A Type-and-Identity-based Proxy Re-Encryption Scheme and its Application in Healthcare

Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatee’s private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme

Proxy Re-Encryption in Blockchain-based Application

Nowadays, blockchain-based technology has risen to a new dimension. With the advantage of the decentralized identity, data are transferred through decentralized and public ledgers. Those new contracts provide great visibility. However, there is still a need to keep some data private in many cases. Those private data should be encrypted while still benefiting from the decentralized on-chain protocol. Securing those private data in such a decentralized blockchain-based system is thus a critical problem. Our solution provides a decentralized protocol that lets users grant access to their private data with proxy re-encryption in SpartanGold (a blockchain-based cryptocurrency). We implement a third-party storage provider called a proxy to store clients’ private data in an encrypted form. Whenever someone wants to access a client’s private data, the client uses their private key along with the buyer’s public key to generate a re-encryption key. The third-party proxy uses the re-encryption key to re-encrypt the client’s encrypted data for the recipient and send the result to the buyer. As a result, only the buyer can decrypt the re-encrypted data by using their private key, without revealing the data owner’s private key or the private data to the third-party proxy. Our protocol has secured the private data on the decentralized blockchain-based application without relying on trusted parties. We use medical data as a use case to validate our protocol. In our medical use case, the patient’s medical records are stored on the third-party proxy, and when specialists request medical data from the patient, the patient generates the re-encryption key and sends it to the proxy. The proxy re-encrypted the data and sends back to the specialists

Key-Private Proxy Re-Encryption

Proxy re-encryption (PRE) allows a proxy to convert a ciphertext encrypted under one key into an encryption of the same message under another key. The main idea is to place as little trust and reveal as little information to the proxy as necessary to allow it to perform its translations. At the very least, the proxy should not be able to learn the keys of the participants or the content of the messages it re-encrypts. However, in all prior PRE schemes, it is easy for the proxy to determine between which participants a re-encryption key can transform ciphertexts. This can be a problem in practice. For example, in a secure distributed file system, content owners may want to use the proxy to help re-encrypt sensitive information *without* revealing to the proxy the *identity* of the recipients. In this work, we propose key-private (or anonymous) re-encryption keys as an additional useful property of PRE schemes. We formulate a definition of what it means for a PRE scheme to be secure and key-private. Surprisingly, we show that this property is not captured by prior definitions or achieved by prior schemes, including even the secure *obfuscation* of PRE by Hohenberger, Rothblum, shelat and Vaikuntanathan (TCC 2007). Finally, we propose the first key-private PRE construction and prove its security under a simple extension of the Decisional Bilinear Diffie Hellman assumption and its key-privacy under the Decision Linear assumption in the standard model

Non-Transferable Proxy Re-Encryption Scheme

SEC8: Selected topics in Information SecurityA proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate reencryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the nontransferable property. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. © 2012 IEEE.published_or_final_versio

Cryptanalysis of an NTRU-based Proxy Encryption Scheme from ASIACCS\u2715

In ASIACCS 2015, Nuñez, Agudo, and Lopez proposed a proxy re-encryption scheme, NTRUReEncrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator\u27s public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee\u27s private key. In addition to its potential resistance to quantum algorithm, the scheme was also considered to be efficient. However, in this paper we point out that the re-encryption process will increase the decryption error, and the increased decryption error will lead to a reaction attack that enables the proxy to recover the private key of the delegator and the delegatee. Moreover, we also propose a second attack which enables the delegatee to recover the private key of the delegator when he collects enough re-encrypted ciphertexts from a same message. We reevaluate the security of NTRUReEncrypt, and also give suggestions and discussions on potential mitigation methods

Non-transferable unidirectional proxy re-encryption scheme for secure social cloud storage sharing

(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Proxy re-encryption (PRE), introduced by Blaze et al. in 1998, allows a semi-trusted proxy with the re-encryption key to translatea ciphertext under the delegator into another ciphertext, which can be decrypted by the delegatee. In this process, the proxy is required to know nothing about the plaintext. Many PRE schemes have been proposed so far, however until now almost all the unidirectional PRE schemes suffer from the transferable property. That is, if the proxy and a set of delegatees collude, they can re-delegate the delegator's decryption rights to the other ones, while the delegator has no agreement on this. Thus designing non-transferable unidirectional PRE scheme is an important open research problem in the field. In this paper, we tackle this open problem by using the composite order bilinear pairing. Concretely, we design a non-transferable unidirectional PRE scheme based on Hohenberger et al.'s unidirectional PRE scheme. Furthermore, we discuss our scheme's application to secure cloud storage, especially for sharing private multimedia content for social cloud storage users.Peer ReviewedPostprint (author's final draft

Non-Transferable Proxy Re-Encryption Scheme for Data Dissemination Control

A proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. With the help of the proxy, Alice can delegate the decryption right to any delegatee. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate re-encryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the non-transferable property. We also reduce the full trust in PKG, only a limited amount of trust is placed in the proxy and PKG. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. Further, we find that the new scheme satisfies requirements of data dissemination control which is also a challenging goal for data security. We explore the potential of adopting our new scheme to achieve data dissemination control and implement a non-transferable re-encryption based encrypted PC/USB file system. Performance measurements of our scheme demonstrate that non-transferable re-encryption is practical and efficient

Secure bidirectional proxy re-encryption for cryptographic cloud storage

Bidirectional proxy re-encryption allows ciphertext transformation between Alice and Bob via a semi-trusted proxy, who however cannot obtain the corresponding plaintext. Due to this special property, bidirectional proxy re-encryption has become a flexible tool in many dynamic environments, such as cryptographic cloud storage. Nonetheless, how to design a secure and efficient bidirectional proxy re-encryption is still challenging. In this paper, we propose a new bidirectional proxy re-encryption scheme that holds the following properties: (1) constant ciphertext size no matter how many times the transformation is performed; (2) master secret security in the random oracle model, i.e., Alice (resp. Bob) colluding with the proxy cannot obtain Bob’s (resp. Alice’s) private key; (3) replayable chosen ciphertext (RCCA) security in the random oracle model. The above three properties are usually required in the cryptographic cloud storage. Furthermore, the proposed new master secret security may be of independent interest, as it is closer to the original desire: delegate the decryption rights while keeping the signing rights