Research On Certificateless Conditional Proxy Broadcast Re-Encryption Scheme

With the rapid development of new technologies such as cloud computing,cloud storage service has been widely used as a convenient data storage technology,but it also brings some security problems.As the cloud platform lacks the basic protection mechanism for user data and is not completely trusted,the data stored by users is easy to be leaked and tampered.Therefore,how to realize the secure storage and sharing of user data on the cloud platform has been a research hotspot.Proxy re-encryption is a cryptographic system that can authorize decryption permissions and is suitable for the secure storage and sharing of encrypted data in the cloud.In proxy re-encryption,a semi-trusted proxy uses a re-encryption key to convert the ciphertext of the data owner into the ciphertext of the target user.During the conversion,the proxy cannot obtain any plaintext information corresponding to the ciphertext,and the decryption key of the data owner will not be leaked.This thesis studies proxy re-encryption and makes the following achievements:(1)Based on the characteristics of certificateless public key encryption system and proxy reencryption,this thesis proposes a secure sharing architecture in cloud environment.Certificateless public key encryption system has the advantages of not requiring public key certificate and no private key escrow.Data owners can use the original ciphertext to store data on the cloud platform,and use the re-encrypted ciphertext to share data with other users.(2)Aiming at the problems of single access policy and only one-to-one communication in the certificateless proxy re-encryption scheme,this thesis constructs a certificateless conditional proxy broadcast re-encryption scheme.Certificateless conditional proxy broadcast re-encryption uses access tree to achieve fine-grained access control,and can convert the original ciphertext satisfying the access tree into a re-encrypted ciphertext that can be decrypted by multiple users.(3)In view of the problem that the access rights of the target user group will change,this paper realizes the update of user access rights based on the update of the re-encryption key.In this scheme,the re-encryption key is embedded with an identifier representing the uniqueness of the re-encryption key,which must meet the access tree of the original ciphertext so that the re-encryption key can correctly re-encrypt the original ciphertext.When the access rights of the target user group change,the identifier in the re-encryption key needs to be updated.(4)This thesis analyzes the security and performance of the proposed scheme.Based on the existence of two types of adversaries in the certificateless public key encryption system and the two types of ciphertexts for proxy re-encryption,four security models are proposed.Under the random oracle model,it is proved that the scheme achieves adaptively-chosen ciphertext secure.Theoretical analysis and simulation results show that the scheme improves the efficiency of conditional proxy broadcast re-encryption.