Hierarchical Conditional Proxy Re-Encryption: A New Insight of Fine-Grained Secure Data Sharing

  • Kai He
  • Xueqiao Liu
  • Huaqiang YuanEmail author
  • Wenhong Wei
  • Kaitai Liang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10701)


Outsource local data to remote cloud has become prevalence for Internet users to date. While being unable to “handle” (outsourced) data at hand, Internet users may concern about the confidentiality of data but also further operations over remote data. This paper deals with the case where a secure data sharing mechanism is needed when data is encrypted and stored in remote cloud. Proxy re-encryption (PRE) is a promising cryptographic tool for secure data sharing. It allows a “honest-but-curious” third party (e.g., cloud server), which we call “proxy”, to convert all ciphertexts encrypted for a delegator into those intended for a delegatee. The delegatee can further gain access to the plaintexts with private key, while the proxy learns nothing about the underlying plaintexts. Being regarded as a general extension of PRE, conditional PRE supports a fine-grained level of data sharing. In particular, condition is embedded into ciphertext that offers a chance for the delegator to generate conditional re-encryption key to control with which ciphertexts he wants to share. In this paper, for the first time, we introduce a new notion, called “hierarchical conditional” PRE. The new notion allows re-encryption rights to be “re-delegated” for “low-level” encrypted data. We propose the seminal scheme satisfying the notion in the context of identity-based encryption and further, prove it secure against chosen-ciphertext security.


Hierarchical conditional proxy re-encryption Fine-grained data sharing Identity-based encryption Chosen-ciphertext security 



This work was supported by National Science Foundation of China (No. 61572131), Guangdong Provincial Science and Technology Plan Projects (No. 2016A010101034) and Project of Internation as well as Hongkong, Macao & Taiwan Science and Technology Cooperation Innovation Platform in Universities in Guangdong Province (No. 2015KGJHZ027).


  1. 1.
    Ateniese, G., Kevin, F., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)CrossRefzbMATHGoogle Scholar
  2. 2.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). CrossRefGoogle Scholar
  3. 3.
    Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, Virginia, USA, 28–31 October 2007, pp. 185–194 (2007)Google Scholar
  4. 4.
    Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Huang, X.: Cryptographic hierarchical access control for dynamic structures. IEEE Trans. Inf. Forensics Secur. 11(10), 2349–2364 (2016)CrossRefzbMATHGoogle Scholar
  5. 5.
    Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Li, J., Huang, X.: Hierarchical and shared access control. IEEE Trans. Inf. Forensics Secur. 11(4), 850–865 (2016)Google Scholar
  6. 6.
    Chu, C.-K., Tzeng, W.-G.: Identity-based proxy re-encryption without random oracles. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 189–202. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  7. 7.
    Deng, R.H., Weng, J., Liu, S., Chen, K.: Chosen-ciphertext secure proxy re-encryption without pairings. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 1–17. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  8. 8.
    Fang, L., Susilo, W., Ge, C., Wang, J.: Interactive conditional proxy re-encryption with fine grain policy. J. Syst. Softw. 84(12), 2293–2302 (2011)CrossRefGoogle Scholar
  9. 9.
    Giuseppe, A., Kevin., Matthew, G., Susan, H.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), San Diego, California, USA (2005)Google Scholar
  10. 10.
    Green, M., Ateniese, G.: Identity-based proxy re-encryption. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 288–306. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  11. 11.
    Hanaoka, G., Kawai, Y., Kunihiro, N., Matsuda, T., Weng, J., Zhang, R., Zhao, Y.: Generic construction of chosen ciphertext secure proxy re-encryption. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 349–364. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  12. 12.
    He, K., Weng, J., Deng, R.H., Liu, J.K.: On the security of two identity-based conditional proxy re-encryption schemes. Theor. Comput. Sci. 652, 18–27 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    He, K., Weng, J., Liu, J.K., Zhou, W., Liu, J.-N.: Efficient fine-grained access control for secure personal health records in cloud computing. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 65–79. Springer, Cham (2016). CrossRefGoogle Scholar
  14. 14.
    Lee, C.-C., Li, C.-T., Chen, C.-L., Chiu, S.-T.: A searchable hierarchical conditional proxy re-encryption scheme for cloud storage services. ITC 45(3), 289–299 (2016)CrossRefGoogle Scholar
  15. 15.
    Liang, K., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S., Yang, G., Yu, Y., Yang, A.: A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)CrossRefGoogle Scholar
  16. 16.
    Liang, K., Chu, C.-K., Tan, X., Wong, D.S., Tang, C., Zhou, J.: Chosen-ciphertext secure multi-hop identity-based conditional proxy re-encryption with constant-size ciphertexts. Theor. Comput. Sci. 539, 87–105 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Liang, K., Fang, L., Wong, D.S., Susilo, W.: A ciphertext-policy attribute-based proxy re-encryption scheme for data sharing in public clouds. Concurr. Comput. Pract. Exp. 27(8), 2004–2027 (2015)CrossRefGoogle Scholar
  18. 18.
    Liang, K., Liu, J.K., Wong, D.S., Susilo, W.: An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 257–272. Springer, Cham (2014). Google Scholar
  19. 19.
    Liang, K., Liu, Z., Tan, X., Wong, D.S., Tang, C.: A CCA-secure identity-based conditional proxy re-encryption without random oracles. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 231–246. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  20. 20.
    Liang, K., Su, C., Chen, J., Liu, J.K.: Efficient multi-function data sharing and searching mechanism for cloud-based encrypted data. In: Chen, X., Wang, X., Huang, X. (eds.) Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi’an, China, May 30 - June 3, 2016, pp. 83–94. ACM (2016)Google Scholar
  21. 21.
    Liang, K., Susilo, W.: Searchable attribute-based mechanism with efficient data sharing for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 10(9), 1981–1992 (2015)CrossRefGoogle Scholar
  22. 22.
    Liang, K., Susilo, W., Liu, J.K.: Privacy-preserving ciphertext multi-sharing control for big data storage. IEEE Trans. Inf. Forensics Secur. 10(8), 1578–1589 (2015)CrossRefGoogle Scholar
  23. 23.
    Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: Proceedings of the 2009 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009), Sydney, Australia, 10–12 March 2009, pp. 276–286 (2009)Google Scholar
  24. 24.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  25. 25.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. IEEE Trans. Inf. Theory 57(3), 1786–1802 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Wang, L., Wang, L., Mambo, M., Okamoto, E.: New identity-based proxy re-encryption schemes to prevent collusion attacks. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 327–346. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  27. 27.
    Lin, S., Zhang, R., Wang, M.: Verifiable attribute-based proxy re-encryption for secure public cloud data sharing. Secur. Commun. Netw. 9(12), 1748–1758 (2016)CrossRefGoogle Scholar
  28. 28.
    Luo, S., Shen, Q., Chen, Z.: Fully secure unidirectional identity-based proxy re-encryption. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 109–126. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  29. 29.
    Matsuda, T., Nishimaki, R., Tanaka, K.: CCA proxy re-encryption without bilinear maps in the standard model. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 261–278. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  30. 30.
    Matsuo, T.: Proxy re-encryption systems for identity-based encryption. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 247–267. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  31. 31.
    Mizuno, T., Doi, H.: Secure and efficient IBE-PKE proxy re-encryption. IEICE Trans. 94–A(1), 36–44 (2011)CrossRefGoogle Scholar
  32. 32.
    Nabeel, M., Bertino, E.: Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9), 2268–2280 (2014)CrossRefGoogle Scholar
  33. 33.
    Shao, J., Cao, Z.: Multi-use unidirectional identity-based proxy re-encryption from hierarchical identity-based encryption. Inf. Sci. 206, 83–95 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Shao, J., Rongxing, L., Lin, X., Liang, K.: Secure bidirectional proxy re-encryption for cryptographic cloud storage. Pervasive Mobile Comput. 28, 113–121 (2016)CrossRefGoogle Scholar
  35. 35.
    Smith, T.: DVD jon: Buy DRM-less tracks from Apple iTunes, January 2005.
  36. 36.
    Tang, Q.: Type-based proxy re-encryption and its construction. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 130–144. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  37. 37.
    Isshiki, T., Nguyen, M.H., Tanaka, K.: Proxy re-encryption in a stronger security model extended from CT-RSA2012. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 277–292. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  38. 38.
    Wang, L., Wang, L., Mambo, M., Okamoto, E.: Identity-based proxy cryptosystems with revocability and hierarchical confidentialities. IEICE Trans. 95–A(1), 70–88 (2012)CrossRefGoogle Scholar
  39. 39.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  40. 40.
    Weng, J., Chen, M.-R., Yang, Y., Deng, R.H., Chen, K., Bao, F.: CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles. Sci. China Inf. Sci. 53(3), 593–606 (2010)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Weng, J., Deng, R.H., Ding, X., Chu, C.-K., Lai, J.: Conditional proxy re-encryption secure against chosen-ciphertext attack. In: Proceedings of the 2009 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009), Sydney, Australia, 10–12 March 2009, pp. 322–332 (2009)Google Scholar
  42. 42.
    Weng, J., Yang, Y., Tang, Q., Deng, R.H., Bao, F.: Efficient conditional proxy re-encryption with chosen-ciphertext security. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 151–166. Springer, Heidelberg (2009). CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Kai He
    • 1
  • Xueqiao Liu
    • 2
  • Huaqiang Yuan
    • 1
    Email author
  • Wenhong Wei
    • 1
  • Kaitai Liang
    • 3
  1. 1.School of Computer and Network SecurityDongguan University of TechnologyGuangdongChina
  2. 2.School of Computing and Information TechnologyUniversity of WollongongWollongongAustralia
  3. 3.Department of Computer ScienceUniversity of SurreyGuildfordUK

Personalised recommendations