Go to DBLP homepageRe-PAEKS: Public-Key Authenticated Re-Encryption With Keyword Search
Abstract: The rapid development of cloud computing and the exponential growth of data have led to an increasing demand for secure data sharing and querying. Proxy re-encryption (PRE) addresses the issue of secure data sharing, since it enables controlled data sharing and delegation of access rights without revealing the actual content of the encrypted data stored in the cloud; public-key encryption with keyword search (PEKS) tackles the issue of secure data querying, since it allows resource-constrained clients to effectively search over encrypted data stored in the cloud. As a combination of PRE and PEKS, proxy re-encryption with keyword search (PRES) enables both secure data sharing and querying. Despite their merits, existing PRES schemes are vulnerable to quantum computer attacks, keyword guessing attacks (KGAs), or incur high end-to-end delay. To address these vulnerabilities, this paper introduces a novel cryptographic primitive called public-key authenticated re-encryption with keyword search (Re-PAEKS), which combines the strengths of PRE and public-key authenticated encryption with keyword search (PAEKS). Our Re-PAEKS has low end-to-end delay, and is resistant to both quantum computer attacks and KGAs. Technically, we improve the previous lattice-based PAEKS scheme and achieve the delegation of access rights by exploiting the lattice-based identity-based encryption (IBE) techniques, which are widely believed to be secure against quantum computer attacks. In addition, we formalize the security model of the Re-PAEKS and prove its security in the random oracle model. Finally, we conduct a comprehensive performance evaluation of the Re-PAEKS, and the experimental results show that the Re-PAEKS is computationally efficient and practical. Particularly, the Re-PAEKS enjoys the lowest end-to-end delay compared to current state-of-the-art PRES.
Loading