The Research And Implementation Of Hidden Ciphertext-policy Attribute-based Proxy Re-encryption Scheme

Attribute-based encryption is a new public key crypto system,which takes the combination of attributes as access policy to encrypt data.With the property of one-to-many encryption,fine-grained access control and so on,attribute-based encryption provides a good solution to storage security in the cloud environment as a new public key crypto system.Therefore,this kind of encryption schemes has received extensive attention.Attribute-based proxy re-encryption allows a data owner to delegate the capability of transforming a ciphertext under an access policy to another one with the same plaintext but different access policy to a semi-trusted proxy.No sensitive dada will be recovered during the whole process.In this way,the computation cost of the user is reduced on the premise of ensuring safety,which makes the encryption schemes more practical.What's more,attribute-based proxy re-encryption also gives another solution to update the policy of the ciphertext.However,there are still some limitations in current attribute-based proxy re-encryption schemes.Firstly,the access policy exists in plaintext form together with the ciphertext,however,the access policy in most cases is made up of users' sensitive information such as identity and position.This may lead to great privacy data leakage risk.Secondly,in terms of security,most of the schemes were proved security under the generic group model or were only proved selectively secure.At last,although the efficiency has improved a lot compared with traditional attribute-based encryption schemes,there are still some points which could be further improved.The main contribution of this paper are as follows.1.A new attribute-based proxy re-encryption scheme has been proposed,with the introduction of inner product encryption,where the secret key and the ciphertext are connected with vectors,the policy in the ciphertext has been hidden.2.To improve the efficiency in encryption/decryption algorithms,online/offline encryption has been introduced to divide the encryption process into two stages to separate modules with heavy computation.Outsourced decryption has also been introduced in this paper to make heavy computation modules execute on the third-party proxy.3.Dual system has been introduced during the proof of security process.By using the intermediate ciphertext and key,the scheme has been proved fully secure through the reduction of the security games under the bilinear groups of composite order.4.Algorithms in this paper have been implemented on android and amazon AWS platform,the whole system has been divided into several parts,including the encryption/decryption part,the proxy part,the online/offline encryption part and the outsourced decryption part.What's more,corresponding SDKs and restful APIs have been provided.5.By analyzing the computational complexity of the scheme,and the comparison of performance test with other schemes,the efficiency of the 0)9)algorithm has improved by more than 30% and the encryption algorithm has improved by more than 10%.