Research On Proxy Re-encryption For Data Sharing In Clouds

Due to the powerful computing and storage capabilities of cloud computing,it is increasingly widely used in individual,enterprise,government,and military fields.Al-though cloud computing provides many conveniences for users,it also brings a lot of security problems to users with the frequent occurrence of data leakage events.Users cannot fully trust the cloud service provider and lose control over the data stored in the cloud server so users’ primary concern is how to realize the privacy and security of the data stored in the cloud server.Users can use public key encryption technology to encrypt data and store encrypted data in the cloud to realize data privacy,but it is challenging to meet the requirements of flexible data sharing via public key encryption.It is worth mentioning that proxy re-encryption can realize flexible data sharing in the cloud computing environ-ment.This technology allows the proxy to convert the outsourced encrypted data of the data owner into encrypted data that the data user can decrypt.In this process,the data owner does not need to go through the tedious process of downloading the encrypted data stored on the cloud server,decrypting the encrypted data,and re-encrypting the data,so as to realize the data sharing.However,the existing proxy re-encryption schemes have high computing costs,single functions,and limited access control.For solving the above prob-lems,this dissertation design efficient,multi-function,autonomous access control proxy re-encryption schemes,to meet the different needs of users.The main research work of this dissertation is as follows.(1)This dissertation proposes a lightweight dynamic broadcast proxy re-encryption scheme(LD-BPRE)for cloud data sharing.In the LD-BPRE scheme,the data owner does not need to update the re-encryption key to realize the function of user revocation and user addition.In other words,when the data sharing list is updated,the proxy can use the original re-encryption key to realize the transfer of decryption power.In addition,a large amount of computing overhead is delegated to the cloud server so the LD-BPRE scheme is lightweight for users with weak mobile devices.Based on the decisional n-BDHE assumption,the LD-BPRE scheme is proved to be able to resist chosen plaintext attacks under the standard security model.Finally,this dissertation compares the performance of the LD-BPRE scheme with other related schemes,the results show that the LD-BPRE scheme is lightweight for users.(2)This dissertation proposes an autonomous path identity-based broadcast proxy re-encryption scheme(APIB-BPRE)for cloud data sharing.In the APIB-BPRE scheme,the data owner can select multiple trusted data user sets according to his own wishes,and specify the priority of the decryption authority of data user sets.In this case,the proxy can delegate the decryption authority to different data user sets according to priority.In other words,the APIB-BPRE scheme adds the autonomous path multi-hop function to the identity-based broadcast proxy re-encryption.In addition,this dissertation proves that the APIB-BPRE scheme based on the decisional n-BDHE problem can resist chosen plaintext attacks under the random oracle model.Finally,the performance of the proposed APIB-BPRE scheme is compared with other related schemes,the results show that APIB-BPRE can realize the function of an autonomous path and has lower computing cost.(3)This dissertation proposes a universal conditional proxy re-encryption scheme(UCPRE)for cloud data sharing.In UCPRE scheme,the proxy can convert the ciphertext authorized by the data owner into the ciphertext that can be decrypted by the data user.The converted ciphertext is equal to that of the data user encrypted the same message via the threshold homomorphic encryption scheme.In other words,the scheme can transform the authorized ciphertext of the data owner based on the threshold homomorphic encryption scheme into the ciphertext of the data user based on the threshold homomorphic encryption scheme.In addition,if threshold homomorphic encryption is secure under the chosen plaintext attack model,this dissertation proves that the UCPRE scheme can resist honest re-encryption attacks.Finally,the universal conditional proxy re-encryption scheme is instantiated,and the performance of the instantiated UCPRE scheme is compared with other related schemes.The results show that the instantiated UCPRE scheme is more effective.(4)This dissertation proposes a universal conditional broadcast proxy re-encryption scheme(UCBPRE)for cloud data sharing.In the UCBPRE scheme,the proxy can convert the ciphertext authorized by the data owner into the ciphertext that can be decrypted by the broadcast receiver of the broadcast receiver set,thus it realizes the one-to-many data sharing model.In other words,UCBPRE can transform the authorized ciphertext of the data owner based on the threshold homomorphic encryption scheme into the ciphertext of the data user based on the broadcast encryption scheme.In addition,if the broad-cast proxy-based re-encryption scheme is secure under the chosen plaintext attack model,this dissertation proves that the UCBPRE scheme can resist the chosen plaintext attack.Finally,the universal conditional proxy re-encryption scheme is instantiated,and the per-formance of the instantiated UCBPRE scheme is compared with other related schemes.The results show that the instantiated UCBPRE scheme is more efficient.