

We describe game-based security definition of source hiding IB-PRE in this section. Compared to the work presented in [22], our security model considers the indistinguishability of message against chosen-plaintext attack (IND-CPA) and the source hiding property of IB-PRE against chosen-plaintext attack (IND-SH-CPA).

Definition 2 (IND-CPA). A (single-use) source hiding IB-PRE scheme is IND-CPA secure if no probabilistic polynomial time (PPT) adversary can win the game below with nonnegligible advantage. Next in the game, we assume is the security parameter and is the game challenger.(1)Setup: runs the Setup() algorithm to obtain the (PP, msk) and assigns PP to .(2)Query phase 1:(a)Extract(): run the KeyGen() algorithm to get and return to .(b)RKExtract(): run the RKeyGen() algorithm to get and return to .(3)Challenge. Once decides that phase 1 is finished, it outputs two equal length messages and two challenge identities . The challenger chooses a random bit and sends the challenge ciphertext to . The restrictions are that has never made the following queries:(i);(ii) and .(4)Query phase 2: continues making queries. The queries are same as phase 1, except the followings:(i);(ii) and ;(5)Guess: makes the guess and wins the game if .

We claim IB-PRE is IND-CPA secure, if the probability is negligible for all probabilistic polynomial time adversary .

Next, we present the source hiding property of IB-PRE (IND-SH-CPA) and we follow the security model of [22]. IND-SH-CPA guarantees that even if an adversary knows a mailing-list address and a mailing-list member address included in the mailing-list system, the adversary cannot identify whether a source ciphertext is the source of a destination ciphertext or not. We allow an adversary to select the challenge source identities , and the challenge ciphertext . An adversary is provided the and queries as in the IND-CPA game.(1)Setup: run the Setup() algorithm to get the (PP, msk) and then assign PP to .(2)Query phase 1:(a)Extract(): runs the KeyGen() algorithm to get and obtain .(b)RKExtract(): runs the RKeyGen() algorithm to get and obtain .(3)Challenge: as soon as considers phase 1 is over, it outputs two identities , a challenge plaintext and a challenge identity , not in . The challenger chooses a random bit and computes . Next, computes and sends the challenge ciphertext to .(4)Query phase 2: continues making queries as in the query phase 1.(5)Guess: outputs the guess . The adversary wins if .

We say that a source hiding IB-PRE scheme is IND-SH-CPA secure, if the following probability is negligible for all probabilistic polynomial time adversary :

Note that, unlike the IND-CPA security game, in the IND-SH-CPA security game, the adversary is allowed to get the private key of the target ciphertext. The IND-SH-CPA guarantees that even if can decrypt the challenge ciphertext , only can obtain the following: (1) is encrypted under identity ; (2) is the plaintext, all of which however have been already known by .

3. Our Proposed Source Hiding IB-PRE

First, we analyze what conditions IB-PRE scheme should meet such that it has the source hiding property. Second, we describe our source hiding IB-PRE scheme and prove its IND-CPA and IND-SH-CPA security.

3.1. Impossibility Result for Source Hiding IB-PRE

Before presenting our scheme, we introduce several necessary yet not sufficient conditions that are satisfying the source hiding property.

Lemma 3. As proven in [22], the adversary breaks the IND-SH-CPA security if he can learn to determine if destination ciphertexts are derived from the same source ciphertext or not.

Lemma 4. Any IB-PRE scheme, in which the algorithm is deterministic, cannot satisfy source hiding.

Proof. Suppose the algorithm is deterministic, an adversary can win the IND-SH-CPA game as below. Suppose the source ciphertext is and and the challenge ciphertext is . The adversary works as follows:(1)Makes a query and get the reencryption key .(2)Using the reencryption key , run the deterministic algorithm .(3)If , it outputs , else returns 0.It is not difficult to see that can succeed with an overwhelming probability.

3.2. Our Construction

Let and be bilinear group of prime order , and be a generator of . Additionally, let denote the bilinear map. The proposed scheme contains the following steps:(i)Setup: is the security parameter, and are the bilinear map parameters. The PKG chooses random generators , random value , and a collusion resistant hash function . It sets . The PKG keeps secret and outputs the public parameters . So master secrets are set as(ii)KeyGen(): in this step, the PKG picks a random value to compute a private key for . It calculates and the private key If , the PKG aborts.(iii)Encrypt(): the input are an identity and a message . In this step, the sender picks a random value and sets Outputs the ciphertext .(iv)RKeyGen(): on input identities and the secret key , the reencryption key is generated as follows:(1)Choose random values and , and compute .(2)Choose a random value , and set , , , and .(3)Output the reencryption key .(v)ReEncrypt(): on input a reencryption key and a ciphertext under identity , the proxy proceeds as follows:(1)Compute .(2)Choose a random value and compute(3)Choose a random value and compute(4)Output the reencrypted ciphertext .(vi)Decrypt():(a)If is an original ciphetext, let and . Compute(b)If is a reencrypted ciphetext, let . Compute

Correctness. The correctness of the proposed scheme is defined as follows:(1)For an original ciphertext , we have(2)For a reencrypted ciphertext , we have Finally, we have .

3.3. Security of Our Source Hiding IB-PRE Scheme

Theorem 5. Our scheme is IND-CPA secure without random oracles under the q-DDHE assumption.

Proof. Assuming there exists an adversary that can break our scheme’s IND-CPA security with the probability , we can construct an algorithm that can solve the q-DDHE problem with probability , where inputs a q-DDHE instance and has to distinguish from a random element in .
The approach to prove Theorem 5 follows the steps of the security proof of Gentry’s scheme [25]. Note maintains a list of tables that are empty initialized. Here is the list:(i): it keeps the secret keys tuples .(ii): it maintains the result of the queries to RKExtract() which are the tuples . In the tuples, represents the reencryption key which is a valid one, while represents the reencryption key which is a random value.(1) Setup: generates a random polynomial of degree . It sets , computing from . also picks a collusion resistant hash function . It sends the public key to . With this assignment, the master secret key is . This assignment has a distribution identical to that in the actual construction since , , and are uniformly random.(2) Query phase 1: sends a bunch of queries to , and responds as follows:(a): searches , if exists in , then obtains . Otherwise, generates a biased coin so that for some that can be determined later.(i)If , aborts and returns a random bit.(ii)If , if , we have that , uses to solve the q-DDHE problem. Else, let denote the degree polynomial . returns the private key to the adversary and adds to . Note that , which is identical to the actual construction.(b): first searches whether there is a tuple in . If yes, returns ( denotes the wildcard). Otherwise, proceeds as follows:(i)If exists in , uses to compute the reencryption key by running . returns to and adds to .(ii)Otherwise, flips a biased coin . If , queries the oracle to obtain and then computes from algorithm. returns to and adds and to and , respectively. If , first selects a random and computes as the algorithm. Next computes for randomly chosen . forwards the reencryption key to and adds to .(3) Challenge: once has decided that query phase 1 is over, it outputs two equal length plaintexts and a challenge identity . If exists in , outputs a random bit and aborts. Else if , uses to solve the q-DDHE problem. Else generates a random bit and computes a private key as in phase 1. Let and ; sets where is the coefficient of in . It sends the challenge ciphertext to . Note that, let . If , we have Thus, is a valid ciphertext for .(4) Query phase 2: continues querying as in the query phase 1 except for the restrictions described in the IND-CPA game.(5) Guess: outputs the guesse . If , outputs meaning ; else output meaning is a random value in .Probability Analysis. If does not abort, ’s view is identical to the actual scheme. Abort is defined to be the event of aborting during the simulation of query. Let denote the total number of queries; we have , which is maximized at . Using , the probability is at least , where is the base of the nature logarithm. Therefor, we have .
This completes the proof of Theorem 5.

Theorem 6. Our proposed scheme is IND-SH-CPA secure in the information theoretic sense.

Proof. Since a source identity is not included in a destination ciphertext, Theorem 6 is clearly satisfied. as , , , , and , where is a destination ciphertext, namely, a part of source ciphertext is randomized using a random value . More precisely, for and all identity , there exists a ciphertext which can be a source ciphertext of .
This completes the proof of Theorem 6.

4. Performance and Comparison

4.1. Efficiency Theoretical Analysis

To compare the performance of our scheme, we choose the existing source hiding IB-PRE scheme [22] as the base. We make the comparison in the aspect of the public/private key size, reencryption key size, level 1/level 2 ciphertext size, reencryption key generation cost, reencryption cost, and security model. Table 1 illustrates the detailed comparison. To construct a fair comparison, we choose Emura, Miyaji, and Omote’s first scheme denotes EMO 1 scheme [22], which is also CPA secure with source hiding. Let , represent the computational cost of an exponentiation and a pairing cost, respectively, denote the bit-length of an element in , respectively, and denotes the size of a hash function.

From Table 1, we found that, although the ciphertext size of our scheme is a little larger than the scheme of [22] in terms of the computational cost. However, the computational cost is the same order of magnitude. Most of important, our scheme is collusion resistant and without relying on random oracle.

4.2. Execute Time

Now we compare the proposed scheme with the existing source hiding IB-PRE scheme [22] regarding the execute time. For the scheme implementation, we use the Pairing Based Cryptography Library [26] to calculate the implementation time. Our Hardware is Intel(R) Core(TM) i5-8250U CPU @ 1.60GHZ 8GB RAM. The operation system is Linux Mint 18.1 Serena and programming language is GO 1.9. The elliptic curve and the group order is 160 bits which are selected for the experiment. In our experiment we run each experiment for times to obtain the average execution time.

From Table 2, it is observable that the execution time of , , , , , and of our scheme is a little more than scheme [22]. This coincides with the theoretical analysis.

5. Conclusions

In this paper, we introduced a new source hiding identity-based proxy reencryption scheme (SHIB-PRE) which is proposed to support a gateway of the wireless network to directly convert a user’s encrypted data (encrypted pollution data) to a new user’s encrypted data without exposing the underlying plaintext data during the whole sharing phase. Additionally, our SHIB-PRE scheme addresses the open problems left by Emura, Miyaji, and Omote [22] by presenting collusion resistant, source hiding, and against chosen ciphertext-plaintext attack secure in the standard model. Still, interesting questions are remained to be resolved and can be our future work, such as the following:

CCA-Secure. Designing a source hiding IB-PRE scheme that is chosen ciphertext secure is necessary. The technique described in [27] might be the potential approach to achieve CCA-secure.

Key-Private IB-PRE. The property of source hiding protects the source identity from a destination ciphertext. It will be challenging to design a key-private IB-PRE, in which a source identity and a destination identity are not disclosed from a reencryption key. The technique presented in [28] could be the potential approach to achieve a key-private IB-PRE scheme.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that the funding in Acknowledgments section did not lead to any conflicts of interest regarding the publication of this manuscript. Also, there is no any other conflicts of interest in the manuscript.

Acknowledgments

Chunpeng Ge is supported by the National Natural Science Foundation of China (no. 61702236) and Changzhou Sci&Tech Program (no. CJ20179027), Jinyue Xia is partially supported by the National Natural Science Foundation of China (no. 6127208361300236), and Hongwei Li is partially supported by the National Natural Science Foundation of China (no. 61702216).

References

J. Cui, Y. Zhang, Z. Cai, A. Liu, and Y. Li, “Secring display path for security-sensitive applications on mobile devices,” Computers, Materials & Continua, vol. 55, no. 1, pp. 17–35, 2018.
View at: Google Scholar
A. Pradeep, S. Mridula, and P. Mohanan, “High security identity tags using spiral resonators,” Computers, Materials and Continua, vol. 52, no. 3, pp. 185–195, 2016.
View at: Google Scholar
IBM, “Ibm smart cloud,” http://ibm.com/cloudcomputing/.
View at: Google Scholar
Amazon, “Amazon web services (aws),” http://aws.amazon.com.
View at: Google Scholar
Z. Xiangyang, D. Hua, Y. Xun, Y. Geng, and L. Xiao, “MUSE: An Efficient and Accurate Verifiable Privacy-Preserving Multikeyword Text Search over Encrypted Cloud Data,” Security and Communication Networks, vol. 2017, 2017.
View at: Google Scholar
Z. Pan, J. Lei, Y. Zhang, and F. L. Wang, “Adaptive fractional-Pixel motion estimation skipped algorithm for efficient HEVC motion estimation,” ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM), vol. 14, no. 1, pp. 1–19, 2018.
View at: Google Scholar
M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” in Advances in Cryptology—EUROCRYPT '98 (Espoo), vol. 1403 of Lecture Notes in Computer Science, pp. 127–144, Springer, Berlin, Germany, 1998.
View at: Publisher Site | Google Scholar | MathSciNet
G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” ACM Transactions on Information and System Security, vol. 9, no. 1, pp. 1–30, 2006.
View at: Publisher Site | Google Scholar | Zentralblatt MATH
Y. Ren, J. Shen, D. Liu, J. Wang, and J.-U. Kim, “Evidential quality preserving of electronic record in cloud storage,” Journal of Internet Technology, vol. 17, no. 6, pp. 1125–1132, 2016.
View at: Publisher Site | Google Scholar
J. Katz and M. Yung, “Identity-based proxy re-encryption,” in Proceedings of the nternational Conference on Applied Cryptography and Network Security, pp. 288–306, 2007.
View at: Google Scholar
C. K. Chu and W. G. Tzeng, “Identity-based proxy re-encryption without random oracles,” in International Conference on Information Security, pp. 189–202, 2007.
View at: Google Scholar
K. Liang, Z. Liu, X. Tan, D. S. Wong, and C. Tang, “A CCA-Secure Identity-Based Conditional Proxy Re-Encryption without Random Oracles,” in Information Security and Cryptology – ICISC 2012, vol. 7839 of Lecture Notes in Computer Science, pp. 231–246, Springer Berlin Heidelberg, Berlin, Heidelberg, 2013.
View at: Publisher Site | Google Scholar
C. Ge, W. Susilo, J. Wang, and L. Fang, “Identity-based conditional proxy re-encryption with fine grain policy,” Computer Standards & Interfaces, vol. 52, pp. 1–9, 2017.
View at: Publisher Site | Google Scholar
X. Liang, Z. Cao, H. Lin, and J. Shao, “Attribute based proxy re-encryption with delegating capabilities,” in Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security (ASIACCS '09), pp. 276–286, March 2009.
View at: Publisher Site | Google Scholar
S. Luo, J. Hu, and Z. Chen, “Ciphertext policy attribute-based proxy re-encryption,” in Information and Communications Security, M. Soriano, S. Qing, and J. López, Eds., vol. 6476 of Lecture Notes in Computer Science, pp. 401–415, Springer, Berlin, Germany, 2010.
View at: Publisher Site | Google Scholar
K. Liang, L. Fang, W. Susilo, and D. S. Wong, “A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security,” in Proceedings of the 5th IEEE International Conference on Intelligent Networking and Collaborative Systems, INCoS 2013, pp. 552–559, China, September 2013.
View at: Google Scholar
N. Helil and K. Rahman, “CP-ABE access control scheme for sensitive data set constraint with hidden access policy and constraint policy,” Security and Communication Networks, vol. 2017, 2017.
View at: Google Scholar
Z. Liu and D. S. Wong, “Practical ciphertext-policy attribute-based encryption: traitor tracing, revocation, and large universe,” in Applied Cryptography and Network Security, vol. 9092 of Lecture Notes in Comput. Sci., pp. 127–146, Springer, [Cham], 2015.
View at: Publisher Site | Google Scholar | MathSciNet
C. Ge, W. Susilo, J. Wang, Z. Huang, L. Fang, and Y. Ren, “A key-policy attribute-based proxy re-encryption without random oracles,” The Computer Journal, vol. 59, no. 7, pp. 970–982, 2016.
View at: Publisher Site | Google Scholar
C. Ge, W. Susilo, L. Fang, J. Wang, and Y. Shi, “A {CCA}-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system,” Designs, Codes and Cryptography. An International Journal, vol. 86, no. 11, pp. 2587–2603, 2018.
View at: Publisher Site | Google Scholar | MathSciNet
K. Liang, M. H. Au, J. K. Liu et al., “A DFA-based functional proxy re-encryption scheme for secure public cloud data sharing,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 10, pp. 1667–1680, 2014.
View at: Publisher Site | Google Scholar
K. Emura, A. Miyaji, and K. Omote, “An identity-based proxy re-encryption scheme with source hiding property, and its application to a mailing-list system,” European Public Key Infrastructure Workshop, vol. 6711, pp. 77–92, 2010.
View at: Google Scholar
C. Ran, O. Goldreich, and S. Halevi, “The random oracle methodology, revisited (preliminary version),” in Proceedings of ACM Symposium on Theory of Computing, pp. 209–218, 1998.
View at: Google Scholar
D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” SIAM Journal on Computing, vol. 32, no. 3, pp. 586–615, 2003.
View at: Publisher Site | Google Scholar | MathSciNet
C. Gentry, “Practical identity-based encryption without random oracles,” in Advances in cryptology---EUROCRYPT, vol. 4004 of Lecture Notes in Comput. Sci., pp. 445–464, Springer, Berlin, 2006.
View at: Publisher Site | Google Scholar | MathSciNet
“Library P. Pbc library,” http://github.com/Nik-U/pbc.
View at: Google Scholar
C. Ran, S. Halevi, and J. Katz, “Chosen-ciphertext security from identity-based encryption,” in International Conference on the Theory and Applications of Cryptographic Techniques, pp. 207–222, 2004.
View at: Google Scholar
J. Shao, P. Liu, and Y. Zhou, “Achieving key privacy without losing CCA security in proxy re-encryption,” The Journal of Systems and Software, vol. 85, no. 3, pp. 655–665, 2012.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2018 Chunpeng Ge et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

984

Downloads

865

Citations