Improved functional proxy re-encryption schemes for secure cloud data sharing

Abstract

Recently Liang et al. propose an interesting privacy-preserving ciphertext multi-sharing control for big data storage mechanism, which is based on the cryptographic primitive of anonymous multi-hop identity based conditional proxy re-encryption scheme AMH-IBCPRE. They propose a concrete AMH-IBCPRE scheme and conclude their scheme can achieve IND-sCon-sID-CCA secure (in-distinguishable secure under selectively conditional selectively identity chosen ciphertext attack). However, our research show their scheme can not be IND-sCon-sID-CCA secure for single-hop and multi-hop data sharing. Also in 2014, Liang et al. propose an interesting deterministic finite automata-based functional proxy re-encryption scheme DFA-based FPRE for secure public cloud data sharing, they also conclude their scheme can achieve IND-CCA secure (indistinguishable secure under chosen ciphertext attack), we also show their scheme can not be IND-CCA secure either. For these two proposals, the main reason of insecurity is that part of the re-encryption key has the same structure as the valid ciphertext, thus the adversary can query on the decryption oracle with this part of the re-encryption key to get secret keys, which will break the CCA-security of their scheme. We give an improved AMH-IBCPRE scheme and an improved DFA-based FPRE scheme for cloud data sharing and show the new schemes can resist our attack and be CCA-secure. We also demonstrate our improved AMH-IBCPRE scheme’s efficiency compared with other related identity based proxy re-encryption schemes, the results show our scheme is almost the most efficient one.