{"id":2281,"date":"2017-12-14T12:15:53","date_gmt":"2017-12-14T12:15:53","guid":{"rendered":"https:\/\/prismacloud.eu\/?p=2281"},"modified":"2018-04-17T13:21:55","modified_gmt":"2018-04-17T13:21:55","slug":"revisiting-proxy-re-encryption-forward-secrecy-improved-security-and-applications","status":"publish","type":"post","link":"https:\/\/prismacloud.eu\/revisiting-proxy-re-encryption-forward-secrecy-improved-security-and-applications\/","title":{"rendered":"Revisiting Proxy Re-Encryption: Forward Secrecy, Improved Security, and Applications"},"content":{"rendered":"

Title<\/strong><\/p>\n

Revisiting Proxy Re-Encryption: Forward Secrecy, Improved Security, and Applications<\/p>\n

Authors<\/strong><\/p>\n

David Derler (TUG), Stephan Krenn (AIT), Thomas Lor\u00fcnser (AIT), Sebastian Ramacher (TUG), Daniel Slamanig (AIT), Christoph Striecks (AIT)<\/p>\n

Abstract<\/strong><\/p>\n

We revisit the notion of proxy re-encryption (PRE), an enhanced public-key encryption primitive envisioned by Blaze et al. (EUROCRYPT 1998) and formalized by Ateniese et al. (NDSS 2005). PRE allows to craft fine-granular re-encryption keys in order to equip a semi-trusted proxy with the power of transforming a ciphertexts under a sender\u2019s public-key to ciphertexts under a receiver\u2019s public-key, while not learning anything about the underlying plaintexts.<\/p>\n

We study an attractive cryptographic property for PRE, namely that of forward secrecy. In a forward-secret PRE system, the proxy periodically evolves the re-encryption keys and permanently erases old versions, while the sender\u2019s public key is kept constant. Hence, ciphertexts for old periods are no longer re-encryptable and, in particular, cannot be decrypted anymore at the receiver\u2019s end. Moreover, senders evolve their keys too, and thus not even the senders can decrypt old ciphertexts once they have deleted their key material from past periods. This, as we will discuss, directly has application in short-term data\/message-sharing scenarios.<\/p>\n

Technically, we formalize forward-secret PRE (fs-PRE). In doing so, we identify a subtle but significant gap in the well-established security model for conventional PRE and close it with our formalization (fs-PRE + ). We present the first provably secure and efficient constructions of fs-PRE as well as PRE (implied by the former) satisfying the strong fs-PRE + and PRE + notion respectively. All our constructions are instantiable in the standard model under standard assumptions and our central building block are hierarchical identity-based encryption (HIBE) schemes that only need to be selectively secure.<\/p>\n

Venue<\/strong><\/p>\n

Public Key Cryptography (PKC), https:\/\/pkc.iacr.org\/2018\/<\/a><\/p>\n

Place and Date<\/strong><\/p>\n

Rio De Janeiro, Brazil, March 25-28, 2018<\/p>\n

[Download<\/a>]<\/p>\n","protected":false},"excerpt":{"rendered":"

We revisit the notion of proxy re-encryption (PRE), an enhanced public-key encryption primitive envisioned by Blaze et al. (EUROCRYPT 1998) and formalized by Ateniese et al. (NDSS 2005). PRE allows to craft fine-granular re-encryption keys in order to equip a semi-trusted proxy with the power of transforming a ciphertexts under a sender\u2019s public-key to ciphertexts under a receiver\u2019s public-key, while not learning anything about the underlying plaintexts.<\/p>\n

We study an attractive cryptographic property for PRE, namely that of forward secrecy. In a forward-secret PRE system, the proxy periodically evolves the re-encryption keys and permanently erases old versions, while the sender\u2019s public key is kept constant. Hence, ciphertexts for old periods are no longer re-encryptable and, in particular, cannot be decrypted anymore at the receiver\u2019s end. Moreover, senders evolve their keys too, and thus not even the senders can decrypt old ciphertexts once they have deleted their key material from past periods. This, as we will discuss, directly has application in short-term data\/message-sharing scenarios.<\/p>\n

Technically, we formalize forward-secret PRE (fs-PRE). In doing so, we identify a subtle but significant gap in the well-established security model for conventional PRE and close it with our formalization (fs-PRE + ). We present the first provably secure and efficient constructions of fs-PRE as well as PRE (implied by the former) satisfying the strong fs-PRE + and PRE + notion respectively. All our constructions are instantiable in the standard model under standard assumptions and our central building block are hierarchical identity-based encryption (HIBE) schemes that only need to be selectively secure.<\/p>\n","protected":false},"author":2,"featured_media":1575,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8],"tags":[],"_links":{"self":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/2281"}],"collection":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/comments?post=2281"}],"version-history":[{"count":4,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/2281\/revisions"}],"predecessor-version":[{"id":2703,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/2281\/revisions\/2703"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media\/1575"}],"wp:attachment":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media?parent=2281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/categories?post=2281"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/tags?post=2281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}