Cloud-based conditional broadcast proxy re-encryption scheme

doi:10.11772/j.issn.1001-9081.2024070989

Journal of Computer Applications

Received:2024-07-15 Revised:2024-10-30 Online:2024-11-19 Published:2024-11-19
Contact: DENG LunZhi

基于云的条件广播代理重加密方案

李滨瀚,邓伦治,刘欢

贵州师范大学

通讯作者: 邓伦治
基金资助:
贵州省高层次创新人才项目;国家自然科学基金项目;贵州省科技计划项目;贵州省教育厅自然科学研究项目;贵阳市科技计划项目

Abstract

Abstract: To address the common issue of cloud server privilege abuse in proxy re-encryption schemes, as well as limitations of existing conditional proxy re-encryption schemes in terms of multiple recipients, security, and computational cost, a certificate-based conditional broadcast proxy re-encryption scheme was proposed. The data owner sets an access condition when generating the convertible ciphertext and re-encryption key, and the cloud server can only generate a valid re-encrypted ciphertext when the condition matches, thereby preventing the cloud server from abusing its authority and providing re-encrypted ciphertexts to unauthorized users. The security of the proposed scheme is based on the decisional Diffie-Hellman problem, and its ciphertext is proven to be indistinguishable in the random oracle model. Experimental results show that when the number of receivers is 50, compared with four contrasting schemes: Identity-Based Broadcast Proxy Re-Encryption (IB-BPRE), Privacy-Preserving Proxy Re-Encryption (PP-PRE), Revocable Identity-Based Broadcast Proxy Re-Encryption (RIB-BPRE), and Multi-Channel Broadcast Proxy Re-Encryption (MC-BPRE), the proposed scheme reduces computation time by 73.4%, 83.0%, 87.9%, and 92.3% respectively, and communication rounds by 66.5%, 90.7%, 77.5%, and 66.7% respectively, effectively enhancing efficiency and demonstrating better application prospects.

Key words: cloud computing, conditional proxy re-encryption, certificate-based encryption, broadcast encryption, random oracle model

摘要： 针对代理重加密方案中普遍存在的云服务器滥用权限问题，以及现有条件代理重加密方案在多接收者、安全性和计算成本上的局限，提出了一个基于证书的条件广播代理重加密方案。数据拥有者生成可转换密文和重加密密钥时设置一个访问条件，云服务器仅在条件匹配时才能生成有效的重加密密文，从而防止云服务器滥用权限，向未授权用户提供重加密密文。方案的安全性规约为判定性迪菲赫尔曼问题，并在随机预言模型下证明了密文具有不可区分性。实验结果表明，当接收者数量取50时，与基于身份的广播代理重加密(Identity-Based Broadcast Proxy Re-Encryption, IB-BPRE)方案、隐私保护代理重加密(Privacy-Preserving Proxy Re-Encryption, PP-PRE)方案、可撤销的基于身份的广播代理重加密(Revocable Identity-Based Broadcast Proxy Re-Encryption, RIB-BPRE)方案和多通道的广播代理重加密(Multi-Channel Broadcast Proxy Re-Encryption, MC-BPRE)方案这四个对比方案相比，所提方案的计算时间分别缩短了73%、83％、87％、92%，通信数量分别减少了66%、90%、77％、66％，有效提升了方案的效率，具有更好的应用前景。

关键词: 云计算, 条件代理重加密, 基于证书加密, 广播加密, 随机预言模型

李滨瀚邓伦治刘欢. 基于云的条件广播代理重加密方案[J]. 《计算机应用》唯一官方网站, DOI: 10.11772/j.issn.1001-9081.2024070989.

[1]	Han ZHANG, Hang YU, Jiwei ZHOU, Yunkai BAI, Lutan ZHAO. Survey on trusted execution environment towards privacy computing [J]. Journal of Computer Applications, 2025, 45(2): 467-481.
[2]	Jiaxing LU, Hua DAI, Yuanlong LIU, Qian ZHOU, Geng YANG. Dictionary partition vector space model for ciphertext ranked search in cloud environment [J]. Journal of Computer Applications, 2023, 43(7): 1994-2000.
[3]	Kun YOU, Qinhui WANG, Xin LI. General multi-unit false-name-proof auction mechanism for cloud computing [J]. Journal of Computer Applications, 2023, 43(11): 3351-3357.
[4]	Jingyu SUN, Jiayu ZHU, Ziqiang TIAN, Guozhen SHI, Chuanjiang GUAN. Attribute based encryption scheme based on elliptic curve cryptography and supporting revocation [J]. Journal of Computer Applications, 2022, 42(7): 2094-2103.
[5]	Jinquan ZHANG, Shouwei XU, Xincheng LI, Chongyang WANG, Jingzhi XU. Cloud computing task scheduling based on orthogonal adaptive whale optimization [J]. Journal of Computer Applications, 2022, 42(5): 1516-1523.
[6]	Dong ZHU, Xinchun YIN, Jianting NING. Certificateless signature scheme with strong privacy protection for internet of vehicles [J]. Journal of Computer Applications, 2022, 42(10): 3091-3101.
[7]	CHEN Jiahao, YIN Xinchun. Traceable and revocable ciphertext-policy attribute-based encryption scheme based on cloud-fog computing [J]. Journal of Computer Applications, 2021, 41(6): 1611-1620.
[8]	GE Lina, HU Yugu, ZHANG Guifen, CHEN Yuanyuan. Reverse hybrid access control scheme based on object attribute matching in cloud computing environment [J]. Journal of Computer Applications, 2021, 41(6): 1604-1610.
[9]	YANG Ling, JIANG Chunmao. Strategy of energy-aware virtual machine migration based on three-way decision [J]. Journal of Computer Applications, 2021, 41(4): 990-998.
[10]	Xiaoling SUN, Guang YANG, Yanping SHEN, Qiuge YANG, Tao CHEN. Searchable encryption scheme based on splittable inverted index [J]. Journal of Computer Applications, 2021, 41(11): 3288-3294.
[11]	LYU Jiayu, ZHU Zhirong, YAO Zhiqiang. Two-channel dynamic data encryption strategy in cloud computing environment [J]. Journal of Computer Applications, 2020, 40(8): 2268-2273.
[12]	GUO Shujie, LI Zhihua, LIN Kaiqing. Fuzzy membership degree based virtual machine placement algorithmin cloud environment [J]. Journal of Computer Applications, 2020, 40(5): 1374-1381.
[13]	CHEN Chengjun, MAO Yingchi, WANG Yichao. CNN model compression based on activation-entropy based layer-wise iterative pruning strategy [J]. Journal of Computer Applications, 2020, 40(5): 1260-1265.
[14]	XU Yingxin, SUN Lei, ZHAO Jiancheng, GUO Songhui. Virtual field programmable gate array placement strategy based on ant colony optimization algorithm [J]. Journal of Computer Applications, 2020, 40(3): 747-752.
[15]	Fuxin LIU, Jingwei LI, Yihong WANG, Lin LI. Design and implementation of cloud native massive data storage system based on Kubernetes [J]. Journal of Computer Applications, 2020, 40(2): 547-552.