Research On Security Provable Proxy Re-encryption And Its Application

Because of achieving secure ciphertext transformation,the proxy re-encryption(PRE)has attracted much attention and is widely used in cloud computing,Internet of Vehicles,Internet of Things,and other scenarios to achieve flexible and secure access authorization.However,most of the proxy re-encryption schemes are designed for the single cryptosystem and cannot achieve ciphertext transformation between different cryptosystems,which are not suitable for the heterogeneous scenario.Moreover,the existing puncturable proxy re-encryption scheme does not only suffer from the burden of certificate management,but also merely achieves selective security based on the non-standard assumption.To solve the mentioned-above problems,this thesis makes in-depth research on the construction and application of proxy re-encryption cryptosystem,and the contribution can be briefly summarized as follows:(1)This thesis proposes a puncturable identity-based proxy re-encryption scheme for securing group message,and a secure group messaging protocol that supports forward security is constructed based on the proposed scheme.By introducing a message server as the proxy to transform ciphertext for each participant in the group,the proposed scheme delegates the heavy computation overhead to the message server with abundant resources.Most importantly,the proposed scheme enables the recipient to revoke its private key's decryption capability of the specific messages without affecting other messages.Moreover,the identity-based mechanism eliminates the burden of certificate management as well as improves efficiency.The proposed scheme achieves adaptive security in the random oracle model.Eventually,theoretical and experimental analysis demonstrate that the proposed scheme has an excellent performance in efficiency and practicality.(2)This thesis proposes an efficient and unbounded cross-domain proxy re-encryption scheme,which enables the delegator to authorize the semi-trusted cloud server to convert one ciphertext of an identity-based encryption(IBE)scheme to another ciphertext of an attribute-based encryption(ABE)scheme.As the first scheme to achieve the feature mentioned above,the proposed scheme not only enjoys constant computation overhead in the encryption,decryption,and re-encryption phases when the quantity of attributes increases,but is also unbounded such that the new attributes or roles could be adopted into the system anytime.Furthermore,with the help of dual system encryption methodology,the proposed scheme is proved to be adaptively secure.Eventually,detailed theoretical and experimental analysis proved that the proposed scheme enjoys excellent performance in efficiency and practicality in the cloud computing scenario.