research-article

Public Access

Fast Proxy Re-Encryption for Publish/Subscribe Systems

Authors:

Yuriy Polyakov,

Vinod VaikuntanathanAuthors Info & Claims

ACM Transactions on Privacy and Security (TOPS), Volume 20, Issue 4

Article No.: 14, Pages 1 - 31

https://doi.org/10.1145/3128607

Published: 20 September 2017 Publication History

Abstract

We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption.

We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BV-PRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations.

References

[1]

Martin Albrecht, Shi Bai, and Léo Ducas. 2016. A subfield lattice attack on overstretched NTRU assumptions. In Cryptology (CRYPTO’16). Springer, Berlin, 153--178.

Digital Library

[2]

Yoshinori Aono, Xavier Boyen, Le Trieu Phong, and Lihua Wang. 2013. Key-private proxy re-encryption under LWE. In Progress in Cryptology (INDOCRYPT’13). Springer, 1--18.

Digital Library

[3]

Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2006. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security (TISSEC) 9, 1 (2006), 1--30.

Digital Library

[4]

Aydin Aysu, Cameron Patterson, and Patrick Schaumont. 2013. Low-cost and area-efficient FPGA implementations of lattice-based cryptography. In 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST’13). 81--86.

[5]

Matt Blaze, Gerrit Bleumer, and Martin Strauss. 1998. Divertible protocols and atomic proxy cryptography. In Advances in Cryptology (EUROCRYPT’98). Springer, 127--144.

[6]

Joppe W. Bos, Kristin Lauter, Jake Loftus, and Michael Naehrig. 2013. Improved security for a ring-based fully homomorphic encryption scheme. In Cryptography and Coding, Martijn Stam (Ed.). Lecture Notes in Computer Science, Vol. 8308. Springer, Berlin, 45--64.

Digital Library

[7]

Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2014. (Leveled) fully homomorphic encryption without bootstrapping. ACM Transactions on Computation Theory (TOCT) 6, 3 (2014), 13.

Digital Library

[8]

Zvika Brakerski and Vinod Vaikuntanathan. 2011b. Efficient fully homomorphic encryption from (standard) LWE. In Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS’11). IEEE Computer Society, Washington, DC, 97--106.

Digital Library

[9]

Zvika Brakerski and Vinod Vaikuntanathan. 2011a. Fully homomorphic encryption from ring-LWE and security for key dependent messages. In Advances In Cryptology (CRYPTO’11). 505--524.

Digital Library

[10]

Johannes Buchmann, Florian Göpfert, Tim Güneysu, Tobias Oder, and Thomas Pöppelmann. 2016. High-performance and lightweight lattice-based public-key encryption. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security (IoTPTS’16). 2--9.

Digital Library

[11]

Ran Canetti and Susan Hohenberger. 2007. Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 2007 ACM Conference on Computer and Communications Security, (CCS’07), Peng Ning, Sabrina De Capitani di Vimercati, and Paul F. Syverson (Eds.). ACM, 185--194.

Digital Library

[12]

Yuanmi Chen and Phong Q. Nguyen. 2011. BKZ 2.0: Better lattice security estimates. In Advances In Cryptology (ASIACRYPT’11). Vol. 7073. Springer, 1--20.

Digital Library

[13]

Jung Hee Cheon, Jinhyuck Jeong, and Changmin Lee. 2016. An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS Journal of Computation and Mathematics 19 (2016), 255--266. Issue Special Issue A.

[14]

Jean-François Dhem and Jean-Jacques Quisquater. 2000. Recent results on modular multiplications for smart cards. In Smart Card Research and Applications, Jean-Jacques Quisquater and Bruce Schneier (Eds.). Lecture Notes in Computer Science, Vol. 1820. Springer, Berlin, 336--352.

Digital Library

[15]

Junfeng Fan and Frederik Vercauteren. 2012. Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2012/144. http://eprint.iacr.org/2012/144.

[16]

Xiong Fan and Feng-Hao Liu. 2016. Various proxy re-encryption schemes from lattices. Cryptology ePrint Archive, Report 2016/278. http://eprint.iacr.org/2016/278.

[17]

Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University, Stanford, CA. Advisor(s) Boneh, Dan. AAI3382729.

Digital Library

[18]

Craig Gentry, Shai Halevi, and Nigel Smart. 2012. Homomorphic evaluation of the AES circuit. In Advances in Cryptology (CRYPTO’12), Reihaneh Safavi-Naini and Ran Canetti (Eds.). Lecture Notes in Computer Science, Vol. 7417. Springer, Berlin, 850--867.

Digital Library

[19]

Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 1998. NTRU: A ring-based public key cryptosystem. In Algorithmic Number Theory, Joe P. Buhler (Ed.). Lecture Notes in Computer Science, Vol. 1423. Springer, Berlin, 267--288.

Digital Library

[20]

Anca-Andreea Ivan and Yevgeniy Dodis. 2003. Proxy cryptography revisited. In Proceedings of the Network and Distributed System Security Symposium (NDSS’03).

[21]

Elena Kirshanova. 2014. Proxy re-encryption from lattices. In Public-Key Cryptography (PKC’14). Springer, 77--94.

Digital Library

[22]

Richard Lindner and Chris Peikert. 2011. Better key sizes (and attacks) for LWE-based encryption. In CT-RSA. 319--339.

Digital Library

[23]

Zhe Liu, Hwajeong Seo, Sujoy Sinha Roy, Johann Großschädl, Howon Kim, and Ingrid Verbauwhede. 2015. Efficient Ring-LWE Encryption on 8-Bit AVR Processors. Springer, Berlin, 663--682.

[24]

Adriana López-Alt, Eran Tromer, and Vinod Vaikuntanathan. 2013. Multikey fully homomorphic encryption and on-the-fly multiparty computation. IACR Cryptology ePrint Archive 2013 (2013), 94. http://eprint.iacr.org/2013/094 Full Version of the STOC 2012 paper with the same title.

[25]

Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2010. On ideal lattices and learning with errors over rings. In Advances In Cryptology (EUROCRYPT’10). Springer, Berlin, 1--23.

Digital Library

[26]

Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013. A toolkit for ring-LWE cryptography. In Advances In Cryptology (EUROCRYPT’13). Springer, Berlin, 35--54.

[27]

Daniele Micciancio. 2010. Duality in lattice cryptography. In Public Key Cryptography (PKC’10). Invited talk.

[28]

Daniele Micciancio. 2011. Lattice-based cryptography. In Encyclopedia of Cryptography and Security. Springer, 713--715.

[29]

Daniele Micciancio and Chris Peikert. 2012. Trapdoors for lattices: Simpler, tighter, faster, smaller. In Advances In Cryptology (EUROCRYPT’12). 700--718.

Digital Library

[30]

Daniele Micciancio and Oded Regev. 2007. Worst-case to average-case reductions based on gaussian measures. SIAM Journal on Computing 37, 1 (2007), 267--302. Preliminary version in FOCS 2004.

Digital Library

[31]

Daniele Micciancio and Oded Regev. 2009. Lattice-based cryptography. In Post Quantum Cryptography. Springer, 147--191.

[32]

David Nuñez, Isaac Agudo, and Javier Lopez. 2015. NTRUReEncrypt: An efficient proxy re-encryption scheme based on NTRU. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS’15). 179--189.

Digital Library

[33]

Chris Peikert. 2010. An efficient and parallel gaussian sampler for lattices. In Advances in Cryptology (CRYPTO’10), Tal Rabin (Ed.). Lecture Notes in Computer Science, Vol. 6223. Springer, Berlin, 80--97.

Digital Library

[34]

Le Trieu Phong, Lihua Wang, Yoshinori Aono, Manh Ha Nguyen, and Xavier Boyen. 2016. Proxy re-encryption schemes with key privacy from LWE. Cryptology ePrint Archive, Report 2016/327. (2016). http://eprint.iacr.org/2016/327.

[35]

Oded Regev. 2004. Quantum computation and lattice problems. SIAM Journal on Computing 33, 3 (2004), 738--760. Preliminary version in FOCS 2002.

Digital Library

[36]

Damien Stehlé and Ron Steinfeld. 2011. Making NTRU as secure as worst-case problems over ideal lattices. In Advances in Cryptology (EUROCRYPT’11), Kenneth G. Paterson (Ed.). Lecture Notes in Computer Science, Vol. 6632. Springer, Berlin, 27--47.

Digital Library

[37]

Joop van de Pol. 2012. Quantifying the security of lattice-based cryptosystems in practice. In Mathematical and Statistical Aspects of Cryptography.

Cited By

Shen BYang JYang FXu Y(2024)Post-quantum secure and efficient outsourced machine learningFourth International Conference on Machine Learning and Computer Application (ICMLCA 2023)10.1117/12.3029427(150)Online publication date: 22-May-2024
https://doi.org/10.1117/12.3029427
Luo FWang HSusilo WYan XZheng X(2024)Public Trace-and-Revoke Proxy Re-Encryption for Secure Data Sharing in CloudsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.335724019(2919-2934)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3357240
Li CChen RWang YXing QWang B(2024)REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.335381121:5(4526-4542)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1109/TDSC.2024.3353811
Show More Cited By

Index Terms

Fast Proxy Re-Encryption for Publish/Subscribe Systems
1. Security and privacy

Recommendations

Certificateless Proxy Re-Encryption Without Pairing: Revisited
SCC '15: Proceedings of the 3rd International Workshop on Security in Cloud Computing

Proxy Re-Encryption was introduced by Blaze, Bleumer and Strauss to efficiently solve the problem of delegation of decryption rights. In proxy re-encryption, a semi-honest proxy transforms a ciphertext intended for Alice to a ciphertext of the same ...
Proxy Re-encryption from CLE to CBE
CIS '10: Proceedings of the 2010 International Conference on Computational Intelligence and Security

In 1998, Blaze, Bleumer, and Strauss propose a kind of cryptographic primitive called proxy re-encryption. In proxy re-encryption, a proxy can transform a ciphertext computed under Alice’s public key into one that can be opene under Bob’s decryption key. ...
Chosen-Ciphertext Secure Proxy Re-encryption without Pairings
CANS '08: Proceedings of the 7th International Conference on Cryptology and Network Security

In a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 20, Issue 4

November 2017

150 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3143524

Editor:
David Basin
ETH Zurich, Switzerland

Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 September 2017

Accepted: 01 June 2017

Revised: 01 May 2017

Received: 01 December 2015

Published in TOPS Volume 20, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Army Research Laboratory (ARL)
Intelligence Advanced Research Projects Activity (IARPA)
NSF
Simons Investigator Award Agreement
Alfred P. Sloan Research Fellowship, the Microsoft Faculty Fellowship, the NEC Corporation, and a Steven and Renee Finn Career Development Chair from MIT
Office of the Director of National Intelligence (ODNI)
Defense Advanced Research Projects Agency (DARPA)
National Security Agency

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

51
Total Citations
View Citations
1,089
Total Downloads

Downloads (Last 12 months)202
Downloads (Last 6 weeks)23

Reflects downloads up to 01 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shen BYang JYang FXu Y(2024)Post-quantum secure and efficient outsourced machine learningFourth International Conference on Machine Learning and Computer Application (ICMLCA 2023)10.1117/12.3029427(150)Online publication date: 22-May-2024
https://doi.org/10.1117/12.3029427
Luo FWang HSusilo WYan XZheng X(2024)Public Trace-and-Revoke Proxy Re-Encryption for Secure Data Sharing in CloudsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.335724019(2919-2934)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3357240
Li CChen RWang YXing QWang B(2024)REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.335381121:5(4526-4542)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1109/TDSC.2024.3353811
Wu LFu SLuo YYan HShi HXu M(2024)A Robust and Lightweight Privacy-Preserving Data Aggregation Scheme for Smart GridIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325259321:1(270-283)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3252593
Xiao XZhang YZhang LHua ZLiu ZHuang J(2024)FairCMS: Cloud Media Sharing With Fair Copyright ProtectionIEEE Transactions on Computational Social Systems10.1109/TCSS.2024.337445211:5(6192-6209)Online publication date: Oct-2024
https://doi.org/10.1109/TCSS.2024.3374452
Han YLi YWang CWu X(2024)Two-Level Identity-Based Encryption Scheme for Internet of Things2024 36th Chinese Control and Decision Conference (CCDC)10.1109/CCDC62350.2024.10587528(3870-3875)Online publication date: 25-May-2024
https://doi.org/10.1109/CCDC62350.2024.10587528
Reddy KReddy DBabu PRaman G R AS B(2024)A Novel Proxy Re-Encryption Technique for Secure Data Sharing in Cloud Environment2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS)10.1109/ADICS58448.2024.10533626(1-5)Online publication date: 18-Apr-2024
https://doi.org/10.1109/ADICS58448.2024.10533626
Li DKe XZhang XZhang Y(2024)A trusted and regulated data trading scheme based on blockchain and zero‐knowledge proofIET Blockchain10.1049/blc2.12070Online publication date: 11-Mar-2024
https://doi.org/10.1049/blc2.12070
Wang YWang M(2024)Improved AB-CPREs with Revocability and HRA Security under LWEIET Information Security10.1049/2024/43338832024Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1049/2024/4333883
Eltayieb NElhabob RAbdelgader ALiao YLi FZhou S(2024)Certificateless Proxy Re-encryption with Cryptographic Reverse Firewalls for Secure Cloud Data SharingFuture Generation Computer Systems10.1016/j.future.2024.08.002Online publication date: Aug-2024
https://doi.org/10.1016/j.future.2024.08.002
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents