Verifiable attribute-based proxy re-encryption for secure public cloud data sharing

摘要

For secure data sharing in the public cloud, attribute-based encryption was introduced to simultaneously achieve data confidentiality and fine-grained access control. In order to update access control of the attribute-based encrypted data from delegation, attribute-based proxy re-encryption (AB-PRE) was proposed accordingly. Most previous AB-PRE schemes require that the proxy executes the re-encryption honestly. However, the public cloud as a proxy may not meet the requirement because the encrypted data are delegated to the public cloud and out of control for data owners. In this paper, we introduce verifiability for AB-PRE to check the correctness of the re-encryption executed by the proxy. By introducing a commitment scheme and a key derivation function, we propose a generic construction of unidirectional single-hop AB-PRE with verifiable re-encryption (AB-VPRE) for both key-policy and ciphertext-policy settings, and the access structure can be monotonic and non-monotonic. We prove the security and the verification soundness of our constructed AB-VPRE scheme in the standard model and provide three instantiations. Compared with previous work on AB-PRE, our proposed AB-VPRE schemes require less computation and can efficiently detect the malicious behaviors of the proxy. Copyright (c) 2016 John Wiley & Sons, Ltd.