Weighted Attribute-Based Proxy Re-Encryption Scheme with Distributed Multi-Authority Attributes
Abstract
:1. Introduction
- Incorporating blockchain and attribute-based proxy re-encryption achieves fine-grained data access control and storage segregation, transferring access control from the centralized CSP to a decentralized blockchain for enhanced data security.
- It improves traditional algorithms by proposing a joint key generation algorithm involving multiple authorities and authorization centers, mitigating a single authorization center’s single-point failure.
- It proposes weighted attribute representation for access policies, addressing the single attribute “satisfaction/non-satisfaction” limitation, simplifying policies, reducing ciphertext space, and improving encryption speed.
- Experimental validation of the WAMA-PRE scheme’s storage and time efficiency performance. The scheme’s robust security against chosen-plaintext attacks is also verified under the random oracle model.
2. Related Work
3. Method
3.1. Model Design
3.2. Algorithm Design
- GlobalSetup(1k) → MPK,MSK. Taking the security parameter 1k as input, it outputs the system public key MPK and the system master key MSK.
- AASetup(MPK, Ui) → PKi,j,SKi,j. Taking the system public key MPK and the attribute set Ui managed by the attribute authority AAi as input, it generates the attribute public key PKi,j and the attribute private key SKi,j for each attribute attrj in Ui.
- KeyGen(MSK, USKi, S) → USK. Taking the system master key MSK, user key component USKi, and attribute set S as input, it outputs the user key USK corresponding to the attribute set S.
- Encrypt(MPK, (M, ρ), m) → CT. Taking the system public key MPK, weighted access structure (M, ρ), and plaintext m as input, it outputs the ciphertext CT.
- ReKeyGen(MPK, USK, (M′,ρ′)) → RKS→(M′,ρ′). Taking the system public key MPK, user key USK, and weighted access structure (M′,ρ′) as input, it outputs the re-encryption key RKS→(M′,ρ′).
- ReEncrypt(MPK, RKS→(M′,ρ′), CT) →CT’. Taking the system public key MPK, re-encryption key RKS→(M′,ρ′), and ciphertext CT as input, if the attribute set S corresponding to the user key USK satisfies the minimum weight of the access structure, i.e., S | = (M, ρ), it outputs the re-encrypted ciphertext CT′; otherwise, it outputs ⊥, indicating decryption failure.
- Decrypt(MPK, USK, CT) → m. Taking the system public key MPK, user key USK, and ciphertext CT as input, if S | = (M, ρ), it outputs m; otherwise, it outputs ⊥.
- DecryptR(MPK,USK,CT′) → m. Taking the system public key MPK, user key USK, and re-encrypted ciphertext CT′ as input, if S′ | = (M′,ρ′), it outputs the plaintext information m; otherwise, it outputs ⊥.
3.3. WAMA-PRE Execution Policy
- System Initialization. In the blockchain system, the CA first executes the GlobalSetup function, taking the security parameter 1k as input, and selects two cyclic groups, G and GT, of prime order p, where and are generators of the group G. It randomly chooses , and is a bilinear map. The hash functions are and , resistant to collusion. Equations (1) and (2) show that it outputs the system master key MSK and the system public key MPK.
- Data Encryption and Ciphertext On-Chaining. For the data file File of the DO in the blockchain network, a globally unique file number UFID is generated. A random number is chosen, where GT is a cyclic group of prime order p, and the symmetric key is generated. The symmetric encryption algorithm is run, taking the symmetric key key and the data file File as input to generate the data ciphertext CF.
- 3.
- Data Ciphertext Retrieval and Decryption. In the blockchain network, authorized users can freely query the metadata metadata and use the queried metadata to retrieve the corresponding key ciphertext CT and data ciphertext CF from the cloud storage system. For example, let Alice’s key be USKAlice. An authorized user calls the Decrypt function, which inputs the original key ciphertext. The specific process is as follows: For and I ⊆ {1, …, l}, if {λi} is a valid share of the secret s according to the matrix M, and the user attribute set S1 = {“Attr1”, “Attr2”, “Attr6: 3”} is a subset of the weighted access policy WT, where the attributes “Attr1” and “Attr2” satisfy the (“Attr1” AND “Attr2”) policy, and the weight of “Attr6: 3” is 3, which is greater than the minimum weight of “Attr6” in the access policy, i.e., 1. If the attribute set SAlice satisfies the access structure , i.e., SAlice | = , then there exists a constant set such that Equation (9) holds. The intermediate variable is computed using Equation (10).
- 4.
- Re-encryption of Ciphertext. When unauthorized users fail to decrypt, they cannot obtain the data file. In a blockchain network, when an unauthorized user attempts to obtain data, they first need to call a smart contract to acquire the metadata and then send a data-sharing request to an authorized user. This request information includes the metadata to be obtained and the unauthorized user’s GID. Upon receiving the request, if the authorized user agrees to share the data, they query the attribute information of the unauthorized user from the CA using their GID. A new weighted access policy NWT{“GID2” AND “Attr6:1” AND (“Attr1” AND “Attr2”)} is defined, where GID2 is the globally unique identifier of the unauthorized user, and the access policy restricts access to only this user. As shown in Figure 4, the re-encryption key generation algorithm reKeyGen is run, taking the authorized user’s key USK and the new weighted access policy NWT as input and outputting the re-encryption key RK.
4. Results
4.1. Performance Analysis with Different Number of Authorities
4.1.1. Time Overhead
4.1.2. Space Overhead
4.1.3. Scalability Analysis
4.2. Performance Analysis with Different Number of Attributes
4.2.1. Time Overhead
4.2.2. Space Overhead
4.2.3. Scalability Analysis
5. Discussion
5.1. Quantitative Analysis
5.2. Theoretical Analysis
5.2.1. Functional Comparison
5.2.2. Storage Space Comparison
5.2.3. Security Model Discussion
5.2.4. Security Proof
- Re-encryption Key Query : 𝓡 queries with an attribute set S2* and a weighted access structure (M, ρ). If S2*| ≠ (M*, ρ*), 𝓒 first runs to obtain a user secret key and then outputs a re-encryption key in two steps:
- Step 1: 𝓒 chooses . 𝓒 computes the re-encryption key , where is the output of querying H1 on x, for , and constructs .
- Step 2: 𝓒 returns to 𝓡; otherwise, 𝓒 randomly outputs {0, 1} and aborts the game.
- Challenge: 𝓡 sends two equal-length messages , to 𝓒. 𝓒 randomly chooses and responds as follows: For each row i of M*, 𝓒 sets x* = ρ*(i) and queries on x* to obtain the tuple . 𝓒 chooses and uses vector sharing to share the secret . For all , where Ri is the set of all i ≠ k but ρ*(i) = ρ*(k). 𝓒 sets Ai* and Bi* using Equations (27) and (28).
- If , then CT* is a valid ciphertext.
- Query Phase II: 𝓡 repeats the operations of Query Phase I.
- Guess: 𝓡 guesses . If , then 𝓒 outputs one and obtains ; otherwise, 𝓒 outputs 0, where T is a random element . The following process calculates the probability of 𝓒’s success.
- When the output is 1, i.e., , 𝓡 obtains a valid ciphertext. It is known that 𝓡 can win the game with a non-negligible advantage, so .
- When the output is 0, i.e., T = R, 𝓡 cannot obtain a valid ciphertext, so . Therefore, 𝓒’s advantage in solving the decisional q-parallel BDHE problem is calculated as shown in Equation (29).
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Ma, Z.; Wang, X.; Jain, D.K.; Khan, H.; Gao, H.; Zhen, W. A blockchain-based trusted data management scheme in edge computing. IEEE Trans. Ind. Inform. 2019, 16, 2013–2021. [Google Scholar]
- Yang, Y.; Wu, J.; Long, C.; Liang, W.; Lin, Y.-B. Blockchain-Enabled Multiparty Computation for Privacy Preserving and Public Audit in Industrial IoT. IEEE Trans. Ind. Inform. 2022, 18, 9259–9267. [Google Scholar] [CrossRef]
- Alzubi, J.A.; Alzubi, O.A.; Singh, A.; Ramachandran, M. Cloud-IIoT-based electronic health record privacy-preserving by CNN and blockchain-enabled federated learning. IEEE Trans. Ind. Inform. 2022, 19, 1080–1087. [Google Scholar] [CrossRef]
- Yi, W.; Wang, C.; Xie, Q.; Zhao, Y.; Jia, J. PSBF: p-adic Integer Scalable Bloom Filter. Sensors 2023, 23, 7775. [Google Scholar] [CrossRef] [PubMed]
- Kaufman, L.M. Data security in the world of cloud computing. IEEE Secur. Priv. 2009, 7, 61–64. [Google Scholar] [CrossRef]
- Takabi, H.; Joshi, J.B.; Ahn, G.-J. Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 2010, 8, 24–31. [Google Scholar] [CrossRef]
- Li, H.; Yu, K.; Liu, B.; Feng, C.; Qin, Z.; Srivastava, G. An efficient ciphertext-policy weighted attribute-based encryption for the internet of health things. IEEE J. Biomed. Health Inform. 2021, 26, 1949–1960. [Google Scholar] [CrossRef] [PubMed]
- Ashrif, F.F.; Sundararajan, E.A.; Hasan, M.K.; Ahmad, R.; Abdullah, S.; Wazirali, R. Secured lightweight authentication for 6LoWPANs in machine-to-machine communications. Comput. Secur. 2024, 145, 104002. [Google Scholar] [CrossRef]
- AlSkaif, T.; Crespo-Vazquez, J.L.; Sekuloski, M.; van Leeuwen, G.; Catalao, J.P. Blockchain-based fully peer-to-peer energy trading strategies for residential energy systems. IEEE Trans. Ind. Inform. 2021, 18, 231–241. [Google Scholar] [CrossRef]
- Zheng, H.; Shao, J.; Wei, G. Attribute-based encryption with outsourced decryption in blockchain. Peer-to-Peer Netw. Appl. 2020, 13, 1643–1655. [Google Scholar] [CrossRef]
- Zhao, Y.; Li, Q.; Yi, W.; Xiong, H. Agricultural IoT Data Storage Optimization and Information Security Method Based on Blockchain. Agriculture 2023, 13, 274. [Google Scholar] [CrossRef]
- Ba, Y.; Hu, X.; Chen, Y.; Hao, Z.; Li, X.; Yan, X. A Blockchain-Based CP-ABE Scheme with Partially Hidden Access Structures. Secur. Commun. Netw. 2021, 1, 4132597. [Google Scholar] [CrossRef]
- Wang, H.; Wang, Q.; He, D. Blockchain-based private provable data possession. IEEE Trans. Dependable Secur. Comput. 2019, 18, 2379–2389. [Google Scholar] [CrossRef]
- Li, F.; Liu, K.; Zhang, L.; Huang, S.; Wu, Q. Ehrchain: A blockchain-based ehr system using attribute-based and homomorphic cryptosystem. IEEE Trans. Serv. Comput. 2021, 15, 2755–2765. [Google Scholar] [CrossRef]
- Fan, K.; Pan, Q.; Zhang, K.; Bai, Y.; Sun, S.; Li, H.; Yang, Y. A secure and verifiable data sharing scheme based on blockchain in vehicular social networks. IEEE Trans. Veh. Technol. 2020, 69, 5826–5835. [Google Scholar] [CrossRef]
- Naz, M.; Al-zahrani, F.A.; Khalid, R.; Javaid, N.; Qamar, A.M.; Afzal, M.K.; Shafiq, M. A secure data sharing platform using blockchain and interplanetary file system. Sustainability 2019, 11, 7054. [Google Scholar] [CrossRef]
- Sahai, A.; Waters, B. Fuzzy identity-based encryption. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 22–26 May 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 457–473. [Google Scholar]
- Goyal, V.; Pandey, O.; Sahai, A.; Waters, B. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 30 October–3 November 2006; Association for Computing Machinery: New York, NY, USA; pp. 89–98. [Google Scholar]
- Bethencourt, J.; Sahai, A.; Waters, B. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE symposium on security and privacy (SP’07), Oakland, CA, USA, 20–23 May 2007; IEEE: New York, NY, USA; pp. 321–334. [Google Scholar]
- Wang, S.; Zhou, J.; Liu, J.K.; Yu, J.; Chen, J.; Xie, W. An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 2016, 11, 1265–1277. [Google Scholar] [CrossRef]
- Li, J.; Shi, Y.; Zhang, Y. Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage. Int. J. Commun. Syst. 2017, 30, e2942. [Google Scholar] [CrossRef]
- Feng, T.; Yin, X.; Lu, Y.; Fang, J.; Li, F. A Searchable CP-ABE Privacy Preserving Scheme. Int. J. Netw. Secur. 2019, 21, 680–689. [Google Scholar]
- Ge, C.; Susilo, W.; Baek, J.; Liu, Z.; Xia, J.; Fang, L. Revocable attribute-based encryption with data integrity in clouds. IEEE Trans. Dependable Secur. Comput. 2021, 19, 2864–2872. [Google Scholar] [CrossRef]
- Yang, F.; Liu, L.; You, W.; Jing, J. You Are Revoked and Out: Towards Directly Revocable Ciphertext-Policy Attribute-Based Encryption. Secur. Commun. Netw. 2022, 1, 6074322. [Google Scholar] [CrossRef]
- Zhang, W.; Zhang, Z.; Xiong, H.; Qin, Z. PHAS-HEKR-CP-ABE: Partially policy-hidden CP-ABE with highly efficient key revocation in cloud data sharing system. J. Ambient Intell. Humaniz. Comput. 2022, 13, 613–627. [Google Scholar] [CrossRef]
- Ateniese, G.; Fu, K.; Green, M.; Hohenberger, S. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 2006, 9, 1–30. [Google Scholar] [CrossRef]
- Green, M.; Ateniese, G. Identity-based proxy re-encryption. In Proceedings of the Applied Cryptography and Network Security: 5th International Conference, ACNS 2007, Zhuhai, China, 5–8 June 2007; Springer: Berlin/Heidelberg, Germany, 2007; pp. 288–306. [Google Scholar]
- Weng, J.; Deng, R.H.; Ding, X.; Chu, C.-K.; Lai, J. Conditional proxy re-encryption secure against chosen-ciphertext attack. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, New York, NY, USA, 10–12 March 2009; pp. 322–332. [Google Scholar]
- Liang, X.; Cao, Z.; Lin, H.; Shao, J. Attribute based proxy re-encryption with delegating capabilities. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, New York, NY, USA, 10–12 March 2009; pp. 276–286. [Google Scholar]
- Luo, S.; Hu, J.; Chen, Z. Ciphertext policy attribute-based proxy re-encryption. In Proceedings of the Information and Communications Security: 12th International Conference, ICICS 2010, Barcelona, Spain, 15–17 December 2010; Springer: Berlin/Heidelberg, Germany, 2010; pp. 401–415. [Google Scholar]
- Mizuno, T.; Doi, H. Hybrid proxy re-encryption scheme for attribute-based encryption. In Proceedings of the Information Security and Cryptology: 5th International Conference, Inscrypt 2009, Beijing, China, 12–15 December 2009; Springer: Berlin/Heidelberg, Germany, 2010; pp. 288–302. [Google Scholar]
- Chase, M. Multi-authority attribute based encryption. In Proceedings of the Theory of Cryptography: 4th Theory of Cryptography Conference, TCC 2007, Amsterdam, The Netherlands, 21–24 February 2007; Springer: Berlin/Heidelberg, Germany, 2007; pp. 515–534. [Google Scholar]
- Lin, H.; Cao, Z.; Liang, X.; Shao, J. Secure threshold multi authority attribute based encryption without a central authority. In Proceedings of the Progress in Cryptology-INDOCRYPT 2008: 9th International Conference on Cryptology in India, Kharagpur, India, 14–17 December 2008; Springer: Berlin/Heidelberg, Germany, 2008; pp. 426–436. [Google Scholar]
- Lewko, A.; Waters, B. Decentralizing attribute-based encryption. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, 15–19 May 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 568–588. [Google Scholar]
- Liu, J.; Li, Y.; Sun, R.; Liu, L.; Zhang, N.; Yu, F.R.; Leung, V.C. SDSS: Secure Data Sharing Scheme for Edge Enabled IoV Networks. IEEE Trans. Intell. Transp. Syst. 2023, 24, 12038–12049. [Google Scholar] [CrossRef]
- Liu, X.; Ma, J.; Xiong, J.; Li, Q.; Ma, J. Ciphertext-policy weighted attribute based encryption for fine-grained access control. In Proceedings of the 2013 5th International Conference On Intelligent Networking and Collaborative Systems, Washington, DC, USA, 9–11 September 2013; pp. 51–57. [Google Scholar]
- Liu, X.; Ma, J.; Xiong, J.; Liu, G. Ciphertext-Policy Hierarchical Attribute-based Encryption for Fine-Grained Access Control of Encryption Data. Int. J. Netw. Secur. 2014, 16, 437–443. [Google Scholar]
- Fan, C.-I.; Huang, V.S.-M.; Ruan, H.-M. Arbitrary-state attribute-based encryption with dynamic membership. IEEE Trans. Comput. 2013, 63, 1951–1961. [Google Scholar] [CrossRef]
- Wang, S.; Liang, K.; Liu, J.K.; Chen, J.; Yu, J.; Xie, W. Attribute-based data sharing scheme revisited in cloud computing. IEEE Trans. Inf. Forensics Secur. 2016, 11, 1661–1673. [Google Scholar] [CrossRef]
- Attrapadung, N.; Hanaoka, G.; Ogawa, K.; Ohtake, G.; Watanabe, H.; Yamada, S. Attribute-based encryption for range attributes. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 2018, 101, 1440–1455. [Google Scholar] [CrossRef]
- Xue, K.; Hong, J.; Xue, Y.; Wei, D.S.; Yu, N.; Hong, P. CABE: A new comparable attribute-based encryption construction with 0-encoding and 1-encoding. IEEE Trans. Comput. 2017, 66, 1491–1503. [Google Scholar] [CrossRef]
- Li, W.; Ni, W.; Liu, D.; Liu, R.P.; Luo, S. Unified ciphertext-policy weighted attribute-based encryption for sharing data in cloud computing. Appl. Sci. 2018, 8, 2519. [Google Scholar] [CrossRef]
- Yang, X.; Li, W.; Fan, K. A revocable attribute-based encryption EHR sharing scheme with multiple authorities in blockchain. Peer-to-Peer Netw. Appl. 2023, 16, 107–125. [Google Scholar] [CrossRef] [PubMed]
- Banerjee, S.; Roy, S.; Odelu, V.; Das, A.K.; Chattopadhyay, S.; Rodrigues, J.J.; Park, Y. Multi-authority CP-ABE-based user access control scheme with constant-size key and ciphertext for IoT deployment. J. Inf. Secur. Appl. 2020, 53, 102503. [Google Scholar] [CrossRef]
- Yi, W.; Xie, Q.; Kuzmin, S.; Gerasimov, I.; Cheng, X. CCC-TM: Cross-Chain consensus committee method using a trust model. Inf. Sci. 2024, 677, 120930. [Google Scholar] [CrossRef]
Symbol | Description |
---|---|
MSK | System master key |
MPK | System public key |
USK | User key |
key | Symmetric encryption key |
CF | Symmetric encryption ciphertext |
CT | Key ciphertext |
LSSS | Linear secret sharing scheme |
RK | Re-encryption key |
RCT | Re-encrypted ciphertext |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Yi, W.; Wang, C.; Kuzmin, S.; Gerasimov, I.; Cheng, X. Weighted Attribute-Based Proxy Re-Encryption Scheme with Distributed Multi-Authority Attributes. Sensors 2024, 24, 4939. https://doi.org/10.3390/s24154939
Yi W, Wang C, Kuzmin S, Gerasimov I, Cheng X. Weighted Attribute-Based Proxy Re-Encryption Scheme with Distributed Multi-Authority Attributes. Sensors. 2024; 24(15):4939. https://doi.org/10.3390/s24154939
Chicago/Turabian StyleYi, Wenlong, Chuang Wang, Sergey Kuzmin, Igor Gerasimov, and Xiangping Cheng. 2024. "Weighted Attribute-Based Proxy Re-Encryption Scheme with Distributed Multi-Authority Attributes" Sensors 24, no. 15: 4939. https://doi.org/10.3390/s24154939