5 views

Uploaded by Mohamed Adel

Key Policy Attribute-based Proxy Re-encryption
with Matrix Access Structure

- IKC.pptx
- 07814199
- csc4430_Network Security
- CRYPTOGRAPHY A means of Security
- How to Leak on Key Updates
- Survey of Management of Phr by Secure Cipher Text Policy Attribute Based Encryption Scheme
- me218cprojectdescription1617
- ITYC
- RSA
- chapter1
- Data Storage
- A Design of Lightweight Secure Data Sharing
- 05 Seminar-report Thejwal
- A Cryptographic Solution to the Predefind Bound of Ciphertext Classes in KAC
- A Secure Erasure Code-Based Cloud Storage System With Secure Data Forwarding
- Gpg4win Compendium En
- Universal Playfair Cipher Using MXN Matrix
- Crypto Slides One
- 2
- SMU MCA Sem-5th Spring 2018 Solved Assignments

You are on page 1of 5

**with Matrix Access Structure
**

Keying Li

Department of Mathematics

Xidian University

Xi’an 710071, P.R.China

Email: likeying818@163.com

Yinghui Zhang

State Key Laboratory of Integrated Service Networks (ISN)

Xidian University

Xi’an 710071, P.R.China

Email: prrd2007@163.com

Hua Ma

Department of Mathematics

Xidian University

Xi’an 710071, P.R.China

Email: ma hua@126.com

Abstract—Cloud computing has achieved rapid development.

The cloud server even provides unlimited storage and powerful

computing capability as services. A lot of attribute-based

schemes have been constructed for cloud computing to come

into practical applications. To our knowledge, there seems no

ﬂexible key policy attribute-based proxy re-encryption (KP-

AB-PRE) scheme in the literature, which is a promising

cryptographic primitive. In this paper, we propose a KP-AB-

PRE scheme, in which the cloud server can function as the

proxy. In the proposed scheme, matrix access structure is used

for the key policy. Furthermore, our construction enjoys the

desirable properties of unidirectionality, non-interactivity, and

multi-Use, and the secret key security is guaranteed.

Keywords-key policy; attribute-based encryption; proxy re-

encryption; matrix access structure;

I. INTRODUCTION

Cloud computing is a promising computing paradigm

which recently has drawn extensive attention from both

academia and industry [1], [2]. Especially, cloud computing

is used to provide data storage for internet businesses. It

has become a great solution for providing a ﬂexible, on-

demand, and dynamically scalable computing infrastructure

for many applications. The businesses could utilize these

characteristics to increase revenue [3]. As compared to

building their own infrastructures, users are able to save their

investments signiﬁcantly by migrating businesses into the

cloud. With the increasing development of cloud computing

technologies, in the near future more and more businesses

will be moved into the cloud [4].

As promising as it is, this paradigm also has many

new challenges for data security and access control when

users outsource sensitive data for sharing on cloud servers.

These challenges come from the fact that cloud servers are

generally operated by commercial providers which are very

likely to be outside of the trusted domain. Data conﬁdential

against cloud servers is hence frequently desired when users

outsource data for storage and computing in the cloud

servers.

Now we describe an application scenario. The data owner

encrypts the message M with the attributes set S

1

using

KP-ABE algorithm [11] that the key policy is constructed

by LSSS access structure (M

1

, ρ

1

). Then he sends the

ciphertext to the cloud server. U

1

1

can decrypt the ciphertext

if the attributes associated with the ciphertext satisfy his

key’s access structure. But U

1

is on a business trip, he has

no time to deal with the ciphertext. Then he empower his

secretary U

2

to deal with the ciphertext. In this scenario:

a) U

1

don’t want to let anyone know his private key.

b) the cloud proxy updates the ciphertext.

c) U

2

can get the message.

Our Contribution. We present a key policy attribute-based

proxy re-encryption (KP-AB-PRE) scheme. The key policy

realized in our scheme is matrix access structure, and the

proxy can convert the KP-ABE ciphertext under pk

i

into

ciphertext under pk

j

with the help of transform key. Our

scheme inherits the following properties of PRE mentioned

in [5], [6]:

− Unidirectionality. The converting can only from User1

to User2.

− Non-interactivity. The private key generator (PKG) can

compute the transform key without the participation of User1

or User2.

− Multi-Use. The cloud proxy can re-encrypt a ciphertext

multiple times, e.g. re-encrypt from User1 to User2, and then

re-encrypt the result from User2 to User3. In this process, the

computation would increase, but not exponent increasing.

Our scheme has the other properties:

Secret Key Security. The cloud proxy cannot obtain

User1’s secret key even collude with User2.

Re-encryption Control. The encryptor can decide

whether the ciphertext can be re-encrypted [12].

Related Work. Attribute-based encryption was ﬁrst

proposed by Sahai and Waters [7]. Attribute based

encryption is classiﬁed as Ciphertext Policy-Attribute Based

Encryption (CP-ABE) [8] and Key Policy-Attribute Based

Encryption(KP-ABE) [9]. The access structure including

AND and OR gates, tree access structure, and LSSS

1

U

1

could also be a user group that every user has the common attributes

2013 5th International Conference on Intelligent Networking and Collaborative Systems

978-0-7695-4988-0/13 $26.00 © 2013 IEEE

DOI 10.1109/INCoS.2013.17

46

access structure. The notion of PRE was ﬁrst introduced

by Mambo and Okamoto [10]. Green, Hohenberger, and

Waters [11] ﬁrst presented outsourcing the decryption of

abe ciphertexts in the cloud environments. Luo, Hu, and

Chen [12] presented a novel ciphertext policy attribute-

based proxy re-encryption (CP-AB-PRE) scheme. For the

purpose of data conﬁdentiality and ﬁne-grained access

control in cloud computing environments, Yu et al. [4]

put forward a system model using Key Policy-Attribute

Based Encryption (KP-ABE) and Proxy Re-Encryption

(PRE). Do, Song, and Park [13] propose system model that

store and divide data ﬁle into header, body. In addition,

their scheme selectively delegate decryption right using

Type-based Proxy re-encryption. Zhao, Feng, et al. [17]

raised Attribute-Based Conditional Proxy Re-Encryption

with Chosen-Ciphertext Security. Mizuno and Doi [18]

come up with Hybrid Proxy Re-encryption Scheme for

Attribute-Based Encryption.

Organization. The paper is organized as follows. We give

necessary background knowledge and assumptions in Sec-

tion 2. We present our scheme and security model, then

construct and give security analysis in Section 3. We discuss

the scheme and the follow-up work in Section 4. In Section

5, we give the conclusions of our work.

II. PRELIMINARIES

A. Bilinear Maps

Let G and G

T

be two multiplicative cyclic groups of

prime order p. Let g be a generator of Gand e : G×G →G

T

be a bilinear map with the properties:

1. Bilinearity: for all u, v ∈ G and a, b ∈ Z

p

, we have

e(u

a

, v

b

) = e(u, v)

ab

.

2. Non-degeneracy: e(g, g) = 1. We say that G is a

bilinear group if the group operation in G and the bilinear

map e: G×G →G

T

are both efﬁciently computable.

B. Access Structure

Deﬁnition 1 (Access Structure [14]) Let {P

1

, P

2

, · · · ,

P

n

} be a set of parties. A collection A ⊆ 2

{P1,P2,··· ,Pn}

is

monotone if ∀B, C : if B ∈ A and B ⊆ C then C ∈ A. An

access structure (respectively, monotone access structure) is

a collection (resp., monotone collection) A of non-empty

subsets of {P

1

, P

2

, · · · , P

n

}, i.e., A ⊆ 2

{P1,P2,··· ,Pn}

\{∅}

The sets in A are called the authorized sets, and the sets not

in A are called the unauthorized sets.

C. LSSS and Monotone Span Programs [9]

LSSS has a close relation with a linear algebraic model

of computation called monotone span programs (MSP) [15].

It has been shown that the existence of an efﬁcient LSSS

for some access structure is equivalent to the existence of a

small monotone span program for the characteristic function

of that access structure [14], [15].

Using Access Trees. Some prior ABE works (e.g. [9])

described access formulas in binary trees. Using standard

techniques [14] one can convert any monotonic boolean

formula into an LSSS representation. An access tree of l

nodes can be converted into an LSSS matrix of l rows.

D. The Bilinear Difﬁe-Hellman (BDH) Problem

Deﬁnition 2 DBDH Assumption

The decisional BDH assumption [7], [16] is that no

probabilistic polynomial-time algorithm B can distinguish

the tuple (A = g

a

; B = g

b

; C = g

c

; e(g; g)

abc

) from the

tuple (A = g

a

; B = g

b

; C = g

c

; e(g; g)

z

) with more than a

negligible advantage.

III. PROXY RE-ENCRYPT KP-ABE CIPHERTEXT

A. Algorithms of KP-AB-PRE

In our scheme, from the system level, there are six

algorithms as follows:

Setup(λ,U). This algorithm takes the security parameter

κ and a universe description of attributes as input and then

generates a public key PK, a master secret key MSK.

Encrypt(PK;M;S

1

). This algorithm takes as input a

message M, a set of attributes S

1

, and PK. It output the

ciphertext CT.

KeyGen(MSK;(M

1

; ρ

1

). This algorithm takes as input an

access structure A

1

, the master key MSK and the public

parameters. It outputs a decryption key SK

1

.

TransformKey(MSK,S

2

). It ﬁrstly call the KeyGen al-

gorithm, output the transform key. Then call the Encrypt

algorithm to encrypt g

αd

under the attributes set S

2

.

ReEnc(TK,CT). This algorithm takes as input the TK,

CT that is associated with S

1

. At ﬁnal, it output the updated

ciphertext-CT

.

Decryption(SK

1

, SK

2

;CT, CT

**). This algorithm takes
**

as input secret key and the ciphertext. Output the message

M.

Fig.1 KP-AB-PRE System

B. Security Model for Our Scheme

Through the analysis of the above algorithms, we need to

construct two security models [12]. One is for the system

level and the other is for the private key.

47

1) Selective-Policy Model for KP-AB-PRE:

Init: The adversary declares the set of attributes S

∗

, that

he wishes to be challenged upon. Then he commits to the

challenge key policy A

∗

1

.

Setup: The challenger runs the Setup algorithm and gives

PK to A.

Phase 1: A makes the queries as follows.

− Extract(S

∗

1

): A submits an attribute list S

∗

1

for a

KeyGen query where S

∗

1

A

∗

1

, the challenger gives the

adversary the secret key SK

S

∗

1

.

− TKExtract(SK

S

∗

1

, A

∗

1

): A submits SK

S

∗

1

and access

structure A

∗

1

for a TK query, the challenger gives the

adversary the transform key TK

S

∗

1

.

Challenge: A submits two equal-length messages M

0

,

M

1

to the challenger. The challenger ﬂips a random coin

b, then Encrypt(PK,M

b

, S

∗

1

) and compute ReEnc(TK,CT),

gives the 1st level ciphertext to the adversary.

Phase 2: Phase 1 is repeated.

Guess: A outputs a guess b

of b.

The advantage of A in this game is deﬁned as

Adv

A

= |Pr[b

= b] −1/2|.

2) Selective Secret Key Security Model:

Init: The adversary declares the set of attributes S

∗

that

he wishes to be challenged upon. Then he commits to the

challenge ciphertext policy A

∗

1

.

Setup: The challenger runs the Setup algorithm and gives

PK to A.

Phase 1: A makes the queries as follows.

− Extract(S

∗

1

): A submits an attribute list S

∗

1

for a

KeyGen query where S

∗

1

= S

∗

, the challenger computes

the secret key SK

S

∗

1

.

− TKExtract(S

∗

1

, A

∗

1

): A submits S

∗

1

and access structure

A

∗

1

for a TK query, the challenger gives the adversary the

transform key TK

S

∗

1

.

Output: A outputs SK

S

∗ for the attribute list S

∗

, then

A succeeds.

The advantage of A in this game is deﬁned as Adv

A

=

Pr[Asucceeds].

C. The Proposed Scheme

The ﬁrst three algorithms is the same as in [11]:

Setup(λ,U). The setup algorithm takes as input a universe

description U and the security parameter. Let U = {0, 1}

∗

.

It then chooses a group G of prime order p, a generator g

and a hash function F that maps {0, 1}

∗

to G. Furthermore,

it randomly chooses values α ∈ Z

p

and g

1

, h ∈ G. The

authority sets α as the master secret key. MSK=α. The public

key is published as

PK = g; g

1

; g

α

; h; F

Encrypt(PK;M;S

1

). The encryption algorithm takes as

input the public parameters PK, a message M, and a set of

attributes S

1

. It chooses a random s

1

∈ Z

p

. The 2nd-level

2

ciphertext is published as CT = (S

1

;C

0

) where

CT

0

= M · e(g, h)

αs1

; C

1

= g

s1

; C

1

= g

s1

1

; {C

x

=

F(x)

s1

}

x∈S1

KeyGen(MSK;(M

1

;ρ

1

)). The KeyGen algorithm takes as

input MSK and security parameter. Furthermore, it takes as

input an LSSS access structure (M

1

; ρ

1

). The function ρ

1

associates rows of M

1

to attributes. Let M

1

be an l

1

×n

1

ma-

trix. It ﬁrst chooses a random vector

−→

v

1

= (α, y

2

, · · · , y

n

) ∈

Z

n

p

, which are used to share the encryption exponent α. For

i = 1 to l, it calculates λ

1,i

=

−→

v

1

· M

1,i

, where M

1,i

is the

vector corresponding to the ith row of M. In addition, the

algorithm chooses random r

11

, · · · , r

1l

∈ Z

p

. The SK

1

is

published as :

(D

11

= h

λ11

· F(ρ

1

(1))

r11

, R

11

= g

r11

), · · · , (D

1l

=

h

λ

1l

· F(ρ

1

(l))

r

1l

, R

1l

= g

r

1l

)

along with a description of (M

1

; ρ

1

).

TransformKey(SK

1

,(M

1

, ρ

1

)). The Transform key algo-

rithm calls the KeyGen algorithm, then chooses random d ∈

Z

p

, and compute g

λ1,id

1

, g

αd

. Then encrypt g

αd

with the pub-

lic key (attributes) of User2 using the Encrypt(PK;g

αd

; S

2

)

algorithm. It output CT

1

= En

S2

(g

αd

) and the TK as:

(D

11

= h

λ11

· F(ρ

1

(1))

r

11

· g

λ11d

1

, R

11

= g

r

11

), · · · ,

(D

1l

= h

λ

1l

· F(ρ

1

(l))

r

1l

· g

λ

1l

d

1

, R

1l

= g

r

1l

)

ReEnc(TK,CT). The ReEnc algorithm takes as input

the CT, public parameters PK. The Re-encryption algorithm

then takes as input S

1

. Suppose that S

1

satisﬁes the access

structure (M

1

; ρ

1

) and let I

1

⊂ {1, 2, · · · , l

1

} be deﬁned as

I

1

= {i : ρ

1

(i) ∈ S

1

}. Then, let {ω

i

∈ Z

p

}

i∈I1

be a set of

constants such that if λ

1i

are valid shares of any secret α

according to M

1

, then

i∈I1

ω

i

λ

1i

= α. It calculate CT

2

as follow:

CT

2

=

e(C

1

,

i∈I1

D

ωi

1i

)

i∈I1

e(R

1i

, C

ωi

ρ1(i)

)

=

e(g

s1

,

i∈I1

(h

λ1iωi

· F(ρ

1

(i))

r

1i

ωi

· g

λ1idωi

1

))

(

i∈I1

e(g

r

1i

, F(ρ

1

(i))

s1ωi

))

= e(g, h)

s1α

e(g, g

1

)

s1αd

The 1st-level CT

:

CT

0

= M · e(g, h)

αs1

; CT

1

= En

S2

(g

αd

); C

1

= g

s1

;

C

1

= g

s1

1

;CT

2

Decryption(SK

1

, SK

2

;CT,CT’). U

1

can decrypt the ci-

phertext if the attributes associated with the ciphertext satisfy

2

In our proxy re-encrypt KP-ABE CT scheme, a 2nd-level ciphertext

is an original ABE ciphertext and a 1st-level ciphertext is a transformed

ciphertext.

48

his key’s access structure, and if the attributes satisfy U

2

’

access structure he could get the message.

Dec

2

(SK

1

, CT). The decryption algorithm takes as input

a private key SK

1

and CT. Suppose that S

1

satisﬁes the ac-

cess structure (M

1

; ρ

1

). The decryption algorithm computes

ct

2

=

e(C

1

,

i∈I1

D

ωi

1i

)

i∈I1

e(R

1i

, C

ωi

ρ1(i)

)

= e(g, h)

s1α

then get M = CT

0

/ct

2

Dec

1

(SK

2

, CT

). User2 decrypts CT

1

using his secret

key sk

j

to get g

αd

. Next, calculate CT

3

= e(g

αd

, g

s1

1

) =

e(g, g

1

)

s1αd

. Finally, it calculate CT

0

· CT

3

/CT

2

= M.

D. Security Analysis

Theory 1. If there is an adversary who breaks our scheme

in selective the transform key security model to get User1’s

SK

S1

, then he can solve discrete logarithm problem.

Proof. In the security model, the simulator B runs A.

The adversary A commits to a challenge attribute list S

.

To provide a public key PK to A, B generate PK =

g; g

α

; F

1

, · · · , F

S

; h. A makes queries.

− Extract(S

∗

1

): A submits an attribute list S

∗

1

for a

KeyGen query where S

∗

1

= S

, B randomly choose

λ

11

, · · · , λ

1l

,r

11

, · · · , r

1l

, computes the secret key SK

S

∗

1

:

(D

11

= h

λ

11

·F(ρ

1

(1))

r11

, R

1

= g

r11

), · · · , (D

1l

= h

λ

1l

·

F(ρ

1

(l))

r

1l

, R

1l

= g

r

1l

)

− TKExtract(S

∗

1

,A

∗

1

): A submits an attribute list S

∗

1

for

a transform key query, B runs the TransformKey algorithm.

TK : (D

11

= h

λ

11

· F(ρ

1

(1))

r

11

· g

λ

11

d

∗

1

, R

1

= g

r

11

),· · · ,

(D

1l

= h

λ

1l

· F(ρ

1

(l))

r

1l

· g

λ

1l

d

∗

1

, R

1

= g

r

1l

)

If the proxy collude with the User2, he can get g

α

d

∗

from

User2. If he want to get SK

S

∗

1

, he must ﬁrstly compute

g

λ

11

d

∗

1

, · · · , g

λ

1l

d

∗

1

, it equal to solve discrete logarithm

problem, and he knows nothing about the random parameter

r

11

, · · · , r

1l

.

Theory 2. Our KP-ABPRE scheme is a selectively CPA-

secure construction, as the GPSW KP-ABE scheme [7] is

selectively CPA-secure.

Proof.

3

If there exists a polynomial-time adversary A,

that can break our scheme in the Selective-Policy model

with advantage , it can can play the Decisional BDH game

with advantage /2.

Init: Given a DBDH tuple [g, g

a

, g

b

, g

c

, Z]. The simulator

B runs A. A gives the key policy A

∗

1

to B.

Setup: B randomly choose α

r

←− Z

p

, g, h ∈ G set A =

g

α

**. Then it gives the PK to A.
**

Phase 1: A makes the following queries.

− Extract(S

∗

1

): A submits an attribute list S

∗

1

for a

KeyGen query where S

∗

1

A

∗

1

. B choose λ

11

, · · · , λ

1l

3

The security of the 2nd level ciphertext and CT

1

have been proved

security [11]. We only need to prove the security of 1st level ciphertext.

satisfy that ∃ ω

i

, i ∈ I

1

,

i∈I1

λ

1i

ω

i

= α

. The secret

key SK

∗

1

is:

(D

11

= h

λ

11

· F(ρ

1

(1))

r

11

, R

11

= g

r

11

),· · · ,(D

1l

= h

λ

1l

·

F(ρ

1

(l))

r

1l

, R

1l

= g

r

1l

)

− TKExtract(SK

S

∗

1

, A

∗

1

): A submits SK

S

∗

1

and access

structure A

∗

1

for a TK query. It randomly choose d

∈ Z

P

.

Finally B gives the adversary C = g

d

**and the transform
**

key TK’:

(D

11

= h

λ

11

· F(ρ

1

(1))

r

11

· g

λ

11

d

1

, R

11

= g

r

11

), · · · ,

(D

1l

= h

λ

1l

· F(ρ

1

(l))

r

1l

· g

λ

1l

d

1

, R

1l

= g

r

1l

)

Challenge: A submits two challenge messages M

0

and

M

1

. Then B ﬂips a random coin b ∈ {0, 1} and returns A

the ciphertext as CT

0

= M

b

· e(g; h)

α

s1

; B = C

1

= g

s1

1

;

CT

2

= Z · e(g; h)

α

s1

Phase 2: Phase 1 is repeated.

Guess: A outputs a guess b

**of b. B outputs 1 if and only
**

if b

**= b. The advantage of breaking DBDH assumption is
**

Adv

A

= |Pr[b

= b] −1/2| =

1

2

IV. DISCUSSIONS

A. Multi-Use

To realize the Multi-Use property, the form of the CT

1

is

CT

1

= g

αd

1

· e(g; h)

αs2

; C

2

= g

s2

; C

x

= F(x)

s2

x∈S2

. The

User2’s secret key is :(D

21

= h

λ21

· F(ρ

2

(1))

r21

, R

21

=

g

r21

), · · · , (D

2l

= h

λ

2l

· F(ρ

2

(l))

r

2l

, R

2l

= g

r

2l

) along

with a description of (M

2

; ρ

2

).

B. Re-encryption Control

Note that if the encryptor does not provide g

s1

1

in cipher-

text, the original decryption is not affected but the decryption

of re-encrypted ciphertext cannot go on. That’s because g

s1

1

is only used in decrypting re-encrypted step, so he can

control whether the ciphertext can be re-encrypted.

C. Construction of CCA-Secure KP-AB-PRE

Peikert and Waters [20] ﬁrst put forward Lossy trapdoor

functions (LTFs), in particular as a means to construct

chosen-ciphertext (CCA) secure public-key encryption (P-

KE) schemes. After that, it drawn extensive attention by a

lot of cryptography scholars. We may construct the CCA-

Secure KP-AB-PRE scheme with the help of it. We can also

reference the work of Zhao, Feng [17]. But it is not an easy

work, we need more time to research.

V. CONCLUSIONS

We present a key policy attribute-based proxy re-

encryption(KP-AB-PRE)scheme, in which the proxy can

be the cloud server. In our scheme, we use matrix access

structure to realize the key policy. The secret key size,

encryption, and decryption time scales linearly with the

complexity of the access formula. Our work result can also

inherit some properties of PRE. In addition, our scheme

49

has secret key security property, the cloud proxy cannot

obtain the secret key information even collude with the

User. Cloud computing is a promising computing paradigm

which has drawn extensive attention from both academia

and commerce. A lot of security work need to do.

ACKNOWLEDGEMENTS

We would like to thank Xiaofeng Chen for the sug-

gestions to improve this paper. Also, we are grateful to

the anonymous referees for their invaluable suggestion-

s. This work is supported by the Fundamental Research

Funds for the Central Universities (K50511010001 and

JY10000901034), the National Natural Science Foundation

of China (No.61070249) and the Graduate Student Innova-

tion Fund of Xidian University (No.K50513100015).

REFERENCES

[1] Xiaofeng Chen, Jin Li, Willy Susilo, Efﬁcient Fair Conditional

Payments for Outsourcing Computations, IEEE Transactions

on Information Forensics and Security, 7(6), pp 1687-1694,

2012.

[2] Xiaofeng Chen, Jin Li, Jianfeng Ma, Qiang Tang, Wenjing Lou,

New Algorithms for Secure Outsourcing of Modular Expo-

nentiations, ESORICS 2012, LNCS 7459, 541-556, Springer-

Verlag, 2012.

[3] T. Mather, S. Kumaraswamy, and S. Latif, Cloud Security and

Privacy. O’Reilly Media, Sep. 2009.

[4] S. Yu, C. Wang, K. Ren, and W. Lou, Achieving Secure,

Scalable, and Fine-grained Data Access Control in Cloud

Computing. INFOCOM, 2010 Proceedings IEEE, pp.321-334,

2010.

[5] M. Green, G. Ateniese, Identity-based proxy re-encryption. In:

Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp.

288-306. Springer, Heidelberg (2007).

[6] G. Ateniese, K. Fu, M. Green, S. Hohenberger, Improved proxy

re-encryption schemes with applications to secure distributed

storage. In: Proceedings of the Network and Distributed Sys-

tem Security Symposium, NDSS 2005. The Internet Society

(2005).

[7] A. Sahai, B. Waters, Fuzzy identity-based encryption. In:

Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp.

457C473. Springer, Heidelberg (2005).

[8] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-Policy

Attribute-Based Encryption. Proceedings of the 2007 IEEE

Symposium on Security and Privacy, pp.321-334, 2007.

[9] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based

encryption for ﬁnegrained access control of encrypted data. In

ACM Conference on Computer and Communications Security,

pages 89-98, 2006.

[10] M. Mambo, E. Okamoto, Proxy cryptosystems: Delegation

of the power to decrypt ciphertexts. IEICE Transactions on

Fundamentals of Electronics, Communications and Computer

Sciences 80(1), 54-63 (1997).

[11] M. Green, S. Hohenberger, and B. Waters, Outsourcing the

decryption of abe ciphertexts. In USENIX Security, pp. 523-

538, 2011.

[12] S. Luo, J. Hu, and Zh. Chen, Ciphertext Policy Attribute-

Based Proxy Re-encryption. ICICS 2010, LNCS 6476, pp. 401-

415, 2010

[13] J. Do, Y. Song, N. Park, Attribute based Proxy Re-Encryption

for Data Conﬁdentiality in Cloud Computing Environments.

2011 First ACIS/JNU International Conference on Computers,

Networks, Systems and Industrial Engineering (CNSI), p 248-

51, 2011.

[14] A. Beimel, Secure Schemes for Secret Sharing and Key Dis-

tribution. PhD thesis, Israel Institute of Technology, Technion,

Haifa, Israel, 1996.

[15] M. Karchmer and A. Wigderson, On Span Programs. In The

Eighth Annual Structure in Complexity Theory, pages 102-111,

1993.

[16] D. Boneh and X. Boyen, Efﬁcient Selective-ID Secure Identi-

ty Based Encryption Without Random Oracles. In Advances in

Cryptology-Eurocrypt, volume 3027 of LNCS, pages 223-238.

Springer, 2004.

[17] J. Zhao, D. Feng, Z. Zhang, Attribute-Based Conditional

Proxy Re-Encryption with Chosen-Ciphertext Security. Pro-

ceedings 2010 IEEE Global Communications Conference

(GLOBECOM 2010), p 6 pp., 2010.

[18] T. Mizuno, H. Doi, Hybrid Proxy Re-encryption Scheme for

Attribute-Based Encryption. Information Security and Cryp-

tology. 5th International Conference, Inscrypt 2009. Revised

Selected Papers, p 288-302, 2010.

[19] B. Waters, Ciphertext-policy attribute-based encryption: An

expressive, efﬁcient, and provably secure realization. In PKC,

pages 53-70, 2011.

[20] C. Peikert and B. Waters, Lossy trapdoor functions and

their applications. In Richard E. Ladner and Cynthia Dwork,

editors, 40th ACM STOC, pages 187-196, Victoria, British

Columbia, Canada,May 17-20, 2008. ACM Press.

Keying Li, master of Faculty of science, Xidian University,

Xi’an, China. His research interests cover the attributes

based encryption, cloud computing, lossy trapdoor function,

lossy encryption, e-cash payment.

Yinghui Zhang, received his B.S. (2007) and M.S.

(2010) from Nanchang Hangkong University and Xidian

University, both in Mathematics. Currently, He is working

toward the Ph.D. degree in Cryptography, Xidian University.

His research interests are in the areas of cloud computing

security and cryptography.

Hua Ma, professor of Faculty of science, Xidian University,

Xi’an, China. Her research directions including The Theory

and technology in e-commerce security, Design and analysis

of fast public key cryptography, Theory and technology of

the network security.

50

- IKC.pptxUploaded bydineshpilla
- 07814199Uploaded bykanna_dhasan25581
- csc4430_Network SecurityUploaded byTendy
- CRYPTOGRAPHY A means of SecurityUploaded byFego Ogwara
- How to Leak on Key UpdatesUploaded byBernardo David
- Survey of Management of Phr by Secure Cipher Text Policy Attribute Based Encryption SchemeUploaded byIJSTR Research Publication
- me218cprojectdescription1617Uploaded byapi-359991205
- ITYCUploaded byjulegodtel7
- RSAUploaded bydivine serpent
- chapter1Uploaded byRosalin Paul
- Data StorageUploaded bysivakrishna0477
- A Design of Lightweight Secure Data SharingUploaded byEditor IJTSRD
- 05 Seminar-report ThejwalUploaded byManoj Ky
- A Cryptographic Solution to the Predefind Bound of Ciphertext Classes in KACUploaded byEditor IJRITCC
- A Secure Erasure Code-Based Cloud Storage System With Secure Data ForwardingUploaded byJAYAPRAKASH
- Gpg4win Compendium EnUploaded byElvis NightShade
- Universal Playfair Cipher Using MXN MatrixUploaded byIJEC_Editor
- Crypto Slides OneUploaded byCherokee Tuazon Rodriguez
- 2Uploaded bySaiaditya Aditya
- SMU MCA Sem-5th Spring 2018 Solved AssignmentsUploaded bySolved AssignMents
- anupamasrepUploaded bydkasrvy
- Mona Secure Multi-Owner Data SharingUploaded bynandhaku2
- (391687872) Cisa -mock_examUploaded bySonalr15
- Tutorial 3Uploaded byAhmad Hidayat
- Key Management - Copy (3)Uploaded byDamnGo0d
- Cryptography.docUploaded bygerosuarezyahoo
- Improvised Steganography Technique Using LSB and RC4 for IOT ApplicationsUploaded byInternational Journal for Scientific Research and Development - IJSRD
- Enabling Secure and Efficient Ranked KeywordUploaded byImpulseTechnology
- sankarUploaded byrashmi
- Secure Comparison Shopping using Trusted Execution ModulesUploaded byVictor Costan

- 821-2845Uploaded byMohamed Adel
- Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity servicesUploaded byMohamed Adel
- Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity servicesUploaded byMohamed Adel
- 10.1.1.58Uploaded byMohamed Adel
- 10.1.1.10Uploaded byMohamed Adel
- 817-2975-11Uploaded byMohamed Adel

- UTasker CryptographyUploaded byGabi Mihaila
- Ch2-3Uploaded byHarish Kola
- Analysis CompareUploaded bysrisairampoly
- Lecture8 AES _ the Advanced Encryption StandardUploaded byamhosny64
- THE COMPLETE GUIDE TO SECURE COMMUNICATIONS WITH THE ONE TIME PAD CIPHERUploaded byTurd Ferguson
- JV6Uploaded byJagadeesh Kumar
- Wireless LanUploaded byepiii
- CSE 3043 Week 3 Lecture Cryptography Part 1Uploaded byAVD007
- CiphersUploaded bynrayam
- The Conet ProjectUploaded bySage Thomas Naumann
- Acrobat Livecycle Security WpUploaded byMau Tau
- Engl 1102 Assignment 2 Draft 2Uploaded bywmeek26
- 14403888 Model of Conventional EncryptionUploaded byMohabath Mohaunix
- Student Solution Chap 10Uploaded bypriyapati21
- crypto.pptxUploaded byshivani.cs1995
- affine cipherUploaded byJose Luis Gonzalez
- WebsphereMQv7 SecurityUploaded byharikrishna.m2008@gmail.com
- CrytographyUploaded byfast_furious_devil
- An Efficient Operator based Unicode cryptography Algorithm for TextUploaded byanvirastogi
- comp3265_2014Uploaded byMrZaggy
- Multi-Dimensional Range Query Over Encrypted DataUploaded byМилош Пантовић
- CS3235-SemI-2011-12-ProjectsUploaded byJulius Putra Tanu Setiaji
- MIT6_045JS11_lec11Uploaded byMuhammad Al Kahfi
- Assymtertic Key IntroductionUploaded byamandeep651
- CrypToolPresentationUploaded byAbhishek Kunal
- 130694539 CISSP CryptographyUploaded byonlysubas
- Chaos Based-cryptogarphy ReportUploaded byah_shali
- Bt23 and Bt24Uploaded byapi-26125777
- ch01Uploaded bySwati Choudhary
- The Anonymizer.docxUploaded byElsa Cristina David