IEEE Access (Jan 2021)
A Novel Revocable and Identity-Based Conditional Proxy Re-Encryption Scheme With Ciphertext Evolution for Secure Cloud Data Sharing
Abstract
Proxy re-encryption (PRE), with the unique ciphertext transformation ability, enables various ciphertext authorization applications to be implemented efficiently. However, most existing PRE schemes mainly focus on access authorization while ignoring the situation where the key needs to be changed and the ciphertext needs to be evolved, making the scheme’s practicability and security inadequate. Moreover, the few schemes that simultaneously combine ciphertext authorization, key update, and ciphertext evolution are not satisfactory in terms of security. For solving this problem, based on Xiong et al.’s scheme, this paper proposes an improved revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution (RIB-CPRE-CE) for secure and efficient cloud data sharing. The proposed scheme inherits the characteristics of multi-use, constant ciphertext length, fine-grained authorization, collision-resistance security, and chosen ciphertext attack (CCA) security from the original method. Also, it supports updating ciphertext to adapt to the new key after changing the identity (key) or achieves authorization revocation by evolving ciphertext. Two new algorithms, URKeyGen and UpReEnc, have been integrated into the original delegation scheme to support ciphertext evolution. The formal definition, security model, concrete construction, and security analysis of RIB-CPRE-CE have been presented. The comparison and analysis show that the proposed scheme is practical and secure. Although it adds a ciphertext evolution function for supporting key update and delegation revocation, its efficiency and security are not reduced. The proposed scheme can also be used in other access authorization systems that need to change the key or revoke the authorization. It has certain practicability and security.
Keywords
