Cryptology ePrint Archive: Report 2017/833

Efficient Hybrid Proxy Re-Encryption for Practical Revocation and Key Rotation

Steven Myers and Adam Shull

Abstract: We consider the problems of i) using public-key encryption to enforce dynamic access control on clouds; and ii) key rotation of data stored on clouds. Historically, proxy re-encryption, ciphertext delegation, and related technologies have been advocated as tools that allow for revocation and the ability to cryptographically enforce \emph{dynamic} access control on the cloud, and more recently they have suggested for key rotation of data stored on clouds. Current literature frequently assumes that data is encrypted directly with public-key encryption primitives. However, for efficiency reasons systems would need to deploy with hybrid encryption. Unfortunately, we show that if hybrid encryption is used, then schemes are susceptible to a key-scraping attack. Given a proxy re-encryption or delegation primitive, we show how to construct a new hybrid scheme that is resistant to this attack and highly efficient. The scheme only requires the modification of a small fraction of the bits of the original ciphertext. The number of modifications scales linearly with the security parameter and logarithmically with the file length: it does not require the entire symmetric-key ciphertext to be re-encrypted!

Beyond the construction, we introduce new security definitions for the problem at hand, prove our construction secure, discuss use cases, and provide quantitative data showing its practical benefits and efficiency. We show the construction extends to identity-based proxy re-encryption and revocable-storage attribute-based encryption, and thus that the construction is robust, supporting most primitives of interest.

Category / Keywords: Proxy Re-encryption, Ciphertext Delegation, Hybrid Encryption, Key Rotation, Dynamic Cryptographic Access Control

Date: received 30 Aug 2017, last revised 7 Sep 2017

Contact author: amshull at indiana edu

Available format(s): PDF | BibTeX Citation

Version: 20170907:161735 (All versions of this report)

Short URL: ia.cr/2017/833

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]