Paper 2017/824
Improved Security Notions for Proxy Re-Encryption to Enforce Access Control
Ela Lee
Abstract
Proxy Re-Encryption (PRE) allows a ciphertext encrypted under Alice’s public key to be transformed to an encryption under Bob’s public key without revealing either the plaintext or the decryption keys. PRE schemes have clear applications to cryptographic access control by allowing outsourced data to be selectively shared to users via re-encryption to appropriate keys. One concern for this application is that the server should not be able to perform unauthorised re-encryptions. We argue that current security notions do not adequately address this concern. We revisit existing definitions for PRE, starting by challenging the concept of unidirectionality, which states that re-encryption tokens from A to B cannot be used to re-encrypt from B to A. We strengthen this definition to reflect realistic scenarios in which adversaries may try to reverse a re-encryption by retaining information about prior ciphertexts and update tokens. We then strengthen the adversarial model to consider malicious adversaries that may collude with corrupt users and attempt to perform unauthorised re-encryptions; this models a malicious cloud service provider aiming to subvert the re-encryption process to leak sensitive data. Finally, we revisit the notion of authenticated encryption for PRE. This currently assumes the same party who created the message also encrypted it, which is not necessarily the case in re-encryption. We thus introduce the notion of ciphertext origin authentication to determine which party encrypted the message (or initiated the most recent re-encryption) and show how to fufil this requirement in practice.
Note: This is a thorough revision including some smaller differences such as notation, and some more major differences such as updating security games and removing potential flaws. Bigger revisions include - Major fixes to unidirectionality game - Proof that our scheme is maximally irreversible now in DDH as opposed to CDH - Adding token index to list of honest ciphertexts (thereby fixing a potential flaw) - Changing reversibility definition to consider more logical values for the storage parameter - Removing the assumption that ciphertext components are the same size - Removing some incorrect proofs in the appendix. Smaller revisions include - Making notation clearer - Updating games to be clearer - Removing token validity - Updating token robustness to consider ReEnc as a probabilistic algorithm - Updating references.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Minor revision. to appear at Latincrypt 2017
- Keywords
- Proxy re-encryptionapplied cryptographyunidirectionalmulti-hopmalicious modelaccess control
- Contact author(s)
- Ela Lee 2010 @ live rhul ac uk
- History
- 2019-08-09: last of 2 revisions
- 2017-08-31: received
- See all versions
- Short URL
- https://ia.cr/2017/824
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/824, author = {Ela Lee}, title = {Improved Security Notions for Proxy Re-Encryption to Enforce Access Control}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/824}, year = {2017}, url = {https://eprint.iacr.org/2017/824} }