Verifiable and hybrid attribute-based proxy re-encryption for flexible data sharing in cloud storage

Abstract

Cloud computing is a promising service architecture that enables a data owner to share data in an economic and efficient manner. To ensure data privacy, a data owner will generate the ciphertext of the data before outsourcing. Attribute-based encryption (ABE) provides an elegant solution for a data owner to enforce fine-grained access control on the data to be outsourced. However, ABE cannot support ciphertext transformation when needing to share the underlying data with a public-key infrastructure (PKI) user further. In addition, an untrusted cloud server may return random ciphertexts to the PKI user to save expensive computational costs of ciphertext transformation. To address above issues, we introduce a novel cryptographic primitive namely verifiable and hybrid attribute-based proxy re-encryption (VHABPRE). VHABPRE provides a transformation mechanism that re-encrypts an ABE ciphertext to a PKI-based public key encryption (PKE) ciphertext such that the PKI user can access the underlying data, meanwhile this PKI user can ensure the validity of the transformed ciphertext. By leveraging a key blinding technique and computing the commitment of the data, we construct two VHABPRE schemes to achieve flexible data sharing. We give formal security proofs and comprehensive performance evaluation to show the security and efficiency of the VHABPRE schemes.