Abstract
As smart education evolves, there is an increasing need for the cloud-centric management and sharing of student exercise physiological data gathered through wearable devices in the physical education domain. However, challenges arise in achieving authentication for data sources, ensuring the security of sensitive data, and implementing efficient dynamic access control. Traditional cryptographic schemes face limitations in resisting quantum attacks, authenticating data sources, protecting identity privacy, handling dynamic permission changes, and computational efficiency. To tackle these challenges, we put forward a lattice-based Online/Offline Identity-Based Matchmaking Proxy Re-Encryption (OO-IB-MPRE) scheme. The scheme offers post-quantum security assurances grounded in lattice cryptography (under the LWE/ISIS assumptions); incorporates Identity-Based matchmaking encryption (IB-ME) to realize bidirectional identity matching, which not only enables identity authentication for data sources but also safeguards the sender’s identity privacy from exposure to other entities; leverages Proxy Re-Encryption (PRE) to support dynamic management of access control; and combines online/offline encryption to adapt to resource constrained sensors. The security of the OO-IB-MPRE scheme is verified under standard lattice assumptions to meet the security requirements of semi-selective privacy and authenticity. Performance analysis and experimental validation demonstrate that in comparison to existing lattice-based PRE schemes, the devised scheme shows notable advantages in both space and computational overhead. Therefore, the proposed OO-IB-MPRE offers a secure, efficient, and scalable solution for the sensitive health data in smart physical education.