有效的带关键字搜索的代理重加密方案

2010年,Shao等人首次引入带关键字搜索的代理重加密(proxy re-encryption with keyword search, PRES)的概念,而且构造出1个在随机预言模型下可证明安全的双向PRES方案,同时该作者提出一个公开问题：怎么构造有效的在标准模型下可证明安全的PRES方案.针对这一公开问题,给出了指定检验者的具有关键字搜索性质的代理重加密(proxy re-encryption with keyword search with a designated tester, dPRES)的定义和安全模型,且构造出1个在适应性合谋模型下可证明具有抵制适应性选择关键字攻击和适应性选择密文攻击安全性的dPRES方案,而且所构造方案在标准模型下可证明安全.所构造的方案有以下3个优点：首先,当用户传递给指定检验者关键字的陷门时,不使用安全信道;第二,能够抵制关键字离线猜测攻击;第三,本方案不使用强不可伪造一次性签名方案,从而使得该方案更加有效.     

Multi-use and unidirectional identity-based proxy re-encryption schemes

In a proxy re-encryption scheme, a semi-trusted proxy is given special power that allows it to transform a ciphertext for Alice into a ciphertext for Bob without learning any information about the messages encrypted under either key. When a proxy re-encryption scheme is constructed in an identity-based setting, it means that a proxy converts a ciphertext encrypted under Alice’s identity into a ciphertext under Bob’s. Proxy re-encryption has become more and more popular these years due to the fact that it has many practical applications. In this paper, we present an IND-CCA2 secure identity-based proxy re-encryption scheme which has several useful properties, including, multi-use, unidirectionality, etc. Finding a unidirectional, multi-use, and CCA2-secure proxy re-encryption scheme is presented as an open problem by Green et al. Fortunately, our identity-based proxy re-encryption scheme is a solution to this problem. As a middleware for fulfilling our main goal, we also propose a new construction of identity-based encryption using random padding techniques. The security of our schemes is based on the standard decisional bilinear Diffie-Hellman assumption in the random oracle model.     

一种有效的带关键字搜索的代理重加密方案

带关键字搜索的公钥加密(PEKS)是一种实用的加密范例,它可以在不损害原始数据安全性的情况下搜索加密数据,同时它为解决公钥密码系统中的加密数据检索问题提供了一种有前途的解决方案。作为PEKS和代理重加密(PRE)的组合,带关键字搜索代理重加密允许一个半信任的代理同时重新加密和搜索委托的加密数据。在2010年,Shao等人首先提出了一种基于关键词搜索的代理重加密方案,但其方案的安全性是以降低计算效率为前提的。本文提出一个新的带关键字搜索的代理重加密方案来解决这个问题。与已有的方案相比,本文方案在性能上有明显的提升,使得整个方案除了测试算法外,其他算法都无需使用双线性对运算。本文方案同时满足陷门不可区分和关键字密文不可区分的安全性。对比分析表明,该方案是有效的、实用的。     

可实现隐私保护的基于属性密文可搜索方案

针对现有的基于属性的密文可搜索方案存在隐私泄露问题以及当授权用户不在线时如何安全有效地将密文以及搜索权限委托给其他人的问题进行了研究,将隐藏访问结构的基于属性密文可搜索方案与代理重加密技术融合,提出了具有部分隐藏访问结构的支持代理重加密的功能的基于属性的密文检索方案。该方案不仅有效地解决了上述问题,而且还支持关键字的更新。最后在随机预言模型下基于DL(D-linear)假设和q-BDHE (decisional q-parallel bilinear Diffie-Hellman exponent)假设,证明了本方案的安全性。     

Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings

Proxy re-encryption (PRE) is a useful primitive that allows a semi-trusted proxy to transform a ciphertext encrypted under one key into an encryption of the same plaintext under another key. A PRE scheme is bidirectional if the proxy is able to transform ciphertexts in both directions. In ACM CCS’07, Canetti and Hohenberger presented a bidirectional PRE scheme with chosen-ciphertext security, which captures the indistinguishability of ciphertexts even if the adversary has access to the standard decryption oracle as well as a re-encryption oracle and a re-encryption key oracle. They also left an important open problem to come up with a chosen-ciphertext secure PRE scheme without pairings. To resolve this problem, we propose a bidirectional PRE scheme without pairings, and prove its chosen-ciphertext security under the computational Diffie-Hellman assumption in the random oracle model. Based on this scheme, we further present a non-transitive bidirectional PRE scheme, in which the proxy alone cannot re-delegate the decryption rights.     

基于代理重加密的电子病历数据共享方案

现有的电子病历大部分只能在医生与患者之间实现数据共享,数据用户难以访问患者的电子病历。针对该问题,提出一种利用代理重加密的电子病历数据共享方案。患者通过搜索陷门得到加密电子病历,数据用户要获取其电子病历,可请求患者和云服务器进行交互,云服务器生成重加密密钥,并对电子病历密文进行代理重加密,经患者授权后将重加密密文发送给数据用户,数据用户用其私钥解密密文,最终获取电子病历数据。基于随机预言机模型的实验结果表明,该方案在改进双线性Diffie-Hellman假设和q决策双线性Diffie-Hellman逆转假设下,均可实现关键字隐私安全和消息隐私安全。     

基于区块链的电子病历数据共享方案

以区块链为数据存储平台的电子病历系统是当下研究的热点. 存储在区块链上的数据是不可变的, 这加强了数据的安全性. 提出了一个基于区块链的电子病历数据共享方案, 实现了患者和第三方数据用户在不侵犯患者隐私的前提下共享患者电子病历. 使用私有链与联盟链构造方案的系统模型, 医院服务器上存储患者的电子病历密文, 私有链上存储患者病历密文的哈希值和关键字索引, 联盟链上存储由关键字索引构成的安全索引. 同时利用可搜索加密技术实现了联盟链上对关键字的安全搜索, 运用代理重加密算法实现了第三方数据用户对患者电子病历的共享. 通过数值实验对方案进行了性能评估.     

Zero knowledge based client side deduplication for encrypted files of secure cloud storage in smart cities

As typical applications in the field of the cloud computing, cloud storage services are popular in the development of smart cities for their low costs and huge storage capacity. Proofs-of-ownership (PoW) is an important cryptographic primitive in cloud storage to ensure that a client holds the whole file rather than part of it in secure client side data deduplication. The previous PoW schemes worked well when the file is in plaintext. However, the privacy of the clients’ data may be vulnerable to honest-but-curious attacks. To deal with this issue, the clients tend to encrypt files before outsourcing them to the cloud, which makes the existing PoW schemes inapplicable any more. In this paper, we first propose a secure zero-knowledge based client side deduplication scheme over encrypted files. We prove that the proposed scheme is sound, complete and zero-knowledge. The scheme can achieve a high detection probability of the clients’ misbehavior. Then we introduced a proxy re-encryption based key distribution scheme. This scheme ensures that the server knows nothing about the encryption key even though it acts as a proxy to help distributing the file encryption key. It also enables the clients who have gained the ownership of a file to share the file with the encryption key generated without establishing secure channels among them. It is proved that the clients’ private key cannot be recovered by the server or clients collusion attacks during the key distribution phase. Our performance evaluation shows that the proposed scheme is much more efficient than the existing client side deduplication schemes.     

加密电子病历数据共享方案

为了实现电子病历数据的细粒度访问控制以及安全存储与共享,提出了一种基于属性的云链协同存储的电子病历共享方案。该方案用对称加密算法加密电子病历,用基于密文策略的属性基加密算法加密对称密钥,用可搜索加密算法加密关键字。电子病历密文存储在医疗云上,安全索引存储在联盟链上。该方案使用可搜索加密技术实现关键字的安全搜索,使用代理重加密技术实现用户属性的撤销。经安全性证明,该方案能够实现密文的安全性和关键字的安全性。数值模拟实验结果表明,该方案是有效的。     

EFADS: Efficient,flexible and anonymous data sharing protocol for cloud computing with proxy re-encryption

The concept of cloud computing has emerged as the next generation of computing infrastructure to reduce the costs associated with the management of hardware and software resources. It is vital to its success that cloud computing is featured efficient, flexible and secure characteristics. In this paper, we propose an efficient and anonymous data sharing protocol with flexible sharing style, named EFADS, for outsourcing data onto the cloud. Through formal security analysis, we demonstrate that EFADS provides data confidentiality and data sharer's anonymity without requiring any fully-trusted party. From experimental results, we show that EFADS is more efficient than existing competing approaches. Furthermore, the proxy re-encryption scheme we propose in this paper may be independent of interests, i.e., compared to those previously reported proxy re-encryption schemes, the proposed scheme is the first pairing-free, anonymous and unidirectional proxy re-encryption scheme in the standard model.     

New Constructions for Identity-Based Unidirectional Proxy Re-Encryption

We address the cryptographic topic of proxy re-encryption (PRE), which is a special public-key cryptosystem. A PRE scheme allows a special entity, known as the proxy, to transform a message encrypted with the public key of a delegator (say Alice), into a new ciphertext that is protected under the public key of a delegatee (say Bob), and thus the same message can then be recovered with Bob’s private key. In this paper, in the identity-based setting, we first investigate the relationship between so called mediated encryption and unidirectional PRE. We provide a general framework which converts any secure identity-based unidirectional PRE scheme into a secure identity-based mediated encryption scheme, and vice versa. Concerning the security for unidirectional PRE schemes, Ateniese et al. previously suggested an important property known as the master secret security, which requires that the coalition of the proxy and Bob cannot expose Alice’s private key. In this paper, we extend the notion to the identity-based setting, and present an identity-based unidirectional PRE scheme, which not only is provably secure against the chosen ciphertext attack in the standard model but also achieves the master secret security at the same time.     

支持多关键字搜索的条件代理重加密

为了实现细粒度的访问控制和多个关键字数据搜索,本文引入满足条件树和强一次性签名,提出一个可用于多个关键字搜索的条件代理重加密方案。与已有的方案相比,本文方案在计算效率上有明显的提升。该方案可抵抗选择密文攻击,在随机预言机模型下,满足选择密文攻击安全性。本文提出的方案对解决金融等行业中的敏感数据安全问题有重要的作用。     

从云邮件安全看加密技术的发展

随着云计算的快速发展,与云邮件系统相关的安全问题越来越受到人们的关注。传统公钥加密技术虽然可以满足云邮件系统的安全性需求,但是在易用性方面却存在严重不足。通过分析传统加密技术存在的不足,探讨前沿的代理重加密和可搜索公钥加密技术在解决云邮件系统的安全性与易用性方面的优势与存在的科学问题。     

指定服务器的基于身份加密连接关键字搜索方案

公钥加密关键字搜索(PEKS)允许用户发送关键字陷门给服务器,服务器可以通过陷门定位到包含用户搜索的关键字的密文。为了消除已有基于身份加密的关键字搜索(IBEKS)方案中服务器和接收者之间的安全信道,Wu等人提出了一种指定服务器基于身份加密的关键字搜索(dIBEKS)方案。可是,Wu等人提出的dIBEKS方案不满足密文不可区分性。为了克服Wu等人方案的不足,本文提出一种指定服务器基于身份加密的多关键字搜索方案。安全性分析表明,本文所提方案同时满足了密文不可区分、陷门不可区分和离线关键字猜测攻击的安全性。效率分析显示,本文的方案更高效。      

格上基于身份的可问责代理重加密方案

针对目前基于格的代理重加密方案中存在密钥滥用和数字证书管理等问题,引入问责机制,提出一种新的基于身份的可问责代理重加密方案。该方案采用用户身份ID计算生成矩阵作为公钥,并使用原像采样算法提取私钥,解决了数字证书管理的问题;使用双方用户公钥计算生成重密钥,提高了加/解密时的计算效率;使用代理商公私钥参与重加密运算,完成问责算法,有效地抑制了代理商和被授权者共谋的行为。安全性分析表明方案满足选择明文攻击安全;在效率方面,方案的计算复杂度和密文开销较小。     

Lattice-based key private PREs with HRA security and PCS security

Proxy re-encryption (PRE) schemes, which nicely solve the problem of delegating decryption rights, enable a semi-trusted proxy to transform a ciphertext encrypted under one key into a ciphertext of the same message under another arbitrary key. Cohen first pointed out the insufficiency of the security under chosen-plaintext attacks (CPA) of PREs in PKC 2019, and proposed a strictly stronger security notion, named security under honest re-encryption attacks (HRA), of PREs. Surprisingly, a few PREs satisfy the stronger HRA security and almost all of them are pairing-based till now. To the best of our knowledge, we present the first direct construction of HRA secure single-hop PREs based on standard LWE problems with comparably small and polynomially-bounded parameters in this paper. Combining known reductions, the HRA security of our PREs could also be guaranteed by the worst-case basic lattice problems (e.g. SIVP${}_{\gamma }$ with $\gamma =\tilde{O}\left(n^{3.5}\right)$). Our single-hop PRE schemes are key-private, which means that the implicit identities of a re-encryption key will not be revealed even in the case of a proxy colluding with some corrupted users. Meanwhile, our single-hop PRE schemes are also post-compromise (PCS) secure, ensuring that a re-encrypted ciphertext remains confidential even when the past key, potential old ciphertexts and the re-encryption key have been exposed. Some discussions about key-privacy of multi-hop PREs are also proposed, which indicates that several constructions of multi-hop PREs do not satisfy their key-privacy definitions.     

Efficient bidirectional proxy re-encryption with direct chosen-ciphertext security

Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext originally intended for a user into another ciphertext of the same message intended for another user, and the proxy, however, cannot learn anything about the message encrypted. In previous papers, in order to achieve the CCA2-security, a common method for constructing PRE schemes was to apply the paradigm of using strongly-unforgeable one-time signature which transforms a selective-identity, CPA-secure identity-based encryption (IBE) scheme into a CCA-secure cryptosystem. In this paper, we propose a direct design of the bidirectional CCA-secure PRE scheme, which makes a direct use of the underlying IBE structure and does not need any auxiliary signature mechanism. Our construction is efficient and suitable for further designing multi-user PRE schemes. Its security is proved on the base of the decisional bilinear Diffie-Hellman assumption in the standard model.     

云计算多授权中心CP-ABE代理重加密方案

代理重加密技术可使代理在不知道明文的条件下实现密文访问策略转换,这使代理重加密成为用户之间进行数据分享的重要技术。然而,代理重加密方案大多数是在单授权中心下构建的,存在授权机构权限大、易出现性能瓶颈和用户的计算开销大等问题。同时,大多数方案不满足代理重加密应具备的5个基本特性：单向性、可控性、非交互性、可重复性与可验证性。为解决以上问题,提出支持重复可控特性的云计算多授权中心CP-ABE(ciphertext-policy attribute-based encryption)代理重加密方案。在密文策略属性加密方案的基础上,引入代理加密和代理解密服务器从而减小用户客户端的计算开销,设置多个属性授权中心来分散中央机构权限。对代理重加密技术进行改进：在重加密密钥中设置随机因子和密文子项来实现单向性和可控性;设置的重加密密钥由客户端独立生成,不需要其他服务器参与,可实现非交互性,即可在数据拥有者为不在线状态时也可以进行数据分享;在初始密文中设置密文子项,对其多次加密即可实现重复性;在初始密文中设置验证子项,用户可验证外包以及重加密结果正确与否。通过与其他方案对比发现,所提方案的用户客户端计算...     

指定验证者与可撤销重加密的可搜索加密方案

隐藏向量加密(hidden vector encryption, HVE)作为一种谓词加密策略,不仅可以对解密密钥进行细粒度的控制,同时也支持对关键词的合取和子集等范围搜索,因此可以被应用在诸如电子健康记录等系统中,以保护用户敏感数据并提供密文检索功能.然而,目前已有的隐藏向量加密策略均未考虑离线关键词测试攻击和可撤销的代理访问控制.针对这一问题,提出了一种支持指定验证者和基于时间的可撤销代理重加密的高效的隐藏向量加密方案.代理人可以在数据拥有者指定的时间区间内访问密文数据,而当超过预定的时间后,代理权限将被自动撤销.由于只有指定的验证者可以执行验证操作,使得方案可以有效地抵御离线关键词测试攻击.提出的可搜索加密方案不仅在标准模型下面对选择关键词、选择时间攻击是可证明安全的,同时,搜索令牌的尺寸、重加密算法的时间复杂度以及验证操作的双线性对运算次数均限定在O(1)常数界限内.因此,方案具有较好的安全性和实用效率.     

A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing

Proxy Re-Encryption (PRE) is a useful cryptographic primitive that allows a data owner to delegate the access rights of the encrypted data stored on a cloud storage system to others without leaking the information of the data to the honest-but-curious cloud server. It provides effectiveness for data sharing as the data owner even using limited resource devices (e.g. mobile devices) can offload most of the computational operations to the cloud. Since its introduction many variants of PRE have been proposed. A Ciphertext-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE), which is regarded as a general notion for PRE, employs the PRE technology in the attribute-based encryption cryptographic setting such that the proxy is allowed to convert an encryption under an access policy to another encryption under a new access policy. CP-ABPRE is applicable to many network applications, such as network data sharing. The existing CP-ABPRE systems, however, leave how to achieve adaptive CCA security as an interesting open problem. This paper, for the first time, proposes a new CP-ABPRE to tackle the problem by integrating the dual system encryption technology with selective proof technique. Although the new scheme supporting any monotonic access structures is built in the composite order bilinear group, it is proven adaptively CCA secure in the standard model without jeopardizing the expressiveness of access policy. We further make an improvement for the scheme to achieve more efficiency in the re-encryption key generation and re-encryption phases.