Abstract
In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic proxy re-encryption, in which a semitrusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure re-encryption will become increasingly popular as a method for managing encrypted file systems. Although efficiently computable, the wide-spread adoption of BBS re-encryption has been hindered by considerable security risks. Following recent work of Dodis and Ivan, we present new re-encryption schemes that realize a stronger notion of security and demonstrate the usefulness of proxy re-encryption as a method of adding access control to a secure file system. Performance measurements of our experimental file system demonstrate that proxy re-encryption can work effectively in practice.
- 104th United States Congress. 1996. Health Insurance Portability and Accountability Act of 1996 (HIPPA). http://aspe.hhs.gov/admnsimp/pl104191.htm; Last access: August 16, 2004.]]Google Scholar
- Adya, A., Bolosky, W., Castro, M., Chaiken, R., Cermak, G., Douceur, J., Howell, J., Lorch, J., Theimer, M., and Wattenhofer, R. 2002. Farsite: federated, available, and reliable storage for an incompletely trusted environment. SIGOPS Oper. Syst. Rev. 36, SI. 1--14.]] Google Scholar
- An, J. H., Dodis, Y., and Rabin, T. 2002. On the security of joint signature and encryption. In Proceedings of Eurocrypt '02. Vol. 2332 of LNCS. 83--107.]] Google Scholar
- Ateniese, G., Fu, K., Green, M., and Hohenberger, S. 2005. Improved proxy re-encryption schemes with applications to secure distributed storage. In Proceedings of the 12th Annual Network and Distributed System Security Symposium. Internet Society, 29--44.]]Google Scholar
- Baek, J., Steinfeld, R., and Zheng, Y. 2002. Formal proofs for the security of signcryption. In Proceedings of Public Key Cryptography '02. Vol. 2274 of LNCS. 80--98.]] Google Scholar
- Blaze, M. 1993. A cryptographic file system for UNIX. In ACM Conference on Computer and Communications Security. 9--16.]] Google Scholar
- Blaze, M., Bleumer, G., and Strauss, M. 1998. Divertible protocols and atomic proxy cryptography. In Proceedings of Eurocrypt '98. Vol. 1403. 127--144.]]Google Scholar
- Boneh, D. and Franklin, M. 2003. Identity-based encryption from the Weil Pairing. SIAM Journal of Computing 32, 3, 586--615.]] Google Scholar
- Boneh, D., Shacham, H., and Lynn, B. 2001. Short signatures from the Weil pairing. In Proceedings of Asiacrypt '01. Vol. 2248. 514--532.]] Google Scholar
- Boneh, D., Gentry, C., Lynn, B., and Shacham, H. 2003. Aggregate and verifiably encrypted signatures. In Proceedings of Eurocrypt '03. Vol. 2656 of LNCS. 416--432.]]Google Scholar
- Bresson, E., Catalano, D., and Pointcheval, D. 2003. A simple public-key cryptosystem. In Proceedings of Asiacrypt '03. Vol. 2894 of LNCS. 37--54.]]Google Scholar
- Cheon, J. H. and Lee, D. H. 2001. Diffie-Hellman problems and bilinear maps. Cryptology ePrint Archive: Report 2002/117.]]Google Scholar
- Cramer, R. and Shoup, V. 2002. Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In Proceedings of Eurocrypt '02. Vol. 2332 of LNCS. 45--64.]] Google Scholar
- Dodis, Y., Franklin, M. K., Katz, J., Miyaji, A., and Yung, M. 2003. Intrusion-resilient public-key encryption. In Proceedings of CT-RSA '03. Vol. 2612 of LNCS. 19--32.]]Google Scholar
- Dodis, Y., Franklin, M. K., Katz, J., Miyaji, A., and Yung, M. 2004. A generic construction for intrusion-resilient public-key encryption. In Proceedings of CT-RSA '04. Vol. 2964 of LNCS. 81--98.]]Google Scholar
- Dodis, Y. and Ivan, A. 2003. Proxy cryptography revisited. In Proceedings of the Tenth Network and Distributed System Security Symposium.]]Google Scholar
- Dodis, Y. and Yampolskiy, A. 2005. A verifiable random function with short proofs an keys. In Public Key Cryptography. Vol. 3386 of LNCS. 416--431.]] Google Scholar
- Dodis, Y., Katz, J., Xu, S., and Yung, M. 2002. Key-insulated public key cryptosystems. In Proceedings of Eurocrypt '02. Vol. 2332 of LNCS. 65--82.]] Google Scholar
- Elgamal, T. 1984. A public key cryptosystem and a signature scheme based on discrete logarithms. In Proceedings of Crypto '84. 10--18.]] Google Scholar
- Fiat, A. and Shamir, A. 1986. How to prove yourself: Practical solutions to identification and signature problems. In Proceedings of Crypto '86. Vol. 263 of LNCS. 186--194.]] Google Scholar
- Fu, K. 1999. Group sharing and random access in cryptographic storage file systems. M.S. thesis, Massachusetts Institute of Technology, Cambridge, MA.]]Google Scholar
- Fu, K. 2005. Integrity and access control in untrusted content distribution networks. Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA.]] Google Scholar
- Fu, K., Kaashoek, M. F., and Mazières, D. 2002. Fast and secure distributed read-only file system. ACM Trans. Comput. Systems 20, 1, 1--24.]] Google Scholar
- Fujisaki, E. and Okamoto, T. 1999. Secure integration of asymmetric and symmetric encryption schemes. In Proceedings of Crypto '99. Vol. 1666 of LNCS. 537--554.]] Google Scholar
- Galbraith, S. D., Harrison, K., and Soldera, D. 2002. Implementing the Tate pairing. In Proceedings of the Algorithmic Number Theory Symposium. Vol. 2369 of LNCS. 324--337.]] Google Scholar
- Goh, E.-J., Shacham, H., Modadugu, N., and Boneh, D. 2003. SiRiUS: Securing remote untrusted storage. In Proceedings of the Tenth Network and Distributed System Security Symposium. 131--145.]]Google Scholar
- Goldwasser, S. and Micali, S. 1984. Probabilistic encryption. Journal of Computer and System Sciences 28, 2, 270--299.]]Google Scholar
- Golle, P., Jakobsson, M., Juels, A., and Syverson, P. F. 2004. Universal re-encryption for mixnets. In Proceedings of CT-RSA '04. Vol. 2964 of LNCS. 163--178.]]Google Scholar
- Harrington, A. and Jensen, C. 2003. Cryptographic access control in a distributed file system. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). ACM, Villa Gallia, Como, Italy.]] Google Scholar
- Jakobsson, M. 1999. On quorum controlled asymmetric proxy re-encryption. In Proceedings of Public Key Cryptography. 112--121.]] Google Scholar
- Joux, A. 2000. A one-round protocol for tripartite Diffie-Hellman. In Proceedings of ANTS-IV conference, Lecture Notes in Computer Science. Vol. 1838. 385--394.]] Google Scholar
- Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., and Fu, K. 2003. Plutus: scalable secure file sharing on untrusted storage. In Proceedings of the Second USENIX Conference on File and Storage Technologies.]] Google Scholar
- Li, J., Krohn, M. N., Mazières, D., and Shasha, D. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation. San Francisco, CA, 91--106.]] Google Scholar
- Mambo, M. and Okamoto, E. 1997. Proxy cryptosystems: Delegation of the power to decrypt ciphertexts. IEICE Trans. Fund. Electronics Communications and Computer Science E80-A/1, 54--63.]]Google Scholar
- Perlman, R. and Kaufman, C. 2001. PDM: A new strong password-based protocol. In Proceedings of the 10th USENIX Security Symposium.]] Google Scholar
- Reed, D. and Svobodova, L. 1981. Swallow: A distributed data storage system for a local network. In Local Networks for Computer Communications, A. West and P. Janson, Eds. North-Holland, Amsterdam, 355--373.]]Google Scholar
- Rosenblum, M. and Ousterhout, J. 1991. The design and implementation of a log-structured file system. In Proceedings of the 13th ACM Symposium on Operating Systems Principles (SOSP). Pacific Grove, CA. 1--15.]] Google Scholar
- Schnorr, C.-P. 1991. Efficient signature generation by smart cards. Journal of Cryptography 4, 161--174.]]Google Scholar
- Scott, M. 2005. MIRACL library. Indigo Software. http://indigo.ie/~mscott/#download.]]Google Scholar
- Shoup, V. 1997. Lower bounds of discrete logarithms and related problems. In Proceedings of Eurocrypt '97. Vol. 1233 of LNCS. 256--266.]]Google Scholar
- Zheng, Y. 1997. Signcryption and its applications in efficient public key solutions. In Proceedings of ISW '97. Vol. 1396 of LNCS. 291--312.]] Google Scholar
- Zhou, L., Marsh, M. A., Schneider, F. B., and Redz, A. 2004. Distributed blinding for ElGamal re-encryption. Tech. Rep. 2004--1924, Cornell Computer Science Department, Ithaca, NY.]]Google Scholar
Index Terms
- Improved proxy re-encryption schemes with applications to secure distributed storage
Recommendations
Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings
Proxy re-encryption (PRE) is a useful primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one key into an encryption of the same plaintext under another key. A PRE scheme is bidirectional if the proxy is able to ...
Certificateless Proxy Re-Encryption Without Pairing: Revisited
SCC '15: Proceedings of the 3rd International Workshop on Security in Cloud ComputingProxy Re-Encryption was introduced by Blaze, Bleumer and Strauss to efficiently solve the problem of delegation of decryption rights. In proxy re-encryption, a semi-honest proxy transforms a ciphertext intended for Alice to a ciphertext of the same ...
Chosen-Ciphertext Secure Proxy Re-encryption without Pairings
CANS '08: Proceedings of the 7th International Conference on Cryptology and Network SecurityIn a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such ...
Comments