155:
an organization). However, the corresponding private key is no longer generated by the user. From the public key, which is a unique binary string, there is a key generation center (KGC), which generates and issues the private key to the user. The KGC has a public key, which is assumed to be publicly known, and the encryption and decryption then work under the unique binary string defined public key and the corresponding private key, respectively, with respect to the KGC’s public key.
290:, which can help enhance the usability of the target security applications. The term ‘Conditional’ in IBCPRE refers to an additional feature, which allows each encrypted message to have a ‘tag’ associated with. In addition to the tag, each re-encryption key also has a ‘tag’ attached. The IBCPRE is designed so that only if the tag of an encrypted message matches with the tag of a re-encryption key can the encrypted message be re-encrypted.
310:
for carrying out the re-encryption. The number of re-encryption keys that they need to generate depends on the number of friends that they want to share the encrypted messages with. It does not depend on the number of encrypted messages. One re-encryption key will allow the server to convert all the encrypted messages, provided the tag of the encrypted messages and the tag of the re-encryption key matches.
133:. An IBCPRE scheme is a natural extension of proxy re-encryption on two aspects. The first aspect is to extend the proxy re-encryption notion to the identity-based public key cryptographic setting. The second aspect is to extend the feature set of proxy re-encryption to support conditional proxy re-encryption. By conditional proxy re-encryption, a proxy can use an IBCPRE scheme to re-encrypt a
22:
474:
In 2007, Green and
Ateniese and Ivan and Dodis independently proposed several proxy re-encryption schemes in the identity-based cryptographic setting. This type of scheme is usually called identity-based proxy re-encryption (IBPRE). The schemes are unidirectional, namely, the re-encryption key is for
466:
A related concept to proxy re-encryption called decrypt right delegation was introduced by Mambo and
Okamoto in 1997. Then in 1998, Blaze, Bleumer and Strauss formalized the notion of proxy re-encryption by giving a definition to the set of algorithms of a proxy re-encryption scheme. The authors also
154:
Under the identity-based cryptographic setting, the public key of the user can be an arbitrary string of bits, provided that the string can uniquely identify the user in the system. The unique string, for example, can be an email address, a phone number, and a staff ID (if used only internally within
150:
scheme allows anyone who has the public key of a receiver to encrypt messages to the receiver using the public key in such a way that only the corresponding private key known only to the receiver can decrypt and recover the messages. The public key of a user, therefore, can be published for allowing
298:
One of the key features of IBCPRE is that when a data owner encrypts messages, the encryption is done for themselves and only they themselves can decrypt the encrypted messages using their secret key. There is no need for them to know in advance about who that they would like to share the encrypted
401:
with another user Bob, who becomes her friend recently, Alice generates a re-encryption key using IBCPRE with an associated tag ‘toShareWithFriend’. This generation is done by taking as input Alice’s private key and Bob’s identity. Then Alice sends the re-encryption key to the server. By using the
313:
The conditional ‘tag’ of the IBCPRE facilitates the fine-grained access of encrypted messages. By setting different tag values onto different encrypted messages, the data owner can control the exact set of encrypted messages that they want to share with any particular friends of theirs, with great
309:
IBCPRE supports one-to-many encryption. The data owner can choose multiple friends to share their data with. For multiple friends to share the encrypted messages with, the owner simply needs to generate a re-encryption key for each of their friends and send all the re-encryption keys to the server
494:
Type-based PRE and conditional PRE (CPRE) are designed to ensure that the proxy can re-encrypt a ciphertext tagged with a specific condition only if the re-encryption key given by the delegator is tagged with the same condition. Two identity-based CPRE (IBCPRE) schemes were proposed to achieve
137:
but the ciphertext would only be well-formed for decryption if a condition applied onto the ciphertext together with the re-encryption key is satisfied. This allows fine-grained proxy re-encryption and can be useful for applications such as secure sharing over encrypted cloud data storage.
189:
To do so in the proxy re-encryption scheme, Alice uses her private key and the public key of Bob to generate a re-encryption key. Alice then sends the re-encryption key to the server. Upon receiving this re-encryption key, the server uses the key to transform all the n encrypted messages
450:
to another form for Bob to decrypt using the re-encryption key because the tag of these m encrypted messages, namely ‘Private’ or 'toShareWithFamily', does not match with the tag of the re-encryption key. Also note that the server cannot retrieve any of the messages at any time.
158:
Proxy re-encryption allows a ciphertext, which originally can only be decrypted by a user, to be transformed by a public entity, called proxy, to another ciphertext so that another user can also decrypt. Suppose the two users are Alice and Bob. Alice has some messages:
185:
Now when Alice wants to share these n encrypted messages with Bob, Alice can use a proxy re-encryption scheme to allow the server to re-encrypt these n encrypted messages so that Bob can decrypt these re-encrypted messages directly using his own private key.
151:
everyone to use it for encrypting messages to the user while the private key of the user has to be kept secret for the decryption purpose. Both the public key and the corresponding private key of the user are generated by the user in general.
475:
one party to re-encrypt cipher-texts to another party, but not vice versa. A new re-encryption key has to be generated for the other direction of re-encryption. In terms of security, the security analyses of the schemes have been done in the
491:. This means that if a proxy colludes with the corresponding delegatee, the private key of the delegator will be compromised. CPA-secure IBPRE schemes secure without random oracles were subsequently proposed by Matsuo and Mizuno and Doi.
426:
so that Bob can decrypt them directly using his private key. This transformation can be done as the tag associated with the encrypted messages, namely ‘toShareWithFriend’, matches with the tag associated with the re-encryption key.
285:
In an identity-based conditional proxy re-encryption (IBCPRE) system, users set their public keys as unique identities of the users. One of the main advantages of using identity-based cryptographic algorithms is the elimination of
39:
986:. Lecture Notes in Computer Science. Vol. 7839. The 15th International Conference on Information Security and Cryptology (ICISC 2012), LNCS 7839: Springer. pp. 231–246.
358:
with a tag ‘toShareWithFriend’, using IBCPRE under her unique identity, which is considered as the public key of Alice. Alice then uploads the corresponding encrypted messages C
822:
86:
58:
65:
299:
messages with. In other words, picking the friends to share with by them can be done after they encrypt the messages and uploads them to the server.
72:
1046:
999:
982:
K. Liang; Z. Liu; X. Tan; D. S. Wong; C. Tang (2013). "A CCA-Secure
Identity-Based Conditional Proxy Re-Encryption without Random Oracles".
1089:
54:
105:
1094:
495:
conditional control in both re-encryption and identity-based re-encryption by Liang et al., and achieved CCA security in the
43:
574:
79:
496:
1070:
1015:
953:
924:
895:
866:
818:
752:
723:
694:
665:
632:
306:. The server which stores the encrypted messages cannot decrypt the messages both before and after the re-encryption.
484:
560:
480:
468:
130:
32:
182:. She intends to encrypt them under her public key, and then upload the encrypted messages to some server.
287:
513:
303:
147:
454:
IBCPRE has been used for secure cloud data sharing and related key management solutions in products of
774:
488:
518:
508:
126:
1064:
1052:
1009:
947:
918:
889:
860:
812:
746:
717:
688:
659:
626:
599:
1033:. Proceedings of IEEE International Conference on Communications, ICC 2011: IEEE. pp. 1–5.
1029:
J. Shao; G. Wei; Y. Ling; M. Xie (June 2011). "Identity-Based
Conditional Proxy Re-Encryption".
1042:
995:
1034:
987:
579:
550:
1083:
499:, and the other by Shao et al. and achieved CCA security in the random oracle model.
476:
1056:
838:
Improved proxy re-encryption schemes with applications to secure distributed storage
805:
Improved proxy re-encryption schemes with applications to secure distributed storage
708:
G. Hanaoka; Y. Kawai; N. Kunihiro; T. Matsuda; J. Weng; R. Zhang; Y. Zhao (2012).
991:
792:. ACM Conference on Computer and Communications Security: ACM. pp. 185–194.
21:
555:
538:
134:
1038:
618:
681:
Proxy re-encryption in a stronger security model extended from CT-RSA2012
402:
re-encryption key, the server runs the IBCPRE re-encryption function on C
969:
Conditional proxy re-encryption secure against chosen-ciphertext attack
741:. Public Key Cryptography. LNCS, vol. 4939: Springer. pp. 360–379.
539:"Identity-based conditional proxy re-encryption with fine grain policy"
710:
Generic construction of chosen ciphertext secure proxy re-encryption
596:
Proxy cryptosystems: Delegation of the power to decrypt ciphertexts
651:
15:
739:
Unidirectional chosen-ciphertext secure proxy re-encryption
683:. CT-RSA 2012. LNCS, vol. 7779: Springer. pp. 277–292.
648:
Unidirectional chosen-ciphertext secure proxy re-encryption
455:
1031:
2011 IEEE International
Conference on Communications (ICC)
942:. INDOCRYPT. LNCS, vol. 5365: Springer. pp. 130–144.
882:
Proxy re-encryption systems for identity-based encryption
967:
J. Weng; R. H. Deng; X. Ding; C. K. Chu; J. Lai (2009).
884:. Pairing. LNCS, vol. 4575: Springer. pp. 247–267.
712:. CT- RSA. LNCS, vol. 7178: Springer. pp. 349–364.
836:
G. Ateniese; K. Fu; M. Green; S. Hohenberger (2005).
803:
G. Ateniese; K. Fu; M. Green; S. Hohenberger (2006).
913:. IEICE Transactions 94-A(1): IEICE. pp. 36–44.
855:. ACNS. LNCS, vol. 4521: Springer. pp. 288–306.
471:. Later on, various PRE schemes have been proposed.
940:
Type-based proxy re-encryption and its construction
807:. ACM Trans. Inf. Syst. Secur. 9(1). pp. 1–30.
46:. Unsourced material may be challenged and removed.
615:Divertible protocols and atomic proxy cryptography
322:Consider a user Alice who encrypts some messages M
650:. IEEE Transactions on Information Theory 57(3):
984:Information Security and Cryptology – ICISC 2012
911:Secure and efficient IBE-PKE proxy re-encryption
55:"Identity-based conditional proxy re-encryption"
131:identity-based public key cryptographic setting
621:. LNCS, vol. 1403: Springer. pp. 127–144.
302:Another feature of IBCPRE is that it supports
119:Identity-based conditional proxy re-encryption
8:
790:Chosen-ciphertext secure proxy re-encryption
679:T. Isshiki; M. H. Nguyen; K. Tanaka (2013).
487:, single-hop. The schemes, however, are not
485:chosen-ciphertext-attack-secure (CCA-secure)
414:for transforming them into another form, D
821:) CS1 maint: location missing publisher (
613:M. Blaze; G. Bleumer; M. Strauss (1998).
554:
259:, decrypt them, and recover the messages
106:Learn how and when to remove this message
469:chosen-plaintext security (CPA-security)
529:
430:Note that the server cannot transform C
1062:
1007:
945:
916:
887:
858:
810:
744:
715:
686:
657:
624:
7:
764:
762:
44:adding citations to reliable sources
788:R. Canetti; S. Hohenberger (2007).
543:Computer Standards & Interfaces
853:Identity-based proxy re-encryption
14:
971:. ASIACCS: ACM. pp. 322–332.
346:with a tag ‘toShareWithFamily’, M
467:proposed a scheme for achieving
20:
737:B. Libert; D. Vergnaud (2008).
646:B. Libert; D. Vergnaud (2011).
31:needs additional citations for
851:M. Green; G. Ateniese (2007).
389:When Alice is about to share M
1:
840:. NDSS: The Internet Society.
769:A. A. Ivan; Y. Dodis (2003).
594:M. Mambo; E. Okamoto (1997).
575:"WHAT IS A DIGITAL ENVELOPE?"
483:, multi-hop and the other is
992:10.1007/978-3-642-37682-5_17
771:Proxy cryptography revisited
1090:Identity-based cryptography
1111:
909:T. Mizuno; H. Doi (2011).
602:E80-A(1). pp. 54–63.
556:10.1016/j.csi.2016.12.005
537:Ge, Chunpeng (May 2017).
213:to a new form denoted as
1069:: CS1 maint: location (
1039:10.1109/icc.2011.5962419
1014:: CS1 maint: location (
952:: CS1 maint: location (
923:: CS1 maint: location (
894:: CS1 maint: location (
865:: CS1 maint: location (
817:: CS1 maint: location (
751:: CS1 maint: location (
722:: CS1 maint: location (
693:: CS1 maint: location (
664:: CS1 maint: location (
631:: CS1 maint: location (
236:. Bob can then download
1095:Public-key cryptography
561:Elsevier Science Direct
334:with a tag ‘Private’, M
288:public key certificates
282:using his private key.
654:. pp. 1786–1802.
514:ID-based cryptography
304:end-to-end encryption
148:public-key encryption
775:The Internet Society
462:Schemes and security
129:(PRE) scheme in the
40:improve this article
519:Proxy re-encryption
509:ID-based encryption
489:collusion resistant
477:random oracle model
127:proxy re-encryption
880:T. Matsuo (2007).
600:IEICE Transactions
1048:978-1-61284-232-5
1001:978-3-642-37681-8
116:
115:
108:
90:
1102:
1075:
1074:
1068:
1060:
1026:
1020:
1019:
1013:
1005:
979:
973:
972:
964:
958:
957:
951:
943:
938:Q. Tang (2008).
935:
929:
928:
922:
914:
906:
900:
899:
893:
885:
877:
871:
870:
864:
856:
848:
842:
841:
833:
827:
826:
816:
808:
800:
794:
793:
785:
779:
778:
766:
757:
756:
750:
742:
734:
728:
727:
721:
713:
705:
699:
698:
692:
684:
676:
670:
669:
663:
655:
643:
637:
636:
630:
622:
610:
604:
603:
591:
585:
584:
580:RSA Laboratories
571:
565:
564:
558:
534:
456:AtCipher Limited
281:
258:
235:
212:
181:
111:
104:
100:
97:
91:
89:
48:
24:
16:
1110:
1109:
1105:
1104:
1103:
1101:
1100:
1099:
1080:
1079:
1078:
1061:
1049:
1028:
1027:
1023:
1006:
1002:
981:
980:
976:
966:
965:
961:
944:
937:
936:
932:
915:
908:
907:
903:
886:
879:
878:
874:
857:
850:
849:
845:
835:
834:
830:
809:
802:
801:
797:
787:
786:
782:
768:
767:
760:
743:
736:
735:
731:
714:
707:
706:
702:
685:
678:
677:
673:
656:
645:
644:
640:
623:
612:
611:
607:
593:
592:
588:
573:
572:
568:
536:
535:
531:
527:
505:
464:
449:
445:
441:
437:
433:
425:
421:
417:
413:
409:
405:
400:
396:
392:
385:
381:
377:
373:
369:
365:
361:
357:
353:
349:
345:
341:
337:
333:
329:
325:
320:
296:
279:
273:
266:
260:
256:
250:
243:
237:
233:
227:
220:
214:
210:
204:
197:
191:
179:
173:
166:
160:
144:
125:) is a type of
112:
101:
95:
92:
49:
47:
37:
25:
12:
11:
5:
1108:
1106:
1098:
1097:
1092:
1082:
1081:
1077:
1076:
1047:
1021:
1000:
974:
959:
930:
901:
872:
843:
828:
795:
780:
758:
729:
700:
671:
638:
605:
586:
566:
528:
526:
523:
522:
521:
516:
511:
504:
501:
497:standard model
463:
460:
447:
443:
439:
435:
431:
423:
419:
415:
411:
407:
403:
398:
394:
390:
383:
379:
375:
371:
367:
363:
359:
355:
351:
347:
343:
339:
335:
331:
327:
323:
319:
316:
295:
292:
277:
271:
264:
254:
248:
241:
231:
225:
218:
208:
202:
195:
177:
171:
164:
143:
140:
114:
113:
28:
26:
19:
13:
10:
9:
6:
4:
3:
2:
1107:
1096:
1093:
1091:
1088:
1087:
1085:
1072:
1066:
1058:
1054:
1050:
1044:
1040:
1036:
1032:
1025:
1022:
1017:
1011:
1003:
997:
993:
989:
985:
978:
975:
970:
963:
960:
955:
949:
941:
934:
931:
926:
920:
912:
905:
902:
897:
891:
883:
876:
873:
868:
862:
854:
847:
844:
839:
832:
829:
824:
820:
814:
806:
799:
796:
791:
784:
781:
776:
772:
765:
763:
759:
754:
748:
740:
733:
730:
725:
719:
711:
704:
701:
696:
690:
682:
675:
672:
667:
661:
653:
649:
642:
639:
634:
628:
620:
616:
609:
606:
601:
597:
590:
587:
582:
581:
576:
570:
567:
562:
557:
552:
548:
544:
540:
533:
530:
524:
520:
517:
515:
512:
510:
507:
506:
502:
500:
498:
492:
490:
486:
482:
478:
472:
470:
461:
459:
457:
452:
428:
387:
386:to a server.
317:
315:
314:flexibility.
311:
307:
305:
300:
293:
291:
289:
283:
280:
270:
263:
257:
247:
240:
234:
224:
217:
211:
201:
194:
187:
183:
180:
170:
163:
156:
152:
149:
141:
139:
136:
132:
128:
124:
120:
110:
107:
99:
88:
85:
81:
78:
74:
71:
67:
64:
60:
57: –
56:
52:
51:Find sources:
45:
41:
35:
34:
29:This article
27:
23:
18:
17:
1030:
1024:
983:
977:
968:
962:
939:
933:
910:
904:
881:
875:
852:
846:
837:
831:
804:
798:
789:
783:
770:
738:
732:
709:
703:
680:
674:
647:
641:
614:
608:
595:
589:
578:
569:
559:– via
546:
542:
532:
493:
473:
465:
453:
429:
388:
321:
318:Applications
312:
308:
301:
297:
284:
275:
268:
261:
252:
245:
238:
229:
222:
215:
206:
199:
192:
188:
184:
175:
168:
161:
157:
153:
145:
142:Introduction
122:
118:
117:
102:
93:
83:
76:
69:
62:
50:
38:Please help
33:verification
30:
1084:Categories
525:References
481:CPA-secure
135:ciphertext
66:newspapers
1065:cite book
1010:cite book
948:cite book
919:cite book
890:cite book
861:cite book
813:cite book
747:cite book
718:cite book
689:cite book
660:cite book
627:cite book
619:EUROCRYPT
479:. One is
96:June 2015
1057:34372106
773:. NDSS:
503:See also
294:Features
549:: 1–9.
80:scholar
1055:
1045:
998:
446:, …, C
438:, …, C
422:, …, D
410:, …, C
397:, …, M
382:, …, C
374:, …, C
366:, …, C
354:, …, M
342:, …, M
330:, …, M
123:IBCPRE
82:
75:
68:
61:
53:
1053:S2CID
251:, …,
228:, …,
205:, …,
87:JSTOR
73:books
1071:link
1043:ISBN
1016:link
996:ISBN
954:link
925:link
896:link
867:link
823:link
819:link
753:link
724:link
695:link
666:link
652:IEEE
633:link
274:, …
174:, …
59:news
1035:doi
988:doi
551:doi
444:t+1
442:, C
434:, C
420:m+2
418:, D
416:m+1
408:m+2
406:, C
404:m+1
395:m+2
393:, M
391:m+1
380:m+1
378:, C
372:t+1
370:, C
362:, C
352:m+2
350:, M
348:m+1
340:t+2
338:, M
336:t+1
326:, M
42:by
1086::
1067:}}
1063:{{
1051:.
1041:.
1012:}}
1008:{{
994:.
950:}}
946:{{
921:}}
917:{{
892:}}
888:{{
863:}}
859:{{
815:}}
811:{{
761:^
749:}}
745:{{
720:}}
716:{{
691:}}
687:{{
662:}}
658:{{
629:}}
625:{{
617:.
598:.
577:.
547:52
545:.
541:.
458:.
267:,
244:,
221:,
198:,
167:,
146:A
1073:)
1059:.
1037::
1018:)
1004:.
990::
956:)
927:)
898:)
869:)
825:)
777:.
755:)
726:)
697:)
668:)
635:)
583:.
563:.
553::
448:m
440:t
436:2
432:1
424:n
412:n
399:n
384:n
376:m
368:t
364:2
360:1
356:n
344:m
332:t
328:2
324:1
278:n
276:M
272:2
269:M
265:1
262:M
255:n
253:D
249:2
246:D
242:1
239:D
232:n
230:D
226:2
223:D
219:1
216:D
209:n
207:C
203:2
200:C
196:1
193:C
178:n
176:M
172:2
169:M
165:1
162:M
121:(
109:)
103:(
98:)
94:(
84:·
77:·
70:·
63:·
36:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.