Abstract
Proxy Re-Encryption (PRE) allows a ciphertext encrypted using a key \(\mathsf {pk}_{i}\) to be re-encrypted by a third party so that it is an encryption of the same message under a new key \(\mathsf {pk}_{j}\), without revealing the message. We define Post-Compromise Security (PCS) in the context of PRE. This ensures that an adversary cannot distinguish which of two adversarially chosen ciphertexts a re-encryption was created from even when given the old secret key and the update token used to perform the re-encryption. We give separating examples demonstrating how PCS is stronger than existing security definitions for PRE achieving similar goals, before showing that PCS can be achieved using a combination of existing security properties from the literature. In doing so, we show there are existing PRE schemes satisfying PCS. Finally, we give a construction demonstrating that natural modifications of practical PRE schemes provably have PCS directly, without incurring overheads from the security reductions we have shown, and from weaker assumptions than existing schemes.
A. Davidson, A. Deo and E. Lee—These authors are supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that some definitions of a PRE scheme have an additional input \(\ell \) to indicate a level the ciphertext should be at. In this work, we leave out \(\ell \) unless discussing schemes and results that use levelling explicitly.
- 2.
If a scheme is bidirectional, then edges added would be directionless. In this work we mainly focus on unidirectional schemes.
- 3.
The general understanding of unidirectionality is not so strong - the new key does not necessarily have to be derivable, but the token and old key should lead to the message being learned.
References
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management part 1: general (revision 3). NIST Spec. Publ. 800(57), 1–147 (2012)
Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054122
Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_23
Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_29
Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Ning, P., De Capitani di Vimercati, S., Syverson, P.F. (eds.) Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, pp. 185–194. ACM (2007)
Cohen, A.: What about bob? The inadequacy of CPA security for proxy reencryption. Cryptology ePrint Archive, Report 2017/785 (2017)
Cohn-Gordon, K., Cremers, C.J.F., Garratt, L.: On post-compromise security. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, pp. 164–178. IEEE Computer Society (2016)
Davidson, A., Deo, A., Lee, E., Martin, K.: Strong post-compromise secure proxy re-encryption. Cryptology ePrint Archive, Report 2019/368 (2019). https://eprint.iacr.org/2019/368
Everspaugh, A., Paterson, K.G., Ristenpart, T., Scott, S.: Key rotation for authenticated encryption. IACR Cryptology ePrint Archive, 2017:527 (2017)
Fuchsbauer, G., Kamath, C., Klein, K., Pietrzak, K.: Adaptively secure proxy re-encryption. Cryptology ePrint Archive, Report 2018/426 (2018)
Lee, E.: Improved security notions for proxy re-encryption to enforce access control. Cryptology ePrint Archive, Report 2017/824 (2017)
Lehmann, A., Tackmann, B.: Updatable encryption with post-compromise security. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 685–716. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_22
Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78440-1_21
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1
Myers, S., Shull, A.: Efficient hybrid proxy re-encryption for practical revocation and key rotation. IACR Cryptology ePrint Archive, 2017:833 (2017)
OWASP. Cryptographic storage cheat sheet (2018). https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet. Accessed 9 Oct 2018
PCI Security Standards Council. Payment card industry (PCI) data security standard (version 3.2.1) (2018)
Polyakov, Y., Rohloff, K., Sahu, G., Vaikuntanathan, V.: Fast proxy re-encryption for publish/subscribe systems. ACM Trans. Priv. Secur. 20(4), 14:1–14:31 (2017)
Acknowledgements
Special thanks to Katriel Cohn-Gordon for his help in motivating this work and providing the context for using PCS PRE to compliment the PCS messages in transit.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Davidson, A., Deo, A., Lee, E., Martin, K. (2019). Strong Post-Compromise Secure Proxy Re-Encryption. In: Jang-Jaccard, J., Guo, F. (eds) Information Security and Privacy. ACISP 2019. Lecture Notes in Computer Science(), vol 11547. Springer, Cham. https://doi.org/10.1007/978-3-030-21548-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-21548-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21547-7
Online ISBN: 978-3-030-21548-4
eBook Packages: Computer ScienceComputer Science (R0)