Imagine that a department manager, Alice, is away for vacation and she wantsto delegate Bob to process the received emails sent by Company E or CompanyF. A number of emails with different attribute sets were sent to Alice during hervacation. They contained ones sent by her friends, by hospitals, by some mag-azine companies whose products Alice has subscribed to, and so on. They wereencrypted before transmitting in order to preserve the data’s privacy. For flexibleaccess control on decryption delegation, every encrypted email was associatedwith certain attributes that can describe the corresponding ciphertext. Alicespecified a policy describing that only emails from Company E or Company Fcan be handled by Bob. With this policy, her own secret key and Bob’s publickey, Alice generated by herself a re-encryption key from Alice to Bob. With a cor-responding re-encryption key generated by Alice, the email server can transformthe ciphertexts satisfying the policy embedded in the re-encryption key into theencrypted emails under Bob’s public key. Note that in a system with plain emails’attributes, the email server might learn that Alice probably went to hospital totake some disease testing, and what kinds of magazines that Alice was interestedin. The inference about Alice’s disease history might have an impact on her dailylife, and the magazine subscriptions may expose Alice’s hobby and disposition forrecreation. Additionally, it could possibly result in leaking some sensitive infor-mation to some commercial cooperations, even though the complete and exactcontent remains secret from the server (refer to Fig.1). Obviously, this is notthe situation that Alice expects to be. These personal and sensitive data should
Anonymous Attribute-Based Conditional Proxy Re-encryption97be completely shrouded (i.e., guaranteeingpayload-hidingandattribute-hidingsimultaneously).Fig. 1.Attribute-based conditional proxy re-encryptionThe above observations show the necessity of hiding ciphertexts’ attributesfrom prying eyes in certain applications. Therefore, it motivates us to studyattribute-based conditional proxy re-encryption scheme (AB-CPRE) supportingattribute-hiding in this paper.1.1Our ContributionsIn this paper, we first modify the model of AB-CPRE in [32] to allow foranonymity of the original ciphertexts. After describing the formal definition ofanonymous AB-CPRE, we construct a concrete anonymous AB-CPRE schemebased on this new model. Finally, we prove our proposed scheme in the sense ofboth security and anonymity, without relying on random oracles.1.2Related WorkIn this section, we summarize the major related works in the areas of attribute-based encryption and proxy re-encryption.Attribute-Based Encryption.The notion of ABE was first introduced by Sahaiand Waters as an application of their fuzzy identity-based encryption (IBE)scheme [25]. In such an ABE system, both ciphertexts and secret keys are asso-ciated with attributes. The decryption on a ciphertext will succeed if and onlyif the attribute set for the ciphertext and the one for the secret key overlapby at least a fixed threshold valuek. In 2006, Goyal et al. [14] formalized twocomplimentary forms of ABE: KP-ABE and CP-ABE. In a CP-ABE scheme,decryption keys are associated with attribute sets and ciphertexts are associ-ated with access structures, while, in a KP-ABE, the situation is reversed (i.e.,
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 505 pages?
Upload your study docs or become a
Course Hero member to access this document
Term
Spring
Professor
NoProfessor
Tags
