Efficient subtree-based encryption for fuzzy-entity data sharing
Tóm tắt
Cloud storage brings strong conveniences for flexible data sharing. When sharing data with a large number of entities described with fuzzy identities, the data owners must leverage a suitable encryption scheme to meet the security and efficiency requirements. (hierarchical) Identity-based encryption is a promising candidate to ensure fuzzy-entity data sharing while meeting the security requirement, but encounters the efficiency difficulty in multireceiver settings. We introduce the notion of subtree-based encryption (SBE) to support multireceiver data sharing mechanism in large-scale enterprises. Users in SBE are organized in a tree structure. Superior users can generate the secret keys to their subordinates. Unlike HIBE merely allowing a single decryption path, SBE enables encryption for a subset of users. We define the security notion for SBE, namely Ciphertext Indistinguishability against Adaptively Chosen-Sub-Tree and Chosen-Ciphertext Attack (IND-CST-CCA2). We propose two secure SBE schemes (SBEs). We first propose a basic SBEs against Adaptively Chosen-Sub-Tree and Chosen-Plaintext Attack (IND-CST-CPA), in which we do not allow the attacker to get decryption results from other users in the security game. We then propose a CCA2-secure SBEs from the basic scheme without requiring any other cryptographic primitives. Our CCA2-secure scheme natively allows public ciphertext validity test, which is a useful property when a CCA2-secure SBEs is used to design advanced protocols and auditing mechanisms for fuzzy-entity data sharing.
Tài liệu tham khảo
Abdalla M, Bellare M, Catalano D, Kiltz E, Kohno T, Lange T, Malone-Lee J, Neven G, Paillier P, Shi H (2005) Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: CRYPTO 2005, vol 3621. LNCS. Springer, Berlin, pp 205–222
Boneh D, Boyen X (2004a) Efficient selective-id secure identity-based encryption without random oracles. In: EUROCRYPT 2004, vol 3027. LNCS. Springer, Berlin, pp 223–238
Boneh D, Boyen X (2004b) Secure identity based encryption without random oracles. In: CRYPTO 2004, vol 3152. LNCS. Springer, Berlin, pp 443–459
Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: CRYPTO 2001, vol 2139. LNCS. Springer, Berlin, pp 213–229
Boneh D, Franklin M (2003) Identity-based encryption from the weil pairing. SIAM J Comput 32(3):586–615
Boneh D, Hamburg M (2008) Generalized identity based and broadcast encryption schemes. In: ASIACRYPT 2008, vol 5350. LNCS. Springer, Berlin, pp 455–470
Boneh D, Katz J (2005) Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. In: CT-RSA 2005, vol 3376. LNCS. Springer, Berlin, pp 87–103
Boneh D, Boyen X, Goh EJ (2005a) Hierarchical identity based encryption with constant size ciphertext. In: EUROCRYPT 2005, vol 3494. LNCS. Springer, Berlin, pp 440–456
Boneh D, Gentry C, Waters B (2005b) Collusion resistant broadcast encryption with short ciphertexts and private keys. In: CRYPTO 2005, vol 3621. LNCS. Springer, Berlin, pp 258–275
Boyen X, Mei Q, Waters B (2005) Direct chosen ciphertext security from identity-based techniques. In: CCS 2005. ACM, pp 320–329
Canetti R, Halevi S, Katz J (2003) A forward-secure public-key encryption scheme. In: EUROCRYPT 2003, vol 2656. LNCS. Springer, Berlin, pp 255–271
Canetti R, Halevi S, Katz J (2004) Chosen-ciphertext security from identity-based encryption. In: EUROCRYPT 2004, vol 3027. LNCS. Springer, Berlin, pp 207–222
Chen HC (2016) A trusted user-to-role and role-to-key access control scheme. Soft Comput 20(5):1721–1733
Chen J, Wee H (2013) Fully, (almost) tightly secure IBE and dual system groups. In: CRYPTO 2013, vol 8043. LNCS. Springer, Berlin, pp 435–460
Chen X, Li J, Huang X, Ma J, Lou W (2015) New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput 12(5):546–556
Cocks C (2001) An identity based encryption scheme based on quadratic residues. In: Cryptography and coding 2001, vol 2260. LNCS. Springer, Berlin, pp 360–363
Delerablée C (2007) Identity-based broadcast encryption with constant size ciphertexts and private keys. In: ASIACRYPT 2007, vol 4833. LNCS. Springer, Berlin, pp 200–215
Delerablée C, Paillier P, Pointcheval D (2007) Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Pairing 2007, vol 4575. LNCS. Springer, Berlin, pp 39–59
Deng H, Wu Q, Qin B, Domingo-Ferrer J, Zhang L, Liu J, Shi W (2014) Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf Sci 275:370–384
Fiat A, Naor M (1994) Broadcast encryption. In: CRYPTO 1993, vol 773. LNCS. Springer, Berlin, pp 480–491
Garg S, Gentry C, Halevi S (2013) Candidate multilinear maps from ideal lattices. In: EUROCRYPT 2013, vol 7881. LNCS. Springer, Berlin, pp 1–17
Gentry C (2006) Practical identity-based encryption without random oracles. In: EUROCRYPT 2006, vol 4004. LNCS. Springer, Berlin, pp 445–464
Gentry C, Halevi S (2009) Hierarchical identity based encryption with polynomially many levels. In: TCC 2009, vol 5444. LNCS. Springer, Berlin, pp 437–456
Gentry C, Silverberg A (2002) Hierarchical id-based cryptography. In: ASIACRYPT 2002, vol 2501. LNCS. Springer, Berlin, pp 548–566
Gentry C, Waters B (2009) Adaptive security in broadcast encryption systems (with short ciphertexts). In: EUROCRYPT 2009, vol 5479. LNCS. Springer, Berlin, pp 171–188
Gentry C, Peikert C, Vaikuntanathan V (2008) Trapdoors for hard lattices and new cryptographic constructions. In: STOC 2008. ACM, pp 197–206
Horwitz J, Lynn B (2002) Toward hierarchical identity-based encryption. In: EUROCRYPT 2002, vol 2332. LNCS. Springer, Berlin, pp 466–481
Hu Y, Jia H (2016) Cryptanalysis of GGH map. In: EUROCRYPT 2016, vol 9665. LNCS. Springer, Berlin, pp 537–565
Huan J, Yang Y, Huang X, Yuen TH, Li J, Cao J (2016) Accountable mobile e-commerce scheme via identity-based plaintext-checkable encryption. Inf Sci 345:143–155
Huang X, Xiang Y, Chonka A, Zhou J, Deng RH (2011) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parallel Distrib Syst 22(8):1390–1397
Huang X, Liu JK, Hua S, Xiang Y, Liang K, Zhou J (2015) Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans Comput 64(4):971–983
Kim J, Susilo W, Au MH, Seberry J (2015) Adaptively secure identity-based broadcast encryption with a constant-sized ciphertext. IEEE Trans Inf Forensics Secur 10(3):679–693
Lewko A (2010) New techniques for dual system encryption and fully secure hibe with short ciphertexts. In: TCC 2010, vol 5978. LNCS. Springer, Berlin, pp 455–479
Lewko A, Waters B (2012) New proof methods for attribute-based encryption: Achieving full security through selective techniques. In: CRYPTO 2012, vol 7417. LNCS. Springer, Berlin, pp 180–198
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: EUROCRYPT 2010, vol 6110. LNCS. Springer, Berlin, pp 62–91
Libert B, Paterson KG, Quaglia EA (2012) Anonymous broadcast encryption: Adaptive security and efficient constructions in the standard model. In: PKC 2012, vol 7293. LNCS. Springer, Berlin, pp 206–224
Liu W, Liu J, Wu Q, Qin B (2014) Hierarchical identity-based broadcast encryption. In: ACISP 2014, vol 8544. LNCS. Springer, Berlin, pp 242–257
Liu W, Liu X, Liu J, Wu Q, Zhang J (2015a) Auditing and revocation enabled role-based access control over outsourced private ERHS. In: HPCC, pp 336–341
Liu Z, Weng J, Li J, Yang J, Fu C, Jia C (2015b) Cloud-based electronic health record system supporting fuzzy keyword search. Soft Comput 20(8):3243–3255
Liu W, Liu J, Wu Q, Qin B, Li Y (2016) Practical chosen-ciphertext secure hierarchical identity-based broadcast encryption. Int J Inf Secur 15(1):35–50
Maurer UM, Yacobi Y (1991) Non-interactive public-key cryptography. In: EUROCRYPT 1991, vol 547. LNCS. Springer, Berlin, pp 498–507
Qin B, Wu Q, Zhang L, Farràs O, Domingo-Ferrer J (2012) Provably secure threshold public-key encryption with adaptive security and short ciphertexts. Inf Sci 210:67–80
Ren Y, Gu D (2009) Fully CCA2 secure identity based broadcast encryption without random oracles. Inf Process Lett 109(11):527–533
Seo JH, Kobayashi T, Ohkubo M, Suzuki K (2009) Anonymous hierarchical identity-based encryption with constant size ciphertexts. In: PKC 2009, vol 5443. LNCS. Springer, Berlin, pp 215–234
Shamir A (1985) Identity-based cryptosystems and signature schemes. In: CRYPTO 1984, vol 196. LNCS. Springer, Berlin, pp 47–53
Wang J, Chen X, Huang X, You I, Xiang Y (2015) Verifiable auditing for outsourced database in cloud computing. IEEE Trans Comput 64(11):3293–3303
Waters B (2005) Efficient identity-based encryption without random oracles. In: EUROCRYPT 2005, vol 3494. LNCS. Springer, Berlin, pp 114–127
Waters B (2009) Dual system encryption: realizing fully secure ibe and hibe under simple assumptions. In: CRYPTO 2009, vol 5677. LNCS. Springer, Berlin, pp 619–636
Wu Q, Qin B, Zhang L, Domingo-Ferrer J, Farràs O, Manjón J (2016) Contributory broadcast encryption with efficient encryption and short ciphertexts. IEEE Trans Comput 65(2):466–479
Zhang L, Wu Q, Domingo-Ferrer J, Qin B, Zeng P (2014a) Signatures in hierarchical certificateless cryptography: efficient constructions and provable security. Inf Sci 272:223–237
Zhang M, Yang B, Takagi T (2014b) Anonymous spatial encryption under affine space delegation functionality with full security. Inf Sci 277:715–730
Zhou X, Liu J, Liu W, Wu Q (2016) Anonymous role-based access control on e-health records. In: ASIACCS 2016. ACM, pp 559–570