Giuseppe Ateniese
Abstract
In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic proxy re-encryption, in which a semitrusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure re-encryption will become increasingly popular as a method for managing encrypted file systems. Although efficiently computable, the wide-spread adoption of BBS re-encryption has been hindered by considerable security risks. Following recent work of Dodis and Ivan, we present new re-encryption schemes that realize a stronger notion of security and demonstrate the usefulness of proxy re-encryption as a method of adding access control to a secure file system. Performance measurements of our experimental file system demonstrate that proxy re-encryption can work effectively in practice.
- 104th United States Congress. 1996. Health Insurance Portability and Accountability Act of 1996 (HIPPA). http://aspe.hhs.gov/admnsimp/pl104191.htm; Last access: August 16, 2004.]]Google Scholar
- Adya, A., Bolosky, W., Castro, M., Chaiken, R., Cermak, G., Douceur, J., Howell, J., Lorch, J., Theimer, M., and Wattenhofer, R. 2002. Farsite: federated, available, and reliable storage for an incompletely trusted environment. SIGOPS Oper. Syst. Rev. 36, SI. 1--14.]] Google Scholar
- An, J. H., Dodis, Y., and Rabin, T. 2002. On the security of joint signature and encryption. In Proceedings of Eurocrypt '02. Vol. 2332 of LNCS. 83--107.]] Google Scholar
- Ateniese, G., Fu, K., Green, M., and Hohenberger, S. 2005. Improved proxy re-encryption schemes with applications to secure distributed storage. In Proceedings of the 12th Annual Network and Distributed System Security Symposium. Internet Society, 29--44.]]Google Scholar
- Baek, J., Steinfeld, R., and Zheng, Y. 2002. Formal proofs for the security of signcryption. In Proceedings of Public Key Cryptography '02. Vol. 2274 of LNCS. 80--98.]] Google Scholar
- Blaze, M. 1993. A cryptographic file system for UNIX. In ACM Conference on Computer and Communications Security. 9--16.]] Google Scholar
- Blaze, M., Bleumer, G., and Strauss, M. 1998. Divertible protocols and atomic proxy cryptography. In Proceedings of Eurocrypt '98. Vol. 1403. 127--144.]]Google Scholar
- Boneh, D. and Franklin, M. 2003. Identity-based encryption from the Weil Pairing. SIAM Journal of Computing 32, 3, 586--615.]] Google Scholar
- Boneh, D., Shacham, H., and Lynn, B. 2001. Short signatures from the Weil pairing. In Proceedings of Asiacrypt '01. Vol. 2248. 514--532.]] Google Scholar
- Boneh, D., Gentry, C., Lynn, B., and Shacham, H. 2003. Aggregate and verifiably encrypted signatures. In Proceedings of Eurocrypt '03. Vol. 2656 of LNCS. 416--432.]]Google Scholar
- Bresson, E., Catalano, D., and Pointcheval, D. 2003. A simple public-key cryptosystem. In Proceedings of Asiacrypt '03. Vol. 2894 of LNCS. 37--54.]]Google Scholar
- Cheon, J. H. and Lee, D. H. 2001. Diffie-Hellman problems and bilinear maps. Cryptology ePrint Archive: Report 2002/117.]]Google Scholar
- Cramer, R. and Shoup, V. 2002. Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In Proceedings of Eurocrypt '02. Vol. 2332 of LNCS. 45--64.]] Google Scholar
- Dodis, Y., Franklin, M. K., Katz, J., Miyaji, A., and Yung, M. 2003. Intrusion-resilient public-key encryption. In Proceedings of CT-RSA '03. Vol. 2612 of LNCS. 19--32.]]Google Scholar
- Dodis, Y., Franklin, M. K., Katz, J., Miyaji, A., and Yung, M. 2004. A generic construction for intrusion-resilient public-key encryption. In Proceedings of CT-RSA '04. Vol. 2964 of LNCS. 81--98.]]Google Scholar
- Dodis, Y. and Ivan, A. 2003. Proxy cryptography revisited. In Proceedings of the Tenth Network and Distributed System Security Symposium.]]Google Scholar
- Dodis, Y. and Yampolskiy, A. 2005. A verifiable random function with short proofs an keys. In Public Key Cryptography. Vol. 3386 of LNCS. 416--431.]] Google Scholar
- Dodis, Y., Katz, J., Xu, S., and Yung, M. 2002. Key-insulated public key cryptosystems. In Proceedings of Eurocrypt '02. Vol. 2332 of LNCS. 65--82.]] Google Scholar
- Elgamal, T. 1984. A public key cryptosystem and a signature scheme based on discrete logarithms. In Proceedings of Crypto '84. 10--18.]] Google Scholar
- Fiat, A. and Shamir, A. 1986. How to prove yourself: Practical solutions to identification and signature problems. In Proceedings of Crypto '86. Vol. 263 of LNCS. 186--194.]] Google Scholar
- Fu, K. 1999. Group sharing and random access in cryptographic storage file systems. M.S. thesis, Massachusetts Institute of Technology, Cambridge, MA.]]Google Scholar
- Fu, K. 2005. Integrity and access control in untrusted content distribution networks. Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA.]] Google Scholar
- Fu, K., Kaashoek, M. F., and Mazières, D. 2002. Fast and secure distributed read-only file system. ACM Trans. Comput. Systems 20, 1, 1--24.]] Google Scholar
- Fujisaki, E. and Okamoto, T. 1999. Secure integration of asymmetric and symmetric encryption schemes. In Proceedings of Crypto '99. Vol. 1666 of LNCS. 537--554.]] Google Scholar
- Galbraith, S. D., Harrison, K., and Soldera, D. 2002. Implementing the Tate pairing. In Proceedings of the Algorithmic Number Theory Symposium. Vol. 2369 of LNCS. 324--337.]] Google Scholar
- Goh, E.-J., Shacham, H., Modadugu, N., and Boneh, D. 2003. SiRiUS: Securing remote untrusted storage. In Proceedings of the Tenth Network and Distributed System Security Symposium. 131--145.]]Google Scholar
- Goldwasser, S. and Micali, S. 1984. Probabilistic encryption. Journal of Computer and System Sciences 28, 2, 270--299.]]Google Scholar
- Golle, P., Jakobsson, M., Juels, A., and Syverson, P. F. 2004. Universal re-encryption for mixnets. In Proceedings of CT-RSA '04. Vol. 2964 of LNCS. 163--178.]]Google Scholar
- Harrington, A. and Jensen, C. 2003. Cryptographic access control in a distributed file system. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). ACM, Villa Gallia, Como, Italy.]] Google Scholar
- Jakobsson, M. 1999. On quorum controlled asymmetric proxy re-encryption. In Proceedings of Public Key Cryptography. 112--121.]] Google Scholar
- Joux, A. 2000. A one-round protocol for tripartite Diffie-Hellman. In Proceedings of ANTS-IV conference, Lecture Notes in Computer Science. Vol. 1838. 385--394.]] Google Scholar
- Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., and Fu, K. 2003. Plutus: scalable secure file sharing on untrusted storage. In Proceedings of the Second USENIX Conference on File and Storage Technologies.]] Google Scholar
- Li, J., Krohn, M. N., Mazières, D., and Shasha, D. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation. San Francisco, CA, 91--106.]] Google Scholar
- Mambo, M. and Okamoto, E. 1997. Proxy cryptosystems: Delegation of the power to decrypt ciphertexts. IEICE Trans. Fund. Electronics Communications and Computer Science E80-A/1, 54--63.]]Google Scholar
- Perlman, R. and Kaufman, C. 2001. PDM: A new strong password-based protocol. In Proceedings of the 10th USENIX Security Symposium.]] Google Scholar
- Reed, D. and Svobodova, L. 1981. Swallow: A distributed data storage system for a local network. In Local Networks for Computer Communications, A. West and P. Janson, Eds. North-Holland, Amsterdam, 355--373.]]Google Scholar
- Rosenblum, M. and Ousterhout, J. 1991. The design and implementation of a log-structured file system. In Proceedings of the 13th ACM Symposium on Operating Systems Principles (SOSP). Pacific Grove, CA. 1--15.]] Google Scholar
- Schnorr, C.-P. 1991. Efficient signature generation by smart cards. Journal of Cryptography 4, 161--174.]]Google Scholar
- Scott, M. 2005. MIRACL library. Indigo Software. http://indigo.ie/~mscott/#download.]]Google Scholar
- Shoup, V. 1997. Lower bounds of discrete logarithms and related problems. In Proceedings of Eurocrypt '97. Vol. 1233 of LNCS. 256--266.]]Google Scholar
- Zheng, Y. 1997. Signcryption and its applications in efficient public key solutions. In Proceedings of ISW '97. Vol. 1396 of LNCS. 291--312.]] Google Scholar
- Zhou, L., Marsh, M. A., Schneider, F. B., and Redz, A. 2004. Distributed blinding for ElGamal re-encryption. Tech. Rep. 2004--1924, Cornell Computer Science Department, Ithaca, NY.]]Google Scholar
Index Terms
- Improved proxy re-encryption schemes with applications to secure distributed storage
Recommendations
Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings
Proxy re-encryption (PRE) is a useful primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one key into an encryption of the same plaintext under another key. A PRE scheme is bidirectional if the proxy is able to ...
Certificateless Proxy Re-Encryption Without Pairing: Revisited
SCC '15: Proceedings of the 3rd International Workshop on Security in Cloud ComputingProxy Re-Encryption was introduced by Blaze, Bleumer and Strauss to efficiently solve the problem of delegation of decryption rights. In proxy re-encryption, a semi-honest proxy transforms a ciphertext intended for Alice to a ciphertext of the same ...
Chosen-Ciphertext Secure Proxy Re-encryption without Pairings
CANS '08: Proceedings of the 7th International Conference on Cryptology and Network SecurityIn a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such ...
Reviews
Stefano Zanero
Handling the delegation of materials encrypted with a public key without handing over the private key, and instead allowing a proxy to transparently modify the ciphertext in such a way as to allow a designated third party access to it is a well-known problem in public key cryptography. This paper introduces the problem in a very understandable manner, and thoroughly analyzes the current approaches, the level of trust that has to be placed in the proxy, and the resulting features of various schemes. A naive scheme entrusts the proxy with the private key of the original recipient, but this is evidently unfeasible, unless forms of secret sharing are used. The Blaze-Bleumer-Strauss scheme creates a bidirectional proxy that can be undesirable if the original recipients want the new recipient to read the content, but not vice versa. Additionally, this delegation is transitive (the new recipient can further forward the content), and if the proxy and the new recipient collude, they can retrieve the private key of the original recipient. The Dodis-Ivan scheme realizes a unidirectional proxy, but creates additional secrets that have to be transmitted to the final recipient and that have to be managed. The authors propose new schemes that combine the features of these earlier attempts, and add new features, such as time-limited delegations, nontransitivity, and nontransferability. They discuss the performance of their schemes and an implementation they created, which they make available upon request. This paper provides an excellent tutorial on this topic, and introduces new algorithms that improve the current state of the art. As an additional bonus, it is very well written and readable, even to nonexperts in the field. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments