Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CCA-Secure Key-Aggregate Proxy Re-Encryption for Secure Cloud Storage

Wei-Hao Chen, Chun-I Fan, Yi-Fan Tseng

TL;DR

This work tackles secure, scalable data sharing in cloud storage by advancing Key-Aggregate Proxy Re-Encryption (KA-PRE) to be CCA-secure in the adaptive, standard model without random oracles. The authors present a KA-PRE construction with constant-size re-encryption keys and a rigorous IND-2PRE-CCA/IND-1PRE-CCA security framework backed by the 3-wDBDHI assumption, along with detailed proofs. They also implement the scheme using the PBC library to demonstrate practicality in real-world cloud scenarios, including performance analyses and a comparison to prior C-PRE schemes. The results show that fine-grained access control can be achieved without sacrificing security or incurring large key-storage costs, enabling secure, efficient data sharing in distributed cloud environments. The work thus provides both theoretical guarantees and empirical validation for CCA-secure KA-PRE in practical cloud storage contexts.

Abstract

The development of cloud services in recent years has mushroomed, for example, Google Drive, Amazon AWS, Microsoft Azure. Merchants can easily use cloud services to open their online shops in a few seconds. Users can easily and quickly connect to the cloud in their own portable devices, and access their personal information effortlessly. Because users store large amounts of data on third-party devices, ensuring data confidentiality, availability and integrity become especially important. Therefore, data protection in cloud storage is the key to the survival of the cloud industry. Fortunately, Proxy Re-Encryption schemes enable users to convert their ciphertext into others ciphertext by using a re-encryption key. This method gracefully transforms the users computational cost to the server. In addition, with C-PREs, users can apply their access control right on the encrypted data. Recently, we lowered the key storage cost of C-PREs to constant size and proposed the first Key-Aggregate Proxy Re-Encryption scheme. In this paper, we further prove that our scheme is a CCA-secure Key-Aggregate Proxy Re-Encryption scheme in the adaptive model without using random oracle. Moreover, we also implement and analyze the Key Aggregate PRE application in the real world scenario.

CCA-Secure Key-Aggregate Proxy Re-Encryption for Secure Cloud Storage

TL;DR

This work tackles secure, scalable data sharing in cloud storage by advancing Key-Aggregate Proxy Re-Encryption (KA-PRE) to be CCA-secure in the adaptive, standard model without random oracles. The authors present a KA-PRE construction with constant-size re-encryption keys and a rigorous IND-2PRE-CCA/IND-1PRE-CCA security framework backed by the 3-wDBDHI assumption, along with detailed proofs. They also implement the scheme using the PBC library to demonstrate practicality in real-world cloud scenarios, including performance analyses and a comparison to prior C-PRE schemes. The results show that fine-grained access control can be achieved without sacrificing security or incurring large key-storage costs, enabling secure, efficient data sharing in distributed cloud environments. The work thus provides both theoretical guarantees and empirical validation for CCA-secure KA-PRE in practical cloud storage contexts.

Abstract

The development of cloud services in recent years has mushroomed, for example, Google Drive, Amazon AWS, Microsoft Azure. Merchants can easily use cloud services to open their online shops in a few seconds. Users can easily and quickly connect to the cloud in their own portable devices, and access their personal information effortlessly. Because users store large amounts of data on third-party devices, ensuring data confidentiality, availability and integrity become especially important. Therefore, data protection in cloud storage is the key to the survival of the cloud industry. Fortunately, Proxy Re-Encryption schemes enable users to convert their ciphertext into others ciphertext by using a re-encryption key. This method gracefully transforms the users computational cost to the server. In addition, with C-PREs, users can apply their access control right on the encrypted data. Recently, we lowered the key storage cost of C-PREs to constant size and proposed the first Key-Aggregate Proxy Re-Encryption scheme. In this paper, we further prove that our scheme is a CCA-secure Key-Aggregate Proxy Re-Encryption scheme in the adaptive model without using random oracle. Moreover, we also implement and analyze the Key Aggregate PRE application in the real world scenario.

Paper Structure

This paper contains 33 sections, 4 theorems, 17 equations, 8 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Contribution
  3. Preliminaries
  4. Bilinear Mapping
  5. 3-weak Decisional Bilinear Diffie-Hellman Inversion
  6. Model and Security Notions of Unidirectional Key-Aggregate PRE
  7. Unidirectional Key-Aggregate PRE
  8. Chosen-Ciphertext Security
  9. Security of Second Level Ciphertext
  10. Security of First Level Ciphertext
  11. Master Secret Security
  12. Our Construction
  13. Notations
  14. The Proposed Scheme
  15. Setup ($\lambda$)
  16. ...and 18 more sections

Key Result

Theorem 2.1

Suppose that there is an adversary $\mathcal{A}$ who has the ability to break the MSS-PRE security of a single-use unidirectional proxy re-encryption scheme $\Gamma$, then we can build another adversary $\mathcal{B}$ who can break IND-1PRE-CCA security.

Figures (8)

  • Figure 1: Users encrypt their files and upload them to the cloud.
  • Figure 2: Alice shares her private key with Bob through a secure channel.
  • Figure 3: The cloud manager, the proxy, converts Alice's ciphertext into Bob's via the re-encryption key.
  • Figure 4: Alice uses four different conditional keys to employ different access control right on the encrypted files.
  • Figure 5: The scenario of the proof
  • ...and 3 more figures

Theorems & Definitions (13)

  • Definition 2.1
  • Definition 2.2
  • Definition 2.3
  • Definition 2.4
  • Definition 2.5
  • Definition 2.6
  • Theorem 2.1
  • Theorem 4.1
  • proof
  • Theorem 4.2
  • ...and 3 more