A New Kind of Conditional Proxy Re-Encryption for Secure Cloud Storage

Secure cloud storage has important applications in our big data-driven society, and to achieve secure cloud storage, we need to enforce strong access control mechanism. Proxy re-encryption (PRE) has been shown to be an effective tool of constructing cryptographically enforced access control schemes. In a traditional PRE scheme, a semi-trusted proxy can convert all ciphertexts for a delegator to ciphertexts for a delegatee once the proxy obtains the relevant re-encryption key from the delegator. In many practical applications, however, a fine-grained delegation of decryption abilities may be demanded, and thus, the notion of conditional PRE (C-PRE) is introduced, which allows only the ciphertexts satisfying a concrete condition to be converted by the proxy. In this paper, we introduce a special kind of C-PRE, sender-specified PRE (SS-PRE), which enables the delegator to delegate the decryption right of the ciphertexts from a specified sender to his/her delegatee. We give a formal definition of SS-PRE and its security model. We also provide the concrete constructions of an IND-CPA secure SS-PRE scheme and an IND-CCA secure SS-PRE scheme with the properties of unidirectionality and single-use and prove the security of both schemes in the standard model. The detailed analysis shows that our new IND-CCA secure SS-PRE scheme achieves a higher efficiency in computation cost and ciphertext size than the conventional C-PRE schemes.