Chosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes

Similar documents
Inter-domain Alliance Authentication Protocol Based on Blind Signature

A Study on Secure Data Storage Strategy in Cloud Computing

Dynamic Load Balancing of Parallel Computational Iterative Routines on Platforms with Memory Heterogeneity

Compact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing

A Structure Preserving Database Encryption Scheme

From Selective to Full Security: Semi-Generic Transformations in the Standard Model

What is Candidate Sampling

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage

A Secure Password-Authenticated Key Agreement Using Smart Cards

Provably Secure Single Sign-on Scheme in Distributed Systems and Networks

Recurrence. 1 Definitions and main statements

An Interest-Oriented Network Evolution Mechanism for Online Communities

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

Identity-Based Encryption Gone Wild

Luby s Alg. for Maximal Independent Sets using Pairwise Independence

Load Balancing of Parallelized Information Filters

A New Technique for Vehicle Tracking on the Assumption of Stratospheric Platforms. Department of Civil Engineering, University of Tokyo **

v a 1 b 1 i, a 2 b 2 i,..., a n b n i.

Research Article Competition and Integration in Closed-Loop Supply Chain Network with Variational Inequality

A Novel Multi-factor Authenticated Key Exchange Scheme With Privacy Preserving

Real-Time Traffic Signal Intelligent Control with Transit-Priority

How Sets of Coherent Probabilities May Serve as Models for Degrees of Incoherence

RUHR-UNIVERSITÄT BOCHUM

How To Understand The Results Of The German Meris Cloud And Water Vapour Product

Secure and Efficient Proof of Storage with Deduplication

8 Algorithm for Binary Searching in Trees

PKIS: practical keyword index search on cloud datacenter

Evaluation of the information servicing in a distributed learning environment by using monitoring and stochastic modeling

An Alternative Way to Measure Private Equity Performance

NON-CONSTANT SUM RED-AND-BLACK GAMES WITH BET-DEPENDENT WIN PROBABILITY FUNCTION LAURA PONTIGGIA, University of the Sciences in Philadelphia

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

1 Example 1: Axis-aligned rectangles

1. Fundamentals of probability theory 2. Emergence of communication traffic 3. Stochastic & Markovian Processes (SP & MP)

Project Networks With Mixed-Time Constraints

Institute of Informatics, Faculty of Business and Management, Brno University of Technology,Czech Republic

Extending Probabilistic Dynamic Epistemic Logic

Brigid Mullany, Ph.D University of North Carolina, Charlotte

Efficient Dynamic Integrity Verification for Big Data Supporting Users Revocability

J. Parallel Distrib. Comput.

An Adaptive and Distributed Clustering Scheme for Wireless Sensor Networks

Tailoring Fuzzy C-Means Clustering Algorithm for Big Data Using Random Sampling and Particle Swarm Optimization

A Comprehensive Analysis of Bandwidth Request Mechanisms in IEEE Networks

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

An Analytical Model for Multi-tier Internet Services and Its Applications

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Complete Fairness in Secure Two-Party Computation

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network

DEFINING %COMPLETE IN MICROSOFT PROJECT

A NEW ACTIVE QUEUE MANAGEMENT ALGORITHM BASED ON NEURAL NETWORKS PI. M. Yaghoubi Waskasi M. J. Yazdanpanah

Adaptive Load Balancing of Parallel Applications with Multi-Agent Reinforcement Learning on Heterogeneous Systems

Chapter 3: Dual-bandwidth Data Path and BOCP Design

Data Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network *

Monitoring Network Traffic to Detect Stepping-Stone Intrusion

Can Auto Liability Insurance Purchases Signal Risk Attitude?

THE DISTRIBUTION OF LOAN PORTFOLIO VALUE * Oldrich Alfons Vasicek

Evaluation of Coordination Strategies for Heterogeneous Sensor Networks Aiming at Surveillance Applications

ADOPTION OF BIG DATA ANALYTICS IN HEALTHCARE: THE EFFICIENCY AND PRIVACY

A practical approach of diffusion load balancing algorithms

Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures

An Enhanced Super-Resolution System with Improved Image Registration, Automatic Image Selection, and Image Enhancement

Tuition Fee Loan application notes

A Novel Adaptive Load Balancing Routing Algorithm in Ad hoc Networks

A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things

A Performance Analysis of View Maintenance Techniques for Data Warehouses

Dynamic Pricing for Smart Grid with Reinforcement Learning

IT09 - Identity Management Policy

LIFETIME INCOME OPTIONS

Pricing Model of Cloud Computing Service with Partial Multihoming

RequIn, a tool for fast web traffic inference

Supporting Recovery, Privacy and Security in RFID Systems Using a Robust Authentication Protocol

Network Security Situation Evaluation Method for Distributed Denial of Service

PSYCHOLOGICAL RESEARCH (PYC 304-C) Lecture 12

A Secure Nonrepudiable Threshold Proxy Signature Scheme with Known Signers

A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm

Embedding lattices in the Kleene degrees

Ad-Hoc Games and Packet Forwardng Networks

Software project management with GAs

Optimal maintenance of a production-inventory system with continuous repair times and idle periods

Performance attribution for multi-layered investment decisions

Some literature also use the term Process Control

Yixin Jiang and Chuang Lin. Minghui Shi and Xuemin Sherman Shen*

Support Vector Machines

A DYNAMIC CRASHING METHOD FOR PROJECT MANAGEMENT USING SIMULATION-BASED OPTIMIZATION. Michael E. Kuhl Radhamés A. Tolentino-Peña

Rate Monotonic (RM) Disadvantages of cyclic. TDDB47 Real Time Systems. Lecture 2: RM & EDF. Priority-based scheduling. States of a process

Canon NTSC Help Desk Documentation

An ACO Algorithm for. the Graph Coloring Problem

Secure Network Coding Over the Integers

Business Process Improvement using Multi-objective Optimisation K. Vergidis 1, A. Tiwari 1 and B. Majeed 2

A Design Method of High-availability and Low-optical-loss Optical Aggregation Network Architecture

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

Efficient Project Portfolio as a tool for Enterprise Risk Management

Energy Efficient Routing in Ad Hoc Disaster Recovery Networks

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010

Tracker: Security and Privacy for RFID-based Supply Chains

Inter-Ing INTERDISCIPLINARITY IN ENGINEERING SCIENTIFIC INTERNATIONAL CONFERENCE, TG. MUREŞ ROMÂNIA, November 2007.

Trivial lump sum R5.0

Learning User's Scheduling Criteria in a Personal Calendar Agent!

Transcription:

Internatonal Journal of Dgtal ontent Technology and ts Alcatons Volume 4 Number 9 December 00 hosen Publc Key and hertext Secure Proxy Re-encryton Schemes Lmng Fang Wlly Suslo Yongun Ren huneng Ge and Jandong Wang ollege of Informaton Scence and Technology Nanng Unversty of Aeronautcs and Astronautcs Nanng hna Emal: fanglmng@nuaaeducn entre for omuter and Informaton Securty Research School of omuter Scence and Software Engneerng Unversty of Wollongong Australa Emal: wsuslo@uoweduau do:0456/dctavol4 ssue98 Abstract A roxy re-encryton scheme enables a roxy to re-encryt a chertext and desgnate t to a delegatee Proxy re-encryton schemes have been found useful n many alcatons ncludng e-mal forwardng law-enforcement montorng and content dstrbuton Lbert and Vergnaud resented the frst constructon of undrectonal roxy re-encryton scheme wth chosen chertext securty n the standard model n PK 008 In ths aer we show the nsecurty of Lbert and Vergnaud's scheme aganst chosen ublc ey attac We note that ths nsecurty s not consdered n the orgnal model roosed by Lbert and Vergnaud's but we argue that our attac s very realstc and mortant n ths scenaro Furthermore we resent a new and effcent constructon roxy re-encryton (PRE scheme We rovde chosen ublc ey and chosen chertext attac securty analyss for our scheme and comare ther erformance Keywords: Informaton Securty Proxy Re-encryton Parng Based rytograhy Introducton A roxy re-encryton (PRE scheme allows a roxy to transform a chertext under delegator s ub-lcey nto a delegatee s chertext on the same message by usng some addtonal nformaton Ths concet s roosed by Blaze Bleumer and Strauss [] and formalzed later by Atenese et al [] PRE schemes have been found useful n many alcatons such as e-mal forwardng lawenforcement montorng and content dstrbuton Recently anett and Hohenberger [5] descrbed a constructon of roxy re-encryton rovdng chosen-chertext securty accordng to an arorate defnton of PRE systems In contrast to the revous wor ther scheme reles on the fact that the roxy ey can be used to translate chertexts from delegatee to delegator hence ths s called bdrectonal (cf undrectonal scheme that was orgnally roosed n the model by Blaze et al [] Tll then there was no nown undrectonal PRE systems wth chosen-chertext securty that rely on the standard model To fll ths ga Lbert and Vergnaud [] resented the frst constructon of undrectonal roxy re-encryton scheme wth chosen chertext securty n the standard model Nonetheless they left an oen roblem on how to cature a scenaro where adversares are allowed to generate ublc eys on behalf of corruted artes (ossbly non-unformly or as a functon of honest artes ublc eys Ths s a dauntng roblem where the adversares can generate any ublc eys on behalf of the corruted artes and Lbert and Vergnaud s scheme [] cannot deter aganst ths attac Motvaton of Ths Wor Although Lbert and Vergnaud scheme [] PRE scheme s very elegant there are several unsolved ssues wth regards to the securty of PRE that are outlned as follows In [] the adversares are not ermtted to generate ublc eys on behalf of the corruted artes One ossble soluton to revent ths attac s to requre users to rove ther nowledge of secret eys durng the regstraton hase Nonetheless ths aroach requres zero-nowledge roof system whch may not be desrable n several alcatons In contrast to ths aroach we tae a dfferent drecton n ths wor We ncororate a trusted arty wth a system secret ey When the user selects ts ublc - 5 -

g g hosen Publc Key and hertext Secure Proxy Re-encryton Schemes Lmng Fang Wlly Suslo Yongun Ren huneng Ge Jandong Wang ey the trusted arty runs the ey generaton algorthm wth the system secret ey together wth the user s ublc ey and the user s secret ey then wll be generated for the user A new roblem wth ths aroach s that the attacer n ths model has to share ts secret ey wth the thrd arty whch wll be qute natural Snce relatve to Lbert and Vergnaud s securty model the challenger s requred to generate all ublc eys for all artes and allow the adversary to obtan rvate eys for some of these users Furthermore Lbert and Vergnaud only consdered a statc corruton model n whch the challenger generates ublc eys for all artes Provng securty aganst adatve corrutons s a challengng and dauntng tas Fnally Lbert and Vergnaud only rovded a scheme n a selectve ublc ey model where the target (challenge ublc ey has to be determned by the challenger at the begnnng of the game A ossble enhancement s to allow adversares to adatvely query the target ublc ey at the challenge hase wthn the set of honest layers whch we refer to as the full ublc ey model Our ontrbutons In ths aer we address the roblem of constructng a PRE n the full ublc ey adatve corruton model and to allow the adversares to generate ublc eys on behalf of corruted artes Secfcally we show that Lbert and Vergnaud s scheme s nsecure aganst chosen ublc ey attac We note that although our attac s not alcable to the orgnal model resented by Lbert and Vergnaud s [] our attac s very natural and alcable n ractce Then we rovde a formal defnton of PRE-PA game n whch the adversary can chose any ublc ey freely We also resent a new constructon of chosen-chertext secure roxy re-encryton schemes whch are PRE- PA secure n the standard model Related Wor After the semnal wor by Blaze Bleumer and Strauss [] Atenese et al [] resented a undrectonal PRE scheme based on blnear arngs n 005 Both of these schemes are PA secure In 007 anett and Hohenberger [5] resented a constructon of A secure bdrectonal PRE scheme Later Lbert and Vergnaud [] resented a A secure undrectonal PRE scheme from blnear arngs Recently Deng et al [8] roosed a A secure bdrectonal PRE scheme wthout arngs In Parng 08 Lbert and Vergnaud [] ntroduced the noton of traceable roxy reencryton where malcous roxes leang ther re-encryton eys can be dentfed Snce n PKI-based settng t s needed to dstrbute ublc ey certfcates the wor [0 7 5] extended the above noton to dentty-based roxy re-encryton (IB-PRE Due to the fact that arng comutaton s a costly exensve oeraton the subsequent wor [8 6 4] studed PRE schemes to be constructed wthout blnear arngs esecally n comutaton resource lmted settngs Defntons In ths secton we frst revew the comlexty assumton requred n our schemes and then rovde the defnton and securty of a roxy re-encryton scheme Blnear Mas Let G G be multlcatve cyclc grous of rme order and be a generator ofg Here e: G G G s a blnear ( g G G e denote the blnear ma arameters We say that ma f the followng condtons hold a b ab e( g g e( g g for all a bz g g G e( g g 3 There s an effcent algorthm to comutee( g g for all g g G The Truncated q ABDHE Assumton Let e: G G G be a blnear ma and g be a generator of G Here - 5 -

( g G G e qabdhe AdvG ( B Internatonal Journal of Dgtal ontent Technology and ts Alcatons Volume 4 Number 9 December 00 denote the blnear ma arameters We defne the advantage functon of an adversary B as q q q Pr[ B( g x g x g z g zx e( g g zx ] Pr[ B( g x g x g z g zx e( g g r ] where x z r Z are randomly chosen We say that the truncated q ABDHE assumton [9] relatve to generator G holds f q ABDHE AdvG ( B s neglgble for all PPT B 3 Proxy Re-encryton In the followng we wll rovde the defnton of a PRE scheme and ts game-based securty defnton Defnton (Proxy Re-encryton A roxy re-encryton scheme comrses the followng algorthms: Setu( : On nut a securty arameter a system ublc arameter PP and a system secret ey SK are generated KeyGen ( PP SK : On nut a system ublc arameter PP a system secret ey SK and a ublc ey outut the decryton ey s Enc( PP m : On nut a system ublc arameter PP an ublc ey outut the level chertext (e a regular chertext Re KeyGenLev ( s : On nut a secret ey s of ublc ey ey r Re KeyGenLev ( s s : On nut a secret ey s of ublc ey ublc ey outut the re-encryton ey Re ( r and a message m outut the re-encryton and a secret ey s of EncLev r : On nut a level re-encryton ey r and a level chertext under outut the new level chertext (e a re-encryton chertext under Re EncLev ( r : On nut a level re-encryton ey r and a level chertext under outut the new chertext under DecLev( s : On nut a secret ey s and any level chertext under outut m DecLev s : On nut a secret ey s and any level chertext under ( outut m In the followng we rovde the game-based securty defnton of PRE as follows Defnton (PRE-PA game [5] Let be the securty arameter and A be the adversary The game conssts of an executon of between an adversary A and a challenger wth the followng oracles subect to the constrants below: Setu: The challenger erforms Setu( to get a system ublc arameter PP and a system secret ey SK Gve the system ublc arameter PP to A Query hase A maes the followng queres: Key generaton query : A can choose any ublc ey as her wll A s gven the - 53 -

rvate ey hosen Publc Key and hertext Secure Proxy Re-encryton Schemes Lmng Fang Wlly Suslo Yongun Ren huneng Ge Jandong Wang s of Re-encryton ey generaton level query : On nut by the adversary return the level re-encryton ey r to A We only allow the ReKeyGenLev query after the ey generaton query Re-encryton ey generaton level query : On nut by the adversary A s gven the level re-encryton ey r Re-encryton level query : On nut a level chertext and ublc ey A s gven the new level chertext Re-encryton level query: On nut a level chertext ey A s gven the new level chertext under ublc ey and ublc Decryton level query : On nut a ublc ey and any level chertext mae a Key Generaton query to get secret ey s of then decryt t A s gven m Decryton level query : On nut a ublc ey and any level chertext mae a ey generaton query on h to get secret ey s of then decryt t A s gven m 3 hallenge A resents ( m0 m where s called the challenge ublc ey If the s fresh the challenger chooses a bt b Z and returns the challenge chertext Enc( m b A ( s fresh f none of the followng queres made by A : Key generaton query Re-encryton ey generaton level query ( s the ublc ey dervatves of and then A maes Key generaton query or Re-encryton ey generaton level query Publc ey dervatves of ( are defned recursvely as follows ( s a dervatve of tself If ( s a dervatve of ( and ( ' s a dervatve of ( then ( ' s a dervatve of ( If A has quered the level re-encryton ey generaton oracle on nut ( or ( then ( s a dervatve of ( 4 Query hase A contnues mang queres as n the Query hase excet for the followng queres: Key generaton query Re-encryton ey generaton level query ( s the ublc ey dervatves of and then A maes Key generaton query or Reencryton ey generaton level query One of the ( and ( s fresh and the other s not fresh and Re-encryton level query - 54 -

Internatonal Journal of Dgtal ontent Technology and ts Alcatons Volume 4 Number 9 December 00 Decryton level query and ( s the level chertext dervatves of ( Decryton level query and ( ( ( s the level chertext dervatves of s the level chertext dervatves of ( f = and where ( = = Re EncLev( r s the level chertext dervatves of ( f = Re EncLev ( r 5 Guess A oututs the guess b ' f b ' = b then outut ; else outut 0 We say that A wns the PRE-PA game wth advantage f the robablty that the decson oracle s nvoed and oututs s at least / + omarng our scheme wth Lbert and Vergnaud s model [] our securty model outerforms Lbert and Vergnaud s scheme n the followng asects: In our securty model the adversares are ermtted to generate ublc eys on behalf of the corruted artes Furthermore Lbert and Vergnaud only consdered a statc corruton model n whch the challenger generates ublc eys for all artes In contrast our model allows the adversary to adatvely determne whch artes wll be comromsed Fnally Lbert and Vergnaud only rovded a scheme n a selectve ublc ey model where the target (challenge ublc ey has to be determned by the challenger at the begnnng of the game In contrast n our model the adversary can determne the target (challenge ublc ey at anytme 3 hosen Publc Key Attac on Lbert and Vergnaud PRE Lbert and Vergnaud [] resented the frst constructon of undrectonal roxy re-encryton scheme wth chosen chertext securty n the standard model Ther system s a remnscent of the ublc ey crytograhy system obtaned by alyng the anett-halev-katz transform to the second selectve-id secure dentty-based encryton scheme descrbed n [3] Unfortunately as they clamed ther scheme does not cature a scenaro where adversares generate ublc eys on behalf of corrut artes In ths secton we wll frstly revew ther scheme and show the chosen ublc ey attac subsequently The dea of the attac s as follows In Lbert-Vergnaud s scheme [] user s ublc ey s defned as where the rvate ey s rvate ey x and ublc ey X = x g for a random x x The adversary after queryng the Key Generaton for user to get the X = x g can choose the challenge ublc ey s PK = ( X a = ax g where a s randomly chosen Hence the adversary can comute the rvate ey of PK as We note that ths attac s not catured n the orgnal model of Lbert-Vergnaud s scheme [] Nonetheless our attac s very natural and realstc n ths scenaro 4 Our onstructon In ths secton we resent our PA secure PRE scheme from the q ABDHE assumton The dea of our scheme s based on the exonent nverson IBE scheme roosed by Gentry [9] 4 Our PRE Scheme ax We wll frst descrbe our scheme and follow wth the descrton on the roertes later Setu( : Let be the securty arameter and ( g G G e be the blnear ma - 55 -

hosen Publc Key and hertext Secure Proxy Re-encryton Schemes Lmng Fang Wlly Suslo Yongun Ren huneng Ge Jandong Wang x arameters Let u g { Y y g } and where { y } and x are randomly {0} chosen n Z Let H be a hash functon from a famly of unversal one-way hash functons The system secret ey SK ({ y} x and the system ublc arameter PP ( g G G e u{ Y } H KeyGen ( PP SK : On nut a system ublc arameter PP a system secret ey SK and a ublc ey n Z select random { s } n Z comute s /( x d ( YK g where {0 } outut s { d s } Re KeyGenLev ( s : On nut a secret ey s { d s } the re-encryton ey of ublc ey outut r {( d } Re KeyGenLev ( s s : On nut a secret ey s { d s } of ublc ey and a secret ey s { d s } of ublc ey outut the re-encryton ey r {( s s } Enc( PP m : On nut a system ublc arameter PP an ublc ey and a message m G Select a random r Z and comute P Outut the level chertext ( ug r m e( g Y r 3 0 tr r 4 e( g Y e( g Y ( 3 4 e( g g r t H( m 3 Notce that encryton does not requre any arng comutatons once e( g g and e( g Y have been re-comuted Alternatvely e( g g and e( g Y can be ncluded n the system arameters Re EncLev( r : On nut a level chertext under and a level reencryton ey r let r {( d } let level chertext be ( 3 4 Reencryt the level chertext under I ' as: e( d ' outut the new level chertext as ( 3 4 {0} Re EncLev ( r : On nut a level re-encryton ey r and a level chertext under let r {( s s } and re-encryt the chertext to be under dentty as: '' ' s s outut the new chertext ( '' 3 4 {0} ( DecLev s : On nut a secret ey s { d s } and any level chertext ( comute 3 4 t s t s If 4 e( d d ( s 0 0 / 3 K e( d m K t H( m 3 then outut m DecLev s : On nut a secret ey s { d s } and any chertext '' ( 3 4 comute {0} '' s 0 K ( ( m / K 3 0-56 -

Internatonal Journal of Dgtal ontent Technology and ts Alcatons Volume 4 Number 9 December 00 t H( 3 m (( (( (( (( then outut m If '' s t '' s 4 4 Securty of Our PRE In ths subsecton we rove the PA securty for our scheme wthout any random oracle Our PRE scheme wors n an adatve corruton model n whch the adversary has to determne the corruted artes (Key Generaton query adatvely and choce the ublc ey as her wll when mang the ey generaton query Addtonally we also allow the adversary to adatvely query a reencryton oracle and decryton oracles Theorem Let qq where q s the number of ey generaton queres If the q ABDHE assumton holds then our PRE scheme s PRE-PA secure n the standard model Proof Suose there exsts a olynomal-tme adversary A that can attac our scheme n the standard model Let q s the number of ey generaton queres We buld a smulator B that can lay a q ABDHE game The smulaton roceeds as follows: G Smulator B nuts a q We frst let the challenger set the grous G and G wth an effcent blnear ma e and a gene- rator g of ABDHE nstance ( q q x x x z zx g g g g g g T zx and has to dstngush T e( g g q from a random element n G Setu: Let be the securty arameter and ( g G G e be the blnear ma arameters Let H be a hash functon from a famly of unversal one-way hash functons B cs three random ( degree q olynomals f ( X where {0 } defnes { f x Y g } Ths mlctly defnes the system secret ey values as { y f ( x} and sends the system ublc arameter PP ( g G G e u{ Y } H to A Query hase A maes the followng queres: Key generaton query : A chooses as her le B sets { s f ( } ( f ( x f ( /( x comutes d g and stores the and s oututs s { d s } to A When q q { s f ( } s a random value from A s vew snce f ( X where {0 } are random degree q olynomals Re-encryton ey generaton level query : f A never made a Key generaton query on then mae a Key generaton query on outut the re-encryton ey r {( d } Re-encryton ey generaton level query on or outut the reencryton ey : f A never made a Key generaton query then mae a Key generaton query on or r {( s s } Re-encryton level query : On nut a level chertext ( under B queres a level re-encryton ey r 3 4 {( d } and re-encryt the ' level chertext under as: e( d outut the new level chertext ' ( 3 4 {0} Re-encryton level query : On nut a level chertext - 57 -

hosen Publc Key and hertext Secure Proxy Re-encryton Schemes Lmng Fang Wlly Suslo Yongun Ren huneng Ge Jandong Wang ' ( 3 4 under {0} B queres a level re-encryton ey r {( s s } re-encryt the chertext to be under ublc ey as: '' ' s s '' outut the new chertext ( 3 4 {0} Decryton level query : On nut any level chertext ( under B queres a secret ey s { d s } t s t s If 4 e( d d s 0 0 K e( d t m / K 3 H( m 3 then outut m and comutes 3 4 Decryton level query : On nut any level chertext '' ( 3 4 B queres a secret ey {0} s { d s } and comutes '' s 0 K ( ( If '' s t '' s 4 t 0 m / K 3 H( m 3 (( (( (( (( then outut m 3 hallenge A resents { m0 m } where s the challenge ublc ey and m0 m G If the challenge ublc ey fts the restrctons descrbed n Defnton B resonds by choosng a random b{0} and set { s f ( } {0} ( f ( ( /( Then B comutes x f x d g It defnes the degree q olynomal q q q F ( X ( X ( / ( X 0 ( F X It also comutes g ( g q zx q z ( q F q z x F T e( g ( g 0 m e( d ( 3 b 0 t H ( m 3 t 4 e( ( d d ( and oututs the challenge chertext ( Let r zf ( x f 3 b 0 T b s0 3 4 zx e( g g q then ( x r g m e( g Y r t r r e( g Y e( g Y 4 st s e( g g r 4 Query hase A contnues mang queres as n the Query hase excet for the restrctons descrbed n Defnton 5 Guess Fnally A wll outut a guess b ' If b b' then B oututs otherwse B oututs 0 zx Probablty Analyss: If T e( g g q b correctly wth robablty / + Else T s unformly random and thus ( then the smulaton s erfect and A wll guess the bt s a unformly /( x random and ndeendent element In ths case the nequalty e( g holds wth robablty / When these nequalty hold the value of K e( d ( s 0 /( /( 0 e( ( Y0 x (( / ( ( x e g s s unformly random and ndeendent from A s 0-58 -

vew (excet for the value snce 3 Internatonal Journal of Dgtal ontent Technology and ts Alcatons Volume 4 Number 9 December 00 s0s unformly random (when q q { s f ( } are random values from A s vew and ndeendent from A s vew (excet for the value Thus 3 s unformly random and ndeendent and can reveal no nformaton regardng the 3 bt b 5 Performance omarson ( 3 In ths secton we comare our schemes wth the exstng PRE schemes wthout random oracles from the lterature We denote LV as Lbert and Vergnaud s roosed [] undrectonal roxy reencryton scheme wth chosen chertext securty n the standard model We denote t t t and e s t v as the comutatonal cost of a blnear arngs an exonentaton over a blnear grou a one-tme sgnature and verfcaton resectvely Notce that encryton n our scheme does not requre any arng comutatons once e( g g and e( g Y have been re-comuted Let G and G be the blnear grous and sv and be the onetme sgnatures ublc ey and sgnature The result of the comarson s outlned n Table From the table t s observed that our PRE from Secton 3 gves comarable generalzaton erformance as that of Lbert and Vergnaud s constructon Our PRE scheme wors n an adatve corruton and chosen ublc ey attac model n whch the adversary has to determne the corruted artes adatvely by the chosen ublc ey 6 oncluson Table omarson Among Varous PRE Schemes wthout random oracles Scheme LV Our scheme omuteost Enc 35t e + t s omuteost Re Enc t +4t e + t s omuteost DecLev 3 t +t e + t v omuteost DecLev hertextsze Level 5 t +t e + t v 5 t e 3 t +3t e t +3t e 5t e sv G G G 3G hertextsze Level sv 4 G G 6 G Adatve orrutons Selectve Model PA In ths aer we show the nsecurty of Lbert and Vergnaud s scheme aganst chosen ublc ey attac And then we resent a new constructon of roxy re-encryton scheme whch s chosen chertext and ublc ey secure n the standard model 7 References [] G Atenese K Fu M Green and S Hohenberger Imroved roxy re-encryton schemes wth alcatons to secure dstrbuted storage In Proc Internet Socety (ISO 9 43 [] M Blaze G Bleumer and M Strauss Dvertble rotocols and atomc roxy crytograhy In Proc EURORYPT 998 7 44 (998 [3] D Boneh and X Boyen Effcent selectve-id Identty based encryton wthout random oracles {0} - 59 -

hosen Publc Key and hertext Secure Proxy Re-encryton Schemes Lmng Fang Wlly Suslo Yongun Ren huneng Ge Jandong Wang In Proc EURORYPT 004 LNS 307 Srnger-Verlag 3 38 (004 [4] D Boneh and M Franln Identty-based encryton from the wel arng In Proc RYPTO 00 3 9 (00 [5] R anett and S Hohenberger hosen-chertext secure roxy re-encryton In Proc the 4th AM conference on omuter and communcatons securty AM New Yor NY USA 85 94 (007 [6] R anett H Krawczy and JB Nelsen Relaxng chosen-chertext securty In Proc RYPTO 003 LNS 79 Srnger-Verlag 565 58 (003 [7] hu and W Tzeng Identty-based roxy re-encryton wthout random oracles In Proc of IS 007 LNS vol 4779 89-0 Srnger Hedelberg (007 [8] R H Deng J Weng S Lu K hen hosen-ertext Secure Proxy Re-Encryton wthout Parngs In Proc of ANS 008 LNS vol 5339-7 Srnger Hedelberg (008 [9] Gentry Practcal dentty-based encryton wthout random oracles In Proc EURORYPT 006 LNS 4004 Srnger-Verlag 006 457 464 (006 [0] M Green and G Atenese Identty-based roxy re-encryton In Proc ANS 007 LNS vol 45 88-306 007 Full verson: rytology eprnt Archeve: Reort 006/473 [] BLbert DVergnaud Undrectonal hosen-hertext Secure Proxy Re-Encryton In Proc PK 08 LNS 4939 Srnger-Verlag 360 379 (008 [] BLbert DVergnaud Tracng Malcous Proxes n Proxy Re-Encryton In Proc Parng 08 LNS 509 Srnger-Verlag 33 353 (008 [3] T Matsuo Proxy Re-encryton Systems for Identty-Based Encryton In Proc Parng 007 LNS 4575 Srnger-Verlag 47 67 (007 [4] T Matsuda R Nshma and K Tanaa A Proxy Re-Encryton wthout Blnear Mas n the Standard Model In Proc of PK 00 LNS vol 6056 6-78 Srnger Hedelberg (00 [5] J La W Zhu R Deng S Lu and W Kou New constructons for dentty-based undrectonal roxy re-encryton JOURNAL OF OMPUTER SIENE AND TEHNOLOGY Exress Vol 5 No 4 793806 (00 [6] J Shao and Z ao A-secure roxy re-encryton wthout arngs In Proc of PK 009 LNS vol 5443 357-376 Srnger Hedelberg (009-60 -

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information