TY - JOUR
T1 - Generalized Autonomous Path Proxy Re-Encryption Scheme to Support Branch Functionality
AU - Lin, Zhongyun
AU - Zhou, Jun
AU - Cao, Zhenfu
AU - Dong, Xiaolei
AU - Choo, Kim Kwang Raymond
N1 - Publisher Copyright:
© 2005-2012 IEEE.
PY - 2023
Y1 - 2023
N2 - Proxy Re-Encryption (PRE), a special cryptographic primitive, can efficiently perform ciphertext conversion on the cloud. To enable the data owner (i.e. delegator) to authorize a file access path according to the different priorities of the users (i.e. delegatees), autonomous path proxy re-encryption (AP-PRE) was proposed, where the delegator can generate a proxy re-encryption autonomous path in order of the delegatees' priority. If one delegatee does not hold the decryption right, the ciphertext can be converted to a new ciphertext that can be decrypted by the next delegatee with lower priority in the path. Although AP-PRE enables the delegator to pre-define the whole decryption path, the access policy only supports a linked path and the data owner disallows the nodes in the proxy path to generate delegating branches to access its data. Such a linked path may be too long in practice, especially when the system scales up (i.e. the average complexity of encrypted data access is O(n) where n denotes the number of delegatees). Hence, we propose a generalized autonomous path proxy re-encryption (APB-PRE) scheme for supporting branch functionality. Firstly, by setting the token and a carefully designed ciphertext structure, the branch functionality of the path delegation is realized. Specifically, we utilize the bilinearity of bilinear pairing to construct the token for the transition of the label embedded in the ciphertext in different paths, resulting in a far more flexible access structure with a tree-like topology. In APB-PRE, the delegatees with lower priority who need to share data can complete the decryption task earlier, without affecting the decryption of the high-priority delegatees. Finally, we prove that it achieves IND-HRA security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. Benefiting from the creation of branching paths, users on the branching path can get the re-encrypted ciphertext much earlier. Therefore, the average complexity of encrypted data access reduces to O(log n) compared to AP-PRE. The experimental results show that our proposal can extend the branching functionalities of AP-PRE with only moderate computational cost.
AB - Proxy Re-Encryption (PRE), a special cryptographic primitive, can efficiently perform ciphertext conversion on the cloud. To enable the data owner (i.e. delegator) to authorize a file access path according to the different priorities of the users (i.e. delegatees), autonomous path proxy re-encryption (AP-PRE) was proposed, where the delegator can generate a proxy re-encryption autonomous path in order of the delegatees' priority. If one delegatee does not hold the decryption right, the ciphertext can be converted to a new ciphertext that can be decrypted by the next delegatee with lower priority in the path. Although AP-PRE enables the delegator to pre-define the whole decryption path, the access policy only supports a linked path and the data owner disallows the nodes in the proxy path to generate delegating branches to access its data. Such a linked path may be too long in practice, especially when the system scales up (i.e. the average complexity of encrypted data access is O(n) where n denotes the number of delegatees). Hence, we propose a generalized autonomous path proxy re-encryption (APB-PRE) scheme for supporting branch functionality. Firstly, by setting the token and a carefully designed ciphertext structure, the branch functionality of the path delegation is realized. Specifically, we utilize the bilinearity of bilinear pairing to construct the token for the transition of the label embedded in the ciphertext in different paths, resulting in a far more flexible access structure with a tree-like topology. In APB-PRE, the delegatees with lower priority who need to share data can complete the decryption task earlier, without affecting the decryption of the high-priority delegatees. Finally, we prove that it achieves IND-HRA security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. Benefiting from the creation of branching paths, users on the branching path can get the re-encrypted ciphertext much earlier. Therefore, the average complexity of encrypted data access reduces to O(log n) compared to AP-PRE. The experimental results show that our proposal can extend the branching functionalities of AP-PRE with only moderate computational cost.
KW - Proxy re-encryption
KW - autonomous path
KW - branch functionality
KW - efficiency
UR - https://www.scopus.com/pages/publications/85168754629
U2 - 10.1109/TIFS.2023.3306942
DO - 10.1109/TIFS.2023.3306942
M3 - 文章
AN - SCOPUS:85168754629
SN - 1556-6013
VL - 18
SP - 5387
EP - 5400
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
ER -