Abstract
Proxy re-encryption provides a promising solution to share encrypted data in consensus network. When the data owner is going to share her encrypted data with some receiver, he will generate re-encryption key for this receiver and distribute the key among the consensus network nodes following some rules. By using the re-encryption key, the nodes can transform the ciphertexts for the receiver without learning anything about the underlying plaintexts. However, if malicious nodes and receivers collude, they can obtain the capability to decrypt all transformable ciphertexts of the data owner, especially for multi-nodes setting of consensus network. In order to address this problem, some “tracing mechanisms” are naturally required to identify misbehaving nodes and foster accountability when the re-encryption key is abused for distributing the decryption capability.
In this paper, we propose a generic traceable proxy re-encryption construction from any proxy re-encryption scheme, with the twice size ciphertext as the underlying proxy re-encryption scheme. Then our construction can be instantiated properly to yield the first traceable proxy re-encryption with constant size ciphertext, which greatly reduces both the communication and storage costs in consensus network. Furthermore, we show how to generate an undeniable proof for node’s misbehavior and support accountability to any proxy re-encryption scheme. Our construction is the first traceable proxy re-encryption scheme with accountability, which is desirable in consensus network so that malicious node can be traced and cannot deny his leakage of re-encryption capabilities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
For non-negligible probability value \(\mu \), a PPT algorithm \(D_{i,\mu }\) is a \(\mu \)-useful decryption device for user i, if \(\Pr [m\leftarrow \mathsf {M},C_i\leftarrow \mathsf {Enc_2}(\mathsf {pk}_i,m),m'\leftarrow D_{i,\mu }(C_i):m=m']\ge \mu \), where \(\mathsf {M}\) is the plaintext space.
- 2.
Similarly, if the underlying PRE scheme is HRA/CCA secure, then the generic construction is also HRA/CCA secure.
References
Nucypher. https://www.nucypher.com/
Abdalla, M., Catalano, D., Dent, A.W., Malone-Lee, J., Neven, G., Smart, N.P.: Identity-based encryption gone wild. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 300–311. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_26
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: NDSS (2005)
Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054122
Boneh, D., Naor, M.: Traitor tracing with constant size ciphertext. In: Proceedings of the 15th ACM conference on Computer and communications security, pp. 501–510. ACM (2008)
Borcea, C., Polyakov, Y., Rohloff, K., Ryan, G., et al.: Picador: end-to-end encrypted publish-subscribe information distribution with proxy re-encryption. Future Gener. Comput. Syst. 71, 177–191 (2017)
Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 14th ACM conference on Computer and communications security, pp. 185–194. ACM (2007)
Chandran, N., Chase, M., Liu, F.-H., Nishimaki, R., Xagawa, K.: Re-encryption, functional re-encryption, and multi-hop re-encryption: a framework for achieving obfuscation-based security and instantiations from lattices. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 95–112. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_6
Chandran, N., Chase, M., Vaikuntanathan, V.: Functional re-encryption and collusion-resistant obfuscation. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 404–421. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_23
Cohen, A.: What about Bob? the inadequacy of CPA security for proxy reencryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 287–316. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_10
Derler, D., Krenn, S., Lorünser, T., Ramacher, S., Slamanig, D., Striecks, C.: Revisiting proxy re-encryption: forward secrecy, improved security, and applications. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 219–250. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_8
Fuchsbauer, G., Kamath, C., Klein, K., Pietrzak, K.: Adaptively secure proxy re-encryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 317–346. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_11
Goyal, V.: Reducing trust in the PKG in identity based cryptosystems. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 430–447. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_24
Goyal, V., Lu, S., Sahai, A., Waters, B.: Black-box accountable authority identity-based encryption. In: Proceedings of the 15th ACM conference on Computer and communications security, pp. 427–436. ACM (2008)
Guo, H., Zhang, Z., Xu, J., An, N.: Non-transferable proxy re-encryption. Comput. J. 62(4), 490–506 (2019). https://doi.org/10.1093/comjnl/bxy096
Guo, H., Zhang, Z., Xu, J., An, N., Lan, X.: Accountable proxy re-encryption for secure data sharing. IEEE Trans. Dependable Secure Comput. (2018)
Guo, H., Zhang, Z., Zhang, J.: Proxy re-encryption with unforgeable re-encryption keys. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 20–33. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12280-9_2
Hayashi, R., Matsushita, T., Yoshida, T., Fujii, Y., Okada, K.: Unforgeability of re-encryption keys against collusion attack in proxy re-encryption. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 210–229. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25141-2_14
Hohenberger, S., Rothblum, G.N., Shelat, A., Vaikuntanathan, V.: Securely obfuscating re-encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 233–252. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_13
Kiayias, A., Tang, Q.: Making any identity-based encryption accountable, efficiently. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 326–346. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_17
Lai, J., Deng, R.H., Zhao, Y., Weng, J.: Accountable authority identity-based encryption with public traceability. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 326–342. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36095-4_21
Lai, J., Tang, Q.: Making any attribute-based encryption accountable, efficiently. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 527–547. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_26
Libert, B., Vergnaud, D.: Tracing malicious proxies in proxy re-encryption. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 332–353. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85538-5_22
Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78440-1_21
Libert, B., Vergnaud, D.: Towards black-box accountable authority IBE with short ciphertexts and private keys. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 235–255. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_14
Myers, S., Shull, A.: Efficient hybrid proxy re-encryption for practical revocation and key rotation. Technical report, Cryptology ePrint Archive, Report 2017/833 (2017)
Myers, S., Shull, A.: Practical revocation and key rotation. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 157–178. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76953-0_9
Ning, J., Dong, X., Cao, Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 270–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_14
Pehlivanoglu, S.: An asymmetric fingerprinting code for collusion-resistant buyer-seller watermarking. In: Proceedings of the first ACM workshop on Information hiding and multimedia security, pp. 35–44. ACM (2013)
Pfitzmann, B., Schunter, M.: Asymmetric fingerprinting. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 84–95. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_8
Sahai, A., Seyalioglu, H.: Fully Secure accountable-authority identity-based encryption. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 296–316. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_19
Taban, G., Cárdenas, A.A., Gligor, V.D.: Towards a secure and interoperable drm architecture. In: Proceedings of the ACM workshop on Digital rights management, pp. 69–78. ACM (2006)
Tang, Q.: Type-based proxy re-encryption and its construction. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 130–144. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89754-5_11
Weng, J., Chen, M., Yang, Y., Deng, R., Chen, K., Bao, F.: CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles. Sci. China Inf. Sci. 53(3), 593–606 (2010)
Xu, P., Xu, J., Wang, W., Jin, H., Susilo, W., Zou, D.: Generally hybrid proxy re-encryption: a secure data sharing among cryptographic clouds. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 913–918. ACM (2016)
Zhang, J., Zhang, Z., Chen, Y.: PRE: Stronger security notions and efficient construction with non-interactive opening. In: Theoretical Computer Science (2014)
Zhang, J., Zhang, Z., Guo, H.: Towards secure data distribution systems in mobile cloud computing. IEEE Trans. Mob. Comput. 16(11), 3222–3235 (2017)
Zhang, Y., Li, J., Zheng, D., Chen, X., Li, H.: Accountable large-universe attribute-based encryption supporting any monotone access structures. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 509–524. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40253-6_31
Zuo, C., Shao, J., Liu, J.K., Wei, G., Ling, Y.: Fine-grained two-factor protection mechanism for data sharing in cloud storage. IEEE Trans. Inf. Forensics Secur. 13(1), 186–196 (2018)
Acknowledgement
This work is supported by the National Key R&D Program of China (Grant Nos 2018YFB0804105, 2017YFB0802500), the National Natural Science Foundation of China (Grant Nos 61802021, U1536205, 61572485) and the Opening Project of Guangdong Provincial Key Laboratory of Data Security and Privacy Protection (Grant No. 2017B030301004).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Asymmetric Fingerprinting Codes
A Asymmetric Fingerprinting Codes
In fingerprinting schemes, since both the provider and the receiver know the fingerprinted copy, it cannot be proved that a found copy was leaked by the receiver instead of the provider. While in asymmetric fingerprinting schemes, introduced by [30] and further studied by [29], only the receiver knows the fingerprinted copy, and a found copy can be proved to third parties whose copy it was.
Asymmetric fingerprinting is defined by the following algorithms [29]:
-
\(\mathrm {AsymCodeGen}(n,\lambda ,s_u):\) This is a two party protocol between the provider and the receiver. \(\lambda \) is the security parameter. The receiver chooses a private input \(s_u\) to generate the u-th word of the code \(\varGamma \), containing up to n codewords. At the end of this algorithm, the provider obtains a tracing key tk and the receiver gets a word \(\bar{w}^{(u)}\).
-
\(\mathrm {AsymIdentify}(tk,\bar{w}^*):\) On input of a pirate word \(\bar{w}^*\in \{0,1\}^l\), this algorithm either fails to identify and outputs \(\bot \), or outputs a codeword index \(u \in \{1,\cdots ,n\}\) along with a proof \(\varOmega \). Informally, the u-th user is “accused” of being a traitor for creating the word \(\bar{w}^*\).
-
\(\mathrm {ArbiterPredicate}(tk,u,\varOmega ,s_u)\) This is a 3-party protocol between the arbiter, the provider and the receiver. The provider inputs \((tk,u,\varOmega )\), where u denotes an index of a traitor being “accused” for creating the word \(\bar{w}^*\). The receiver inputs \(s_u\), which is his private input for creating the u-th word of the code \(\varGamma \). This predicate returns 1 if proof \(\varOmega \) contains some non-trivial information on \(s_u\) and returns 0 otherwise.
For simplifying, we consider \(\mathrm {AsymCodeGen}\) is a secure 2-party protocol as [29]. That is, the provider obtains no more than the tracing key tk and the receiver obtains no more than the word \(\bar{w}^{(u)}\).
In addition to the tracing capability, an asymmetric fingerprinting code supports two additional features, non-repudiation and non-framing. We recall the security properties of asymmetric fingerprinting codes as follows [29]:
-
Traceability: For any adversary \(\mathcal {A}\), any \(n>0\) and any subset \(C\subset \{1, \cdots , n\}\), the following holds
$$\Pr \left[ \begin{aligned} \{(\bar{w}^{(i)},tk) \leftarrow \mathrm {AsymCodeGen}(n,\lambda ,s_i)\}_{ i=1,\cdots ,n};\\ \bar{w}^*\in F(\{\bar{w}^{(i)}\}_{i\in C})\leftarrow \mathcal {A}(n,\lambda ,\{s_i,\bar{w}^{(i)}\}_{i\in C}):\\ (u,\varOmega )\leftarrow \mathrm {AsymIdentify}(tk,\bar{w}^*):\\ u=\bot \text { or } u\notin C \end{aligned} \right] < \mathsf {negl}(\lambda )$$ -
Non-repudiation: It further holds that
$$\Pr \left[ 0\leftarrow \mathrm {ArbiterPredicate}(tk,u,\varOmega ,s_u) \right] < \mathsf {negl}(\lambda )$$ -
Non-framing: For any adversary \(\mathcal {A}\), any \(n>0\) and any \(u'\in [n]\), the following holds
$$\Pr \left[ \begin{aligned} \{(\bar{w}^{(i)},tk) \leftarrow \mathrm {AsymCodeGen}(n,\lambda ,s_i)\}_{ i=1,\cdots ,n};\\ \varOmega '\leftarrow \mathcal {A}(n,\lambda ,tk,\{s_i\}_{i\in [n] \backslash \{u'\}}):\\ 1\leftarrow \mathrm {ArbiterPredicate}(tk,u',\varOmega ',s_{u'}) \end{aligned} \right] < \mathsf {negl}(\lambda )$$
Remark 2
Pehlivanoglu [29] introduced an asymmetric binary fingerprinting code based on Boneh-Shaw code and proved it satisfying the above properties. Despite that the above definition seems slightly different from [29] in expression, the functionality and security remain unchanged.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Guo, H., Zhang, Z., Xu, J., Xia, M. (2019). Generic Traceable Proxy Re-encryption and Accountable Extension in Consensus Network. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11735. Springer, Cham. https://doi.org/10.1007/978-3-030-29959-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-29959-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29958-3
Online ISBN: 978-3-030-29959-0
eBook Packages: Computer ScienceComputer Science (R0)