You are on page 1of 7

Key-Aggregate Cryptosystem for Scalable Data

Sharing in Cloud Storage

Data sharing is an important functionality in cloud storage. In this article, we show how
to securely, efficiently, and flexibly share data with others in cloud storage. We describe new
public-key cryptosystems which produce constant-size ciphertexts such that efficient delegation
of decryption rights for any set of ciphertexts are possible. The noelty is that one can aggregate
any set of secret keys and make them as compact as a single key, but encompassing the power of
all the keys being aggregated. In other words, the secret key holder can release a constant-size
aggregate key for flexible choices of ciphertext set in cloud storage, but the other encrypted files
outside the set remain confidential. This compact aggregate key can be coneniently sent to
others or be stored in a smart card with ery limited secure storage. We proide formal security
analysis of our schemes in the standard model. We also describe other application of our
schemes. In particular, our schemes gie the first public-key patient-controlled encryption for
flexible hierarchy, which was yet to be known.
CELL: +91 9!9" #9$"% +91 99&&' #"(% +91 9!9" "(9$% +91 9($1! !$!$1
V)*)+: ,,,-.)/012304546738+*-649 M0)1 +6:)333.)/01*3:546738+*;9:0)1-86:
CELL: +91 9!9" #9$"% +91 99&&' #"(% +91 9!9" "(9$% +91 9($1! !$!$1
V)*)+: ,,,-.)/012304546738+*-649 M0)1 +6:)333.)/01*3:546738+*;9:0)1-86:
Existing System
There exist seeral expressie !"# schemes where the decryption algorithm only re$uires a
constant number of pairing computations. %ecently, &reen et al. proposed a remedy to this
problem by introducing the notion of !"# with outsourced decryption, which largely eliminates
the decryption oerhead for users. "ased on the existing !"# schemes, &reen et al. also
presented concrete !"# schemes with outsourced decryption.
In these existing schemes, a user proides an untrusted serer, say a proxy operated by a
cloud serice proider, with a transformation key T' that allows the latter to translate any !"#
ciphertext (T satisfied by that user)s attributes or access policy into a simple ciphertext (T), and
it only incurs a small oerhead for the user to recoer the plaintext from the transformed
ciphertext (T). The security property of the !"# scheme with outsourced decryption guarantees
that an adersary *including the malicious cloud serer+ be not able to learn anything about the
encrypted message, howeer, the scheme proides no guarantee on the correctness of the
transformation done by the cloud serer. In the cloud computing setting, cloud serice proiders
may hae strong financial incenties to return incorrect answers, if such answers re$uire less
work and are unlikely to be detected by users.
roposed System!
We considered the erifiability of the cloud)s transformation and proided a method to
check the correctness of the transformation. -oweer, the we did not formally define
erifiability. "ut it is not feasible to construct !"# schemes with erifiable outsourced
decryption following the model defined in the existing. .oreoer, the method proposed in
existing relies on random oracles *%/+. 0nfortunately, the %/ model is heuristic, and a proof of
security in the %/ model does not directly imply anything about the security of an !"# scheme
in the real world. It is well known that there exist cryptographic schemes which are secure in the
%/ model but are inherently insecure when the %/ is instantiated with any real hash function.
In this thesis work, firstly modify the original model of !"# with outsourced decryption
in the existing to allow for erifiability of the transformations. !fter describing the formal
definition of erifiability, we propose a new !"# model and based on this new model construct a
concrete !"# scheme with erifiable outsourced decryption. /ur scheme does not rely on
random oracles.
In this paper we only focus on (1-!"# with erifiable outsourced decryption. The same
approach applies to '1-!"# with erifiable outsourced decryption.To assess the performance of
our !"# scheme with erifiable outsourced decryption, we implement the (1-!"# scheme with
erifiable outsourced decryption and conduct experiments on both an !%.-based mobile deice
and an Intel-core personal computer to model a mobile user and a proxy, respectiely.
roblem Statement
/ne of the main efficiency drawbacks of the most existing !"# schemes is that decryption is
expensie for resource-limited deices due to pairing operations, and the number of pairing
operations re$uired to decrypt a ciphertext grows with the complexity of the access policy.
The aboe obseration motiates us to study !"# with erifiable outsourced
decryption in this thesis work. -ere emphasized that an !"# scheme with secure outsourced
decryption does not necessarily guarantee erifiability *i.e., correctness of the transformation
done by the cloud serer+.
3. 4etup 1hase
5. #ncrypt 1hase
6. 'ey&en 1hase,
7. Decrypt 1hase
Modules Description
The setup algorithm takes no input other than the implicit security parameter. It outputs
the public parameters 1' and a master key .'.
#ncrypt*1',., !+. The encryption algorithm takes as input the public parameters 1', a
message ., and an access structure ! oer the unierse of attributes. The algorithm will encrypt
. and produce a ciphertext (T such that only a user that possesses a set of attributes that
satis8es the access structure will be able to decrypt the message. We will assume that the
ciphertext implicitly contains !.
+ KE* ,E) 'ASE
'ey &eneration*.',4+. The key generation algorithm takes as input the master key .'
and a set of attributes 4 that describe the key. It outputs a priate key 4'
Decrypt*1', (T, 4'+. The decryption algorithm takes as input the public parameters 1',
a ciphertext (T, which contains an access policy !, and a priatekey 4', which is a priate key
for a set 4 of attributes. If the set 4 of attributes satis8es the access structure ! then the algorithm
will decrypt the ciphertext and
return a message ..
System Configuration:-
H/W System Configuration:-
Processor - Pentium III
4peed - 3.3 &hz
%!. - 59: ." *min+
-ard Disk - 5; &"
<loppy Drie - 3.77 ."
'ey "oard - 4tandard Windows 'eyboard
.ouse - Two or Three "utton .ouse
.onitor - 4=&!
S/W System Configuration:-
/perating 4ystem >Windows?9@?A@5;;;@B1
!pplication 4erer > Tomcat9.;@:.B
<ront #nd > -T.C, Daa, Dsp
4cripts > Daa4cript.
4erer side 4cript > Daa 4erer 1ages.
Database > .ys$l
Database (onnectiity > DD"(.
-ow to protect users) data priacy is a central $uestion of cloud storage. With more
mathematical tools, cryptographic schemes are getting more ersatile and often inole multiple
keys for a single application. In this article, we consider how to Ecompress2 secret keys in
public-key cryptosystems which support delegation of secret keys for different ciphertext classes
in cloud storage. Fo matter which one among the power set of classes, the delegatee can always
get an aggregate key of constant size. /ur approach is more flexible than hierarchical key
assignment which can only sae spaces if all key-holders share a similar set of priileges.