Research On Proxy Re-encryption Cryptography And Its Application

Proxy re-encryption(PRE) proposed by Blaze, Bleumer and Strauss, is a novel type of public key encryption with secure data transformation, which has become a research hotspot in the field of cryptography and information security from the beginning of its birth. In the proxy re-encryption cryptosystem, the proxy plays a role of ciphertext transformation and transforms a ciphertext under a delegator’s public key into another ciphertext under a delegatee’s public key on the same message. Then the delegatee can decrypt the transformed ciphertext by his own private key. During the ciphertext transformation, the proxy needs a transformation key(re-encryption key) generated by the delegator for the delegatee and the proxy cannot further acquire any useful information. In this thesis, we make an in-depth study on proxy re-encryption and its application and achieve the following contributions:(1) This thesis makes a survey on proxy re-encryption. This thesis elaborates its definitions, properties and research progress. Furthermore, this thesis compares and comments the existing schemes in terms of property, performance and security.(2) The existing certificateless proxy re-encryption schemes are few and more of them are relying on bilinear pairings. Therefore, this thesis constructs a new certificateless proxy re-encryption scheme without pairings and gives a stronger security model in which a Type I adversary cannot be allowed to access the master key but allowed to replace public keys with values of its choice including the target identity and a Type II adversary is allowed to access the master key but cannot be allowed to replace public keys of entities. In this security model, the proposed certificateless proxy re-encryption scheme is provable secure against chosen ciphertext attacks. Subseq uently, this thesis compares the proposed scheme with other certificateless proxy re-encryption schemes. The analysis results demonstrate the proposed scheme is more secure and efficient.(3) In the cryptosystem, the key exposure problem becomes increasingly serious and one of the most destructiveness attacks. In order to solve the key exposure problem in the proxy re-encryption, this thesis introduces key- insulated technology and further first proposes the notion of certificate-based key- insulatedproxy re-encryption with key- insulated security. In subsequent, this thesis constructs the first certificate-based key- insulated proxy re-encryption scheme and analyzes the correctness of the proposed scheme.(4) Proxy re-encryption can be used to achieve secure data shar ing in the cloud environment. In the light of the academic and application value of proxy re encryption, adopting the proposed certificateless proxy re-encryption scheme, this thesis designes a secure and efficient cloud-based data sharing protocol. This protocol satisfies chosen-ciphertext security so that it ensures data storage and sharing security. The proposed protocol also possesses properties of unidirectionality, single- use, non- interactive, non-transitive and collusion-resistance. Then this thesis analyzes the computational cost and communicational overhead of the proposed protocol for data owners, cloud service provider and data recipients. The results demonstrate the proposed cloud-based data sharing protocol meets requirements of practical application.