Abstract
The risks of critical systems involved in key-recovery, key-escrow have barely taken to be seriously treated by the researchers. And the failures of even the best cryptographic techniques are often caused by the inherent security weaknesses in our computer systems rather than breaking the cryptographic mechanism directly. Thus key-recovery and key-escrow attacks are among the most important issues in protecting critical information systems. Proxy re-encryption, introduced by Blaze et al. in 1998, allows a proxy to transform a ciphertext computed under Alice’s public key into one that can be opened under Bob’s decryption key, without the proxy knowing any secret key of Alice and Bob, thus it can be used in modern critical information system well to avoid the key-recovery and key-escrow attack. In CANS’08, Deng et al. proposed the first IND-CCA2 secure proxy re-encryption without bilinear parings in the random oracle model. They left an open problem of constructing IND-CCA2 secure proxy re-encryption scheme in the standard model yet without pairings. In this paper, based on Cramer–Shoup encryption scheme, we try to solve this open problem by presenting a new proxy re-encryption scheme, which is IND-CCA2 secure in the standard model in a relatively weak model and does not use bilinear parings. Our main idea is roughly using the Cramer–Shoup encryption twice, but also taking care of the security in the security model of proxy re-encryption. We compare our work with Canetti–Hohenberger scheme II, the results show our scheme is more efficient. We also show its application in protecting the security of critical information systems.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Note: \(t_p\), \(t_e\) and \(t_{me}\) represent the computational cost of a bilinear pairing, an exponentiation and a multi-exponentiation respectively, while \(t_\mathsf s \) and \(t_\mathsf{v }\) represent the computational cost of a one-time signature signing and verification respectively. \(|\mathbb {G}|\), \(|\mathbb {Z}_q|\), \(|\mathbb {G}_e|\) and \(|\mathbb {G}_T|\) denote the bit-length of an element ing groups \(\mathbb {G}\), \(\mathbb {Z}_q\), \(\mathbb {G}_e\) and \(\mathbb {G}_T\) respectively. Here \(\mathbb {G}\) and \(\mathbb {Z}_q\) denote the groups used in our scheme, while \(\mathbb {G}_e\) and \(\mathbb {G}_T\) are the bilinear groups used in CH scheme II, i.e., the bilinear pairing is \(e:\mathbb {G}_e\times \mathbb {G}_e\rightarrow \mathbb {G}_T\). Finally, \(|pk_\mathsf{s }|\) and \(|\sigma _\mathsf{s }|\) denote the bit length of the one-time signature’s public key and a one-time signature respectively.
References
Abelson H, Anderson R, Bellovin SM, Benaloh J, Blaze M, Diffie W, Gilmore J, Neumann PG, Rivest RL, Schiller JI, Schneier B (1997) The risks of key recovery, key escrow, and trusted third-party encryption. World Wide Web J (Web Security: A Matter of Trust) 2, 3. O’Reilly Associates, Summer, pp 241–257
Ateniese G, Fu K, Green M, Hohenberger S (2005) Improved proxy re-encryption schemes with applications to secure distributed storage. NDSS pp 29–43
Ateniese G, Fu K, Green M, Hohenberger S (2006) Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans Inf Syst Secur 9(1):1–30
Bellare M, Rogaway P (1997) Collision-resistant hashing: towards making UOWHFs practical. In: Advances in Cryptology-Crypto’97. Springer, Berlin
Blaze M, Bleumer G, Strauss M (1998) Divertible protocols and atomic proxy cryptography. In: Advances in Cryptology-Eurocrypt’98. LNCS, vol 1403. Springer, Berlin, pp 127–144
Clark D, Earl Boebert W, Gerhart S, Guttag J, Kemmerer R, Kent S, Mann Lambert M, Lampson W, Lane J, McIlroy MD, Neumann PG, Rabin MO, Schmitt W, Tipton HF, Walker ST, Ware WH (1996) Computers at risk: safe computing in the information age. In: National Research Council, National Academy Press, Washington, pp 20418
Cramer R, Shoup V (1998) A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Advances in Cryptology-Crypto’98. LNCS, vol 1462. Springer, Berlin, pp 13–25
Cramer R, Shoup V (2003) Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J Comput 33:167–226
Canetti R, Goldwasser S (1999) An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Advances in Cryptology-Eurocrypt’99. LNCS, vol 1592. Springer, Berlin, pp 90–106
Canetti R, Halevi S, Katz J (2003) A forward-secure public-key encryption scheme. In: Advances in cryptology-EUROCRYPT’03. LNCS, vol 2656. Springer, Berlin, pp 255–271
Canetti R, Hohenberger S (2007) Chosen ciphertext secure proxy re-encryption. In: Proceedings of the 14th ACM conference on computer and communications security (CCS 2007), pp 185–194
Deng R, Weng J, Liu S, Chen K (2008) Chosen ciphertext secure proxy re-encryption without pairing. In: CANS’08. LNCS, vol 5339. Springer, Berlin, pp 1–17
Kurosawa K, Desmedt Y (2004) A new paradigm of hybrid encryption scheme. In: Crypto’04. LNCS, vol 3152. Springer, Berlin, pp 426–442
Kiltz E, Galindo D (2006) Direct chosen-ciphertext secure identity-based key encapsulation without random oracles. In: Cryptology ePrint Archive, Report 2006/034. http://eprint.iacr.org/
Kiltz E (2006) Chosen-ciphertext secure identity-based encryption in the standard model with short ciphertexts. In: Cryptology ePrint Archive, Report 2006/122. http://eprint.iacr.org/
Li J, Chen X, Li M, Li J, Lee P, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625
Li J, Kim K (2010) Hidden attribute-based signatures without anonymity revocation. Inf Sci 180(9):1681–1689 (Elsevier)
Li J, Wang Q, Wang C, Ren K (2011) Enhancing attribute-based encryption with attribute hierarchy. Mobile Networks and Applications (MONET) 16(5):553–561 (Springer-Verlag)
Libert B, Vergnaud D (2008) Unidirectional chosen-ciphertext secure proxy re-encryption. In: 11th International workshop on practice and theory in public key cryptography (PKC) 2008. LNCS, vol 4939. Springer, Berlin, pp 360–379
Mambo M, Okamoto E (1997) Proxy cryptosystems: delegation of the power to decrypt ciphertexts. IEICE Trans Fundam Electron Commun Comput Sci E80–A/1:54–63
Spaho E, Sakamoto S, Barolli L, Xhafa F, Ikeda M (2014) Trustworthiness in P2P: performance behaviour of two fuzzy-based systems for JXTA-overlay platform. Soft Comput 18(9):1783–1793
Solhaug B, Seehusen F (2014) Model-driven risk analysis of evolving critical infrastructures. J Ambient Intell Humaniz Comput 5(2):187–204
Xhafa F, Wang J, Chen X, Liu JK, Li J, Krause P (2014) An efficient PHR service system supporting fuzzy keyword search and fine-grained access control. Soft Comput 18(9):1795–1802
Yao C, Xu L, Huang X, Liu JK (2014) A secure remote data integrity checking cloud storage system from threshold encryption. J Ambient Intell Humaniz Comput 5(6):857–865
Acknowledgments
This work was supported by Natural Science Foundation of Shaanxi Province (Grant No. 2014JM8300), the Changjiang Scholars and Innovation Research Team in University (Grant NO. IRT 1078), the Key Problem of NFSC-Guangdong Union Foundation (Grant NO. U1135002), the Major Nature Science Foundation of China (Grant NO. 61370078), China 863 project, the Fundamental Research Funds for the Center Universities (Grant NO. JY10000903001), Nature Science Foundation of China (Grant NO. 61103230).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, X.A., Ma, J. & Yang, X. A new proxy re-encryption scheme for protecting critical information systems. J Ambient Intell Human Comput 6, 699–711 (2015). https://doi.org/10.1007/s12652-015-0261-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-015-0261-3