Cloud-based conditional broadcast proxy re-encryption scheme

doi:10.11772/j.issn.1001-9081.2024070989

Journal of Computer Applications ›› 2025, Vol. 45 ›› Issue (7): 2278-2287.DOI: 10.11772/j.issn.1001-9081.2024070989

• Cyber security • Previous Articles Next Articles

Cloud-based conditional broadcast proxy re-encryption scheme

Binhan LI, Lunzhi DENG(), Huan LIU

School of Mathematical Sciences，Guizhou Normal University，Guiyang Guizhou 550025，China

Received:2024-07-15 Revised:2024-10-29 Accepted:2024-10-30 Online:2025-07-10 Published:2025-07-10
Contact: Lunzhi DENG
About author:LI Binhan， born in 2000， M. S. candidate. His research interests include proxy re-encryption.
DENG Lunzhi， born in 1979， Ph. D.， professor. His research interests include cryptography， information security.
LIU Huan， born in 1999， M. S. candidate. Her research interests include searchable encryption.
Supported by:
National Natural Science Foundation of China(62462014);Guiyang Science and Technology Program(［2021］43-8);Guizhou Province Hundred People-level Innovative Talent Project(GCC［2022］018-1);Natural Science Research Project of Guizhou Provincial Department of Education(［2023］010);Guizhou Provincial Key Science and Technology Program(［2024］058)

基于云的条件广播代理重加密方案

李滨瀚, 邓伦治(), 刘欢

贵州师范大学数学科学学院，贵阳 550025

通讯作者: 邓伦治
作者简介:李滨瀚（2000—），男，贵州遵义人，硕士研究生，主要研究方向：代理重加密
邓伦治（1979—），男，贵州桐梓人，教授，博士，主要研究方向：密码学、信息安全 denglunzhi@163.com
刘欢（1999—），女，湖北利川人，硕士研究生，主要研究方向：可搜索加密。
基金资助:
国家自然科学基金资助项目(62462014);贵阳市科技计划项目（［2021］43-8）;贵州省百人层次创新人才项目(GCC［2022］018-1);贵州省教育厅自然科学研究项目(［2023］010);贵州省科技计划重点项目(［2024］058)

Abstract

Abstract:

To address the common issue of cloud server authority abuse in Proxy Re-Encryption （PRE） schemes， as well as limitations of the existing Conditional Proxy Re-Encryption （CPRE） schemes in terms of multiple receivers， security， and computational cost， a Certificate-Based Conditional Broadcast Proxy Re-Encryption （CB-CBPRE） scheme was proposed. In the scheme， an access condition was set by the data owner when generating convertible ciphertext and re-encryption key， and a valid re-encrypted ciphertext only generated by the cloud server when the condition matched， thereby preventing the cloud server from abusing its authority and providing re-encrypted ciphertext to unauthorized users. The security of the proposed scheme was a Decisional Diffie-Hellman （DDH） problem， and ciphertext of the proposed scheme was proven to be indistinguishable in Random Oracle Model （ROM）. Experimental results show that when the number of receivers is 50， compared with four schemes： Identity-Based Broadcast Proxy Re-Encryption （IB-BPRE）， Privacy-Preserving Proxy Re-Encryption （PP-PRE）， Revocable Identity-Based Broadcast Proxy Re-Encryption （RIB-BPRE）， and Multi-Channel Broadcast Proxy Re-Encryption （MC-BPRE）， the proposed scheme reduces the computational time by 73%， 83%， 87%， and 92%， respectively， and the communication volume by 66%， 90%， 77%， and 66%， respectively， enhancing efficiency of encryption effectively.

Key words: cloud computing, Conditional Proxy Re-Encryption (CPRE), certificate-based encryption, broadcast encryption, Random Oracle Model (ROM)

摘要：

针对代理重加密（PRE）方案中普遍存在的云服务器权限的滥用问题，以及现有的条件代理重加密（CPRE）方案在多接收者、安全性和计算成本上的局限，提出一个基于证书的条件广播代理重加密（CB-CBPRE）方案。该方案中，数据拥有者在生成可转换密文和重加密密钥时设置一个访问条件，云服务器仅在条件匹配时才能生成有效的重加密密文，从而防止云服务器滥用权限，而向未授权用户提供重加密密文。该方案的安全性为判定性迪菲赫尔曼（DDH）问题，并在随机预言模型（ROM）下证明该方案密文具有不可区分性。实验结果表明，当接收者数量为50时，与基于身份的广播代理重加密（IB-BPRE）方案、隐私保护代理重加密（PP-PRE）方案、可撤销的基于身份的广播代理重加密（RIB-BPRE）方案和多通道的广播代理重加密（MC-BPRE）方案这4个方案相比，CB-CBPRE的计算时间分别缩短了73%、83%、87%和92%，通信数量分别减少了66%、90%、77%和66%，加密效率得到有效提升。

关键词: 云计算, 条件代理重加密, 基于证书的加密, 广播加密, 随机预言模型

CLC Number:

TP309

Binhan LI, Lunzhi DENG, Huan LIU. Cloud-based conditional broadcast proxy re-encryption scheme[J]. Journal of Computer Applications, 2025, 45(7): 2278-2287.

李滨瀚, 邓伦治, 刘欢. 基于云的条件广播代理重加密方案[J]. 《计算机应用》唯一官方网站, 2025, 45(7): 2278-2287.

Figures/Tables 7

Fig. 1 System model of proposed scheme

Tab. 1 Explanation of operation symbols

符号	解释	运行所需时间/ms
Tp	单次配对运算	4.154
Th	单次哈希到点运算	4.362
Tm	群G₁上的单次标量乘法运算	1.631
Te	群G₂上的单次幂运算	0.021
Ts	群G上的单次标量乘法运算	0.509

Tab. 2 Comparison of performance

方案	是否使用配对和哈希到点操作	安全级别
IB-BPRE^［5］	是	S-CPA
PP-PRE^［6］	是	CPA
RIB-BPRE^［7］	是	CPA
MC-BPRE^［8］	是	CCA
CB-CBPRE	否	CCA

Tab. 3 Comparison of computational cost

方案	可转换密文生成	重加密	可转换密文解密	重加密密文解密	总体计算成本
IB-BPRE^［5］	3Tm+1Te	（n+3）Tm+2Tp+2Th +2Te	2Tp+1Tm+1Te	2Tp	（n+7）Tm+6Tp+2Th +4Te
PP-PRE^［6］	4Tm+1Te	（2n+2）Tm+1Tp+1Th+2Te	1Tp	2Tp+1Th	（2n+6）Tm+4Tp+2Th +3Te
RIB-BPRE^［7］	3Tm+1Te	（2n+4）Tm+1Tp+1Th +1Te	1Tp+1Te	（n+1）Tm+2Tp+1Te	（3n+8）Tm+4Tp+1Th +3Te
MC-BPRE^［8］	3Tm+1Tp+1Te	（2n+2）Tm+4Tp+1Th+1Te	3Tp	（n+4）Tp+1Th	（2n+5）Tm+（n+12）Tp+2Th +2Te
CB-CBPRE	3Ts	（n+6）Ts	2Ts	5Ts	（n+16）Ts

Tab. 4 Comparison of communication cost

方案	可转换密文生成	重加密密钥生成	重加密密文生成	总体通信成本
IB-BPRE^［5］	$3 G 1 + G 2 + Z q *$	$(n + 2) G 1$	$(n + 2) G 1 + G 2$	$(2 n + 7) G 1 + 2 G 2 + Z q *$
PP-PRE^［6］	$2 G 1 + G 2$	$(4 n - 2) G 1$	$(4 n - 2) G 1 + G 2$	$(8 n - 2) G 1 + 2 G 2$
RIB-BPRE^［7］	$2 G 1 + G 2$	$(2 n + 3) G 1$	$(n + 3) G 1 + 2 G 2$	$(3 n + 8) G 1 + 4 G 2$
MC-BPRE^［8］	$3 G 1 + G 2$	$(n + 3) G 1$	$(n + 2) G 1 + G 2$	$(2 n + 8) G 1 + 2 G 2$
CB-CBPRE	$G + 2 Z q * + l 1 + l 2$	$G + l 1 + l 2 + (n + 3) Z q *$	$2 G + 2 l 1 + l 2 + (n + 2) Z q *$	$(2 n + 7) Z q * + 4 G + 4 l 1 + l 2$

Tab. 4 Comparison of communication cost

方案	可转换密文生成	重加密密钥生成	重加密密文生成	总体通信成本
IB-BPRE^［5］	$3 G 1 + G 2 + Z q *$	$(n + 2) G 1$	$(n + 2) G 1 + G 2$	$(2 n + 7) G 1 + 2 G 2 + Z q *$
PP-PRE^［6］	$2 G 1 + G 2$	$(4 n - 2) G 1$	$(4 n - 2) G 1 + G 2$	$(8 n - 2) G 1 + 2 G 2$
RIB-BPRE^［7］	$2 G 1 + G 2$	$(2 n + 3) G 1$	$(n + 3) G 1 + 2 G 2$	$(3 n + 8) G 1 + 4 G 2$
MC-BPRE^［8］	$3 G 1 + G 2$	$(n + 3) G 1$	$(n + 2) G 1 + G 2$	$(2 n + 8) G 1 + 2 G 2$
CB-CBPRE	$G + 2 Z q * + l 1 + l 2$	$G + l 1 + l 2 + (n + 3) Z q *$	$2 G + 2 l 1 + l 2 + (n + 2) Z q *$	$(2 n + 7) Z q * + 4 G + 4 l 1 + l 2$

Fig. 2 Total computational cost （n=50）

Fig. 3 Total communication cost （n=50）

References 26

[1]	徐嘉，张骥先，王喆民，等.基于NUMA云计算架构的多资源分配可信拍卖机制［J］.计算机工程与科学，2024， 46（5）： 761-775.
	XU J， ZHANG J X， WANG Z M， et al. Truthful auction mechanisms for multi-resource allocation based on NUMA architecture for cloud computing ［J］. Computer Engineering and Science， 2024， 46（5）： 761-775.
[2]	李琦，樊昊源，陈伟，等.面向云存储的属性基双边访问控制方案［J］.通信学报，2024， 45（4）： 128-136.
	LI Q， FAN H Y， CHEN W， et al. Attribute-based bilateral access control scheme for cloud storage ［J］. Journal on Communications， 2024， 45（4）： 128-136.
[3]	DENG L， FENG S， CHEN Z. Certificateless encryption scheme with provable security in the standard model suitable for mobile devices ［J］. Information Sciences， 2022， 613： 228-238.
[4]	BLAZE M， BLEUMER G， STRAUSS M. Divertible protocols and atomic proxy cryptography ［C］// Proceedings of the 1998 International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 1403. Berlin： Springer， 1998： 127-144.
[5]	ZHANG J， SU S， ZHONG H， et al. Identity-based broadcast proxy re-encryption for flexible data sharing in VANETs ［J］. IEEE Transactions on Information Forensics and Security， 2023， 18： 4830-4842.
[6]	HAN X， TIAN D， ZHOU J， et al. Privacy-preserving proxy re-encryption with decentralized trust management for MEC-empowered VANETs ［J］. IEEE Transactions on Intelligent Vehicles， 2023， 8（8）： 4105-4119.
[7]	GE C， LIU Z， XIA J， et al. Revocable identity-based broadcast proxy re-encryption for data sharing in clouds ［J］. IEEE Transactions on Dependable and Secure Computing， 2021， 18（3）： 1214-1226.
[8]	MAITI S， MISRA S， MONDAL A. MBP： multi-channel broadcast proxy re-encryption for cloud-based IoT devices ［J］. Computer Communications， 2024， 214： 57-66.
[9]	WENG J， DENG R H， DING X， et al. Conditional proxy re-encryption secure against chosen-ciphertext attack ［C］// Proceedings of the 4th International Symposium on Information， Computer， and Communications Security. New York： ACM， 2009： 322-332.
[10]	LIU Y， REN Y， GE C， et al. A CCA-secure multi-conditional proxy broadcast re-encryption scheme for cloud storage system ［J］. Journal of Information Security and Applications， 2019， 47： 125-131.
[11]	JIANG L， GUO D. Dynamic encrypted data sharing scheme based on conditional proxy broadcast re-encryption for cloud storage ［J］. IEEE Access， 2017， 5： 13336-13345.
[12]	HUANG Q， YANG Y， FU J. PRECISE： identity-based private data sharing with conditional proxy re-encryption in online social networks ［J］. Future Generation Computer Systems， 2018， 86： 1523-1533.
[13]	LI P， ZHU L， GUPTA B B， et al. A multi-conditional proxy broadcast Re-encryption scheme for sensor networks ［J］. Computers， Materials and Continua， 2020， 65（3）： 2079-2090.
[14]	LIANG X， WENG J， YANG A， et al. Attribute-based conditional proxy re-encryption in the standard model under LWE ［C］// Proceedings of the 2021 European Symposium on Research in Computer Security， LNCS 12973. Cham： Springer， 2021： 147-168.
[15]	YAO S， DAYOT R V J， KIM H J， et al. A novel revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution for secure cloud data sharing ［J］. IEEE Access， 2021， 9： 42801-42816.
[16]	YAO S， DAYOT R V J， RA I H， et al. An identity-based proxy re-encryption scheme with single-hop conditional delegation and multi-hop ciphertext evolution for secure cloud data sharing ［J］. IEEE Transactions on Information Forensics and Security， 2023， 18： 3833-3848.
[17]	CHEN Z， CHEN J， MENG W. A new dynamic conditional proxy broadcast re-encryption scheme for cloud storage and sharing ［C］// Proceedings of the IEEE 18th International Conference on Dependable， Autonomic and Secure Computing. Piscataway： IEEE， 2020： 569-576.
[18]	HU H， ZHOU Y， CAO Z， et al. Efficient and HRA secure universal conditional proxy re-encryption for cloud-based data sharing ［J］. Applied Sciences， 2022， 12（19）： No.9586.
[19]	ZHANG L， YANG Q， YANG Y， et al. Data sharing scheme of smart grid based on identity condition proxy re-encryption ［J］. Electronics， 2023， 13（1）： No.139.
[20]	LIN S， CUI L， KE N. End-to-end encrypted message distribution system for the Internet of Things based on conditional proxy re-encryption ［J］. Sensors， 2024， 24（2）： No.438.
[21]	ZHANG Y， ZHANG Z， JI S， et al. Conditional proxy re-encryption-based key sharing mechanism for clustered federated learning ［J］. Electronics， 2024， 13（5）： No.848.
[22]	ZENG P， CHOO K K R. A new kind of conditional proxy re-encryption for secure cloud storage ［J］. IEEE Access， 2018， 6： 70017-70024.
[23]	李兆斌，张璐，赵洪，等.基于无证书的门限条件代理重加密方案［J］.北京邮电大学学报，2023， 46（1）： 44-49， 83.
	LI Z B， ZHANG L， ZHAO H， et al. Certificateless threshold-based conditional proxy re-encryption scheme ［J］. Journal of Beijing University of Posts and Telecommunications， 2023， 46（1）： 44-49， 83.
[24]	尚龙飞，王华杰，徐露.基于条件代理重加密的区块链医疗数据共享模型［J］.现代电子技术，2024， 47（1）： 78-83.
	SHANG L F， WANG H J， XU L. Blockchain medical data sharing model based conditional proxy re-encryption ［J］. Modern Electronics Technique， 2024， 47（1）： 78-83.
[25]	翟社平，陆娴婧，霍媛媛，等.一种改进条件广播代理重加密的数据共享方案［J］.西安电子科技大学学报，2024， 51（2）： 224-238.
	ZHAI S P， LU X J， HUO Y Y， et al. Improved data sharing scheme based on conditional broadcast proxy re-encryption ［J］. Journal of Xidian University， 2024， 51（2）： 224-238.
[26]	LU Y， LI J. Lightweight public key authenticated encryption with keyword search against adaptively-chosen-targets adversaries for mobile devices ［J］. IEEE Transactions on Mobile Computing， 2022， 21（12）： 4397-4409.

Cloud-based conditional broadcast proxy re-encryption scheme

基于云的条件广播代理重加密方案

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 26

Related Articles 15

Recommended Articles

Metrics

[1]	Han ZHANG, Hang YU, Jiwei ZHOU, Yunkai BAI, Lutan ZHAO. Survey on trusted execution environment towards privacy computing [J]. Journal of Computer Applications, 2025, 45(2): 467-481.
[2]	Jiaxing LU, Hua DAI, Yuanlong LIU, Qian ZHOU, Geng YANG. Dictionary partition vector space model for ciphertext ranked search in cloud environment [J]. Journal of Computer Applications, 2023, 43(7): 1994-2000.
[3]	Kun YOU, Qinhui WANG, Xin LI. General multi-unit false-name-proof auction mechanism for cloud computing [J]. Journal of Computer Applications, 2023, 43(11): 3351-3357.
[4]	Xiuping ZHU, Yali LIU, Changlu LIN, Tao LI, Yongquan DONG. Efficient certificateless ring signature scheme based on elliptic curve [J]. Journal of Computer Applications, 2023, 43(11): 3368-3374.
[5]	Jingyu SUN, Jiayu ZHU, Ziqiang TIAN, Guozhen SHI, Chuanjiang GUAN. Attribute based encryption scheme based on elliptic curve cryptography and supporting revocation [J]. Journal of Computer Applications, 2022, 42(7): 2094-2103.
[6]	Jinquan ZHANG, Shouwei XU, Xincheng LI, Chongyang WANG, Jingzhi XU. Cloud computing task scheduling based on orthogonal adaptive whale optimization [J]. Journal of Computer Applications, 2022, 42(5): 1516-1523.
[7]	CHEN Jiahao, YIN Xinchun. Traceable and revocable ciphertext-policy attribute-based encryption scheme based on cloud-fog computing [J]. Journal of Computer Applications, 2021, 41(6): 1611-1620.
[8]	GE Lina, HU Yugu, ZHANG Guifen, CHEN Yuanyuan. Reverse hybrid access control scheme based on object attribute matching in cloud computing environment [J]. Journal of Computer Applications, 2021, 41(6): 1604-1610.
[9]	YANG Ling, JIANG Chunmao. Strategy of energy-aware virtual machine migration based on three-way decision [J]. Journal of Computer Applications, 2021, 41(4): 990-998.
[10]	Xiaoling SUN, Guang YANG, Yanping SHEN, Qiuge YANG, Tao CHEN. Searchable encryption scheme based on splittable inverted index [J]. Journal of Computer Applications, 2021, 41(11): 3288-3294.
[11]	LYU Jiayu, ZHU Zhirong, YAO Zhiqiang. Two-channel dynamic data encryption strategy in cloud computing environment [J]. Journal of Computer Applications, 2020, 40(8): 2268-2273.
[12]	GUO Shujie, LI Zhihua, LIN Kaiqing. Fuzzy membership degree based virtual machine placement algorithmin cloud environment [J]. Journal of Computer Applications, 2020, 40(5): 1374-1381.
[13]	CHEN Chengjun, MAO Yingchi, WANG Yichao. CNN model compression based on activation-entropy based layer-wise iterative pruning strategy [J]. Journal of Computer Applications, 2020, 40(5): 1260-1265.
[14]	XU Yingxin, SUN Lei, ZHAO Jiancheng, GUO Songhui. Virtual field programmable gate array placement strategy based on ant colony optimization algorithm [J]. Journal of Computer Applications, 2020, 40(3): 747-752.
[15]	Fuxin LIU, Jingwei LI, Yihong WANG, Lin LI. Design and implementation of cloud native massive data storage system based on Kubernetes [J]. Journal of Computer Applications, 2020, 40(2): 547-552.