Attribute-Based Verifiable Conditional Proxy Re-Encryption Scheme
Abstract
:1. Introduction
- An AB-VCPRE scheme based on LWE is proposed. The scheme ensures by verification that the re-encryption ciphertext is correctly converted from the encryption ciphertext;
- Fine-grained access control is implemented. In combination with fully homomorphic encryption, the delegation policy supports any polynomial-depth boolean circuit;
- Robustness is achieved. The scheme uses a validation algorithm to achieve robustness. Forged or incorrectly shared ciphertexts can be detected by validating the re-encryption ciphertext with a validation server;
- The scheme satisfies CPA security. The ciphertext in our scheme needs to be signed and verified using an unforgeable homomorphic signature. This paper demonstrates that the constructed AB-VCPRE scheme is CPA security based on a LWE problem.
2. Related Work
3. Preliminaries
3.1. Lattice
3.2. Related Functions and Tools
3.2.1. Functions of Bits and Power2
3.2.2. Discrete Gaussian Distribution
- Set the rank of is , , , . Let , PPT algorithms , where is the base of , output a short base statistical distribution to ;
- : There is trapdoor of lattice , the real number , for any vector , a PPT algorithm capable of generating a vector from a distribution that is statistically close to , satisfying ;
- Let the rank of be , , a low-dimensional matrix , a trapdoor for the lattice , and . PPT algorithm output a short base with a statistical distribution close to .
3.3. Key Homomorphism
- : Taking a circuit , matrices as input, outputs a matrix ;
- : Given a circuit , matrices , a vector and vectors , outputs a vector , satisfying , where , with all but negligible probability;
- : On input a circuit , a vector , matrices , a matrix , outputs a matrix satisfying , where with all but negligible probability.
3.4. Homomorphic Signature
- : Take a safety parameter , a circuit depth , and a message length as input, output a signature private key and a verification key ;
- : Accept as inputs the message requiring signature and , output the signature ;
- : Take an evaluation circuit and signature as input, output a homomorphic calculation signature ;
- : Take , a message , a circuit and a signature , the verification algorithm either accepts the signature (outputs 1) or rejects it (outputs 0).
3.5. Robustness
4. The Model of AB-VCPRE with Re-Encryption Verification
4.1. Scheme Definition
- : Input security parameter , output public parameters ;
- : Given , output the public/private key pair for user ;
- : Taking , , plaintext , and an attribute vector as input, output a related ciphertext with ;
- : Taking , , and as input, output a message ;
- : Input , of user , of user , and a control policy/function , returns the re-encryption key related to and the corresponding signature, outputs the re-encryption verification key from user to user ;
- : With , of user , associated with , and as input. When remains constant, output the converted ciphertext , otherwise output ;
- : If the original ciphertext’s conversion to the re-encryption ciphertext is performed correctly, the output of the authentication algorithm is valid, otherwise output (invalid ciphertext).
- Decryption correctness.
- 2.
- Verification correctness.
4.2. Security Model
- : performs a key query. runs to produce the ;
- : runs to provide when receives a re-encryption key query, where and . And responds with verification key by running algorithm ;
- : sends to where and , computes a re-encryption key as in and returns a re-encrypted ciphertext by running .
5. Our Scheme
5.1. Our Scheme Composition
- Central agency generates random security parameters prime , an error sampling algorithm for B-bounded distributions, . The boolean circuit’s maximum depth is , the number of attributes is , and the Gaussian parameter is , ;
- Create the corresponding trapdoor matrix and the matrix by running algorithm ;
- Select uniform matrices with random.
- Output public parameters .
- 2.
- 3.
- Given the plaintext , attribute vectors , where . Select random vectors , error vectors ;
- Compute :
- should be set to if is null or none. Or else randomly choose uniform matrices at random, calculate
- 4.
- Compute . Set for if , or else set .
- 5.
- Randomly selected matrices , , is the Gaussian parameter, and .
- Let , . Running . Generate the basic for .
- Execute algorithm to produce , in order to obtain , of which . Compute the re-encryption key:
- Creating the verification key using algorithm and signature private key , parse each line of as , then use the signature algorithm to sign as ;
- To validate the signature, publish . Deliver and the associated signature across a secure channel to the proxy server;
- 6.
- Output if or , or else , . The proxy performs the ciphertext conversion ;
- The valuation circuit is , and the evaluation algorithm from HS creates a signature .
- 7.
5.2. Correctness and Parameters
5.2.1. The Correctness of the Original Ciphertext
5.2.2. Correctness of Conversion Ciphertext
5.2.3. Correctness of Ciphertext Verification
5.3. Security
- , , policy , set , a policy ;
- Run to make . It follows from the definition of that there is ;
- executive to generate short basic of . Run to produce , hence, an equals ;
- When , let , matrix , , create the matrix
- 5.
- When , let , matrix , , select a random uniform distribution matrix , create the matrix
- 1.
- and , where , , , ;
- 2.
- and , where , ;
- 3.
- and , where , , , for , .
6. Efficiency Analysis
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Blaze, M.; Bleumer, G.; Strauss, M. Divertible protocols and atomic proxy cryptography. In Proceedings of the Advances in Cryptology—EUROCRYPT’98: International Conference on the Theory and Application of Cryptographic Techniques, Espoo, Finland, 31 May–4 June 1998; pp. 127–144. [Google Scholar] [CrossRef]
- Green, M.; Ateniese, G. Identity-based proxy re-encryption. In Proceedings of the Applied Cryptography and Network Security: 5th International Conference, ACNS 2007, Zhuhai, China, 5–8 June 2007; pp. 288–306. [Google Scholar] [CrossRef]
- Weng, J.; Deng, R.H.; Ding, X.; Chu, C.-K.; Lai, J. Conditional proxy re-encryption secure against chosen-ciphertext attack. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, Sydney, Australia, 10–12 March 2009; pp. 322–332. [Google Scholar] [CrossRef]
- Sahai, A.; Waters, B. Fuzzy identity-based encryption. In Proceedings of the Advances in Cryptology–EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 24–26 May 2005; pp. 457–473. [Google Scholar] [CrossRef]
- Zamite, J.; Domingos, D.; Silva, M.J.; Santos, C. Group-based discretionary access control in health related repositories. J. Inf. Technol. Res. JITR 2014, 7, 78–94. [Google Scholar] [CrossRef]
- Zhao, J.; Feng, D.; Zhang, Z. Attribute-based conditional proxy re-encryption with chosen-ciphertext security. In Proceedings of the 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, Miami, FL, USA, 6–10 December 2010; pp. 1–6. [Google Scholar] [CrossRef]
- Liang, X.; Cao, Z.; Lin, H.; Shao, J. Attribute based proxy re-encryption with delegating capabilities. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, Sydney, Australia, 10–12 March 2009; pp. 276–286. [Google Scholar] [CrossRef]
- Yang, Y.; Lu, H.; Weng, J.; Zhang, Y.; Sakurai, K. Fine-grained conditional proxy re-encryption and application. In Proceedings of the Provable Security: 8th International Conference, ProvSec 2014, Hong Kong, China, 9–10 October 2014; pp. 206–222. [Google Scholar] [CrossRef]
- Mao, X.; Li, X.; Wu, X.; Wang, C.; Lai, J. Anonymous attribute-based conditional proxy re-encryption. In Proceedings of the Network and System Security: 12th International Conference, NSS 2018, Hong Kong, China, 27–29 August 2018; pp. 95–110. [Google Scholar] [CrossRef]
- Ge, C.; Susilo, W.; Wang, J.; Huang, Z.; Fang, L.; Ren, Y. A key-policy attribute-based proxy re-encryption without random oracles. Comput. J. 2016, 59, 970–982. [Google Scholar] [CrossRef]
- Li, J.; Ma, C.; Zhao, Q. Resplittable threshold multi-broker proxy re-encryption scheme from lattices. J. Commun. 2017, 38, 157–164. [Google Scholar]
- Nunez, D. Umbral: A Threshold Proxy Re-Encryption Scheme; NuCypher Inc. and NICS Lab, University of Malaga: Málaga, Spain, 2018. [Google Scholar]
- Luo, F.; Al-Kuwari, S.; Wang, F.; Chen, K. Attribute-based proxy re-encryption from standard lattices. Theor. Comput. Sci. 2021, 865, 52–62. [Google Scholar] [CrossRef]
- Huang, Q.; Yang, Y.; Fu, J. PRECISE: Identity-based private data sharing with conditional proxy re-encryption in online social networks. Future Gener. Comput. Syst. 2018, 86, 1523–1533. [Google Scholar] [CrossRef]
- Yao, S.; Dayot, R.V.J.; Kim, H.-J.; Ra, I.-H. A novel revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution for secure cloud data sharing. IEEE Access 2021, 9, 42801–42816. [Google Scholar] [CrossRef]
- Ajtai, M. Generating hard instances of lattice problems. In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, Philadelphia, PA, USA, 22–24 May 1996; pp. 99–108. [Google Scholar] [CrossRef]
- Agrawal, S.; Boneh, D.; Boyen, X. Efficient lattice (h) ibe in the standard model. In Proceedings of the Eurocrypt 2010, Berlin, Heidelberg, 30 May–3 June 2010; pp. 553–572. [Google Scholar]
- Regev, O. On lattices, learning with errors, random linear codes, and cryptography. J. ACM JACM 2009, 56, 1–40. [Google Scholar] [CrossRef]
- Aono, Y.; Boyen, X.; Phong, L.T.; Wang, L. Key-private proxy re-encryption under LWE. In Proceedings of the Progress in Cryptology–INDOCRYPT 2013: 14th International Conference on Cryptology in India, Mumbai, India, 7–10 December 2013; pp. 1–18. [Google Scholar] [CrossRef]
- Boneh, D.; Gentry, C.; Gorbunov, S.; Halevi, S.; Nikolaenko, V.; Segev, G.; Vaikuntanathan, V.; Vinayagamurthy, D. Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In Proceedings of the Advances in Cryptology–EUROCRYPT 2014: 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, 11–15 May 2014; pp. 533–556. [Google Scholar] [CrossRef]
- Gorbunov, S.; Vaikuntanathan, V.; Wee, H. Predicate encryption for circuits from LWE. In Proceedings of the Advances in Cryptology—CRYPTO 2015: 35th Annual Cryptology Conference, Santa Barbara, CA, USA, 16–20 August 2015; pp. 503–523. [Google Scholar] [CrossRef]
- Brakerski, Z.; Vaikuntanathan, V. Constrained Key-Homomorphic PRFs from Standard Lattice Assumptions: Or: How to Secretly Embed a Circuit in Your PRF. In Proceedings of the Theory of Cryptography: 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, 23–25 March 2015; pp. 1–30. [Google Scholar] [CrossRef]
- Kim, S.; Wu, D.J. Watermarking PRFs from lattices: Stronger security via extractable PRFs. In Proceedings of the Advances in Cryptology–CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, 18–22 August 2019; pp. 335–366. [Google Scholar] [CrossRef]
- Liang, X.; Weng, J.; Yang, A.; Yao, L.; Jiang, Z.; Wu, Z. Attribute-based conditional proxy re-encryption in the standard model under LWE. In Proceedings of the Computer Security–ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, 4–8 October 2021; pp. 147–168. [Google Scholar] [CrossRef]
- Håstad, J.; Impagliazzo, R.; Levin, L.A.; Luby, M. A pseudorandom generator from any one-way function. SIAM J. Comput. 1999, 28, 1364–1396. [Google Scholar] [CrossRef]
- Deng, Y. A Linearly Homomorphic Signature Scheme on Lattice. Henan Sci. 2015, 33, 1346–1351. [Google Scholar]
Construction Tool | Resisting Quantum Attack | Robustness | Method for Robustness | Tool for Robustness | |
---|---|---|---|---|---|
Scheme [15] | DBDH | No | No | None | None |
Scheme [12] | Discrete logarithm | No | Yes | zero-knowledge proof | Decisional discrete logarithm |
Scheme [11] | Lattice | No | Yes | zero-knowledge proof | Decisional discrete logarithm |
Our scheme | Lattice | Yes | Yes | Homomorphic signature | Lattice |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Tang, Y.; Jin, M.; Meng, H.; Yang, L.; Zheng, C. Attribute-Based Verifiable Conditional Proxy Re-Encryption Scheme. Entropy 2023, 25, 822. https://doi.org/10.3390/e25050822
Tang Y, Jin M, Meng H, Yang L, Zheng C. Attribute-Based Verifiable Conditional Proxy Re-Encryption Scheme. Entropy. 2023; 25(5):822. https://doi.org/10.3390/e25050822
Chicago/Turabian StyleTang, Yongli, Minglu Jin, Hui Meng, Li Yang, and Chengfu Zheng. 2023. "Attribute-Based Verifiable Conditional Proxy Re-Encryption Scheme" Entropy 25, no. 5: 822. https://doi.org/10.3390/e25050822
APA StyleTang, Y., Jin, M., Meng, H., Yang, L., & Zheng, C. (2023). Attribute-Based Verifiable Conditional Proxy Re-Encryption Scheme. Entropy, 25(5), 822. https://doi.org/10.3390/e25050822