臺灣博碩士論文加值系統

隨著現今許多資料開始數位化，如相片、影片、書籍等等，使用者的個人電腦可能因儲存空間的不足，而傾向於將資料儲存於雲端儲存設備中。然而，使用者並非直接將檔案上傳至雲端，而是會將檔案加密後才將此檔案上傳，但這樣造成了使用者在處理檔案分享時許多負擔。使用代理人重加密的系統能讓授權人 (delegator) 藉由一位代理人 (proxy) 的幫助下，減輕授權人的運算負擔，當代理人獲得由授權人產生之被授權人 (delegatee) 的重加密金鑰 (re-encryption key) 後，代理人能夠將授權人的密文轉換成針對被授權人的密文，並且密文經由代理人的轉換過程，並不會洩漏給代理人關於該密文的任何明文資訊。由於重加密金鑰的能力太過於強大，代理人能夠將授權人所有的密文都轉換給被授權人，造成了授權人在權限管理的不便。在現實的應用狀況，授權人可能只希望將某一份密文轉換給被授權人，而不是授權人的所有密文，這樣的缺點使代理人重加密系統變得不切實際。
在本論文中，我們檢驗現有的代理人重加密系統的安全性，並且提出一個讓授權人妥善較好管理代理人轉換能力的系統，該系統能抵抗金鑰揭露攻擊 (key exposure attack) ，且解密授權人的密文與轉換給被授權人的密文都只需要同一種解密演算法 (universal decryption) 就可以完成解密。

Proxy re-encryption schemes enable users to share their digital content with other
parties in a more ecient way. In existing proxy re-encryption schemes, the security
issues of key exposure attack and unauthorized re-encryption and the performance
challenges have been extensively considered for years. In this thesis, we point out
some security
aws that occurred in certain famed proxy re-encryption schemes and
propose a secret data system based on an improved proxy re-encryption scheme with
access control. In addition, the proposed scheme can withstand an adversary from
chosen-ciphertext attack.

1 Introduction 1
1.1 Background and Motivation . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Preliminary 4
2.1 The Model of Secure Distributed Storage System . . . . . . . . . . . 4
2.2 Proxy Re-encryption System . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.1 Generic algorithms and requirements . . . . . . . . . . . . . . 6
2.3 Bilinear Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.4 Provable Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.1 Review of generic attacks . . . . . . . . . . . . . . . . . . . . . 8
2.4.2 Various building blocks . . . . . . . . . . . . . . . . . . . . . . 9
2.4.3 An instance simulator with random oracle model . . . . . . . 11
3 Review of Related Proxy Re-encryption Schemes 15
3.1 Ateniese et al.'s Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.1 Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2 Green-Ateniese Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.1 Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.3 Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4 Proposed Secret Data Access System 21
4.1 Improved Proxy Re-encryption Algorithms . . . . . . . . . . . . . . . 21
4.2 The Proposed Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5 Security and Performance Analysis 28
6 Conclusion 32
Bibliography 34

[1] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-
encryption Schemes with Applications to Secure Distributed Storage,” In: Proc.
of the Network and Distributed System Security Symposium - NDSS '05, pp.
29-43, 2005.

[2] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved Proxy Re-
encryption Schemes with Applications to Secure Distributed Storage,” ACM
Transactions on Information and System Security - TISSEC '06, Vol. 9, No.1,
pp. 1-30, 2006.

[3] M. Blaze, G. Bleumer, and M. Strauss, “Divertible Protocols and Atomic Proxy
Cryptography,” Advances in Cryptology - EUROCRYPT'98, LNCS 1403, pp.
127-144, 1998.

[4] M. Green and G. Ateniese, “Identity-based Proxy Re-encryption,” In: Proc. of
the 5th International Conference on Applied Cryptography and Network Security
- ACNS '07, LNCS 4521, pp. 288-306, 2007.

[5] A. Ivan and Y. Dodis, “Proxy Cryptography Revisited,” In: Proc. of the Net-
work and Distributed System Security Symposium - NDSS '03, 2003.

[6] R. Canetti and S. Hohenberger, “Chosen-ciphertext Secure Proxy Re-
Encryption,” In: Proc. of the 14th ACM conference on Computer and Com-
munications Security - CCS '07, pp. 185-194, 2007.

[7] D. Boneh and X. Boyen, “E_cient Selective-ID Secure Identity-based Encryp-
tion without Random Oracles, ” Advances in Cryptology - EUROCRYPT'04,
LNCS 3027, pp. 223-238, 2004.

[8] D. Boneh and M. Franklin, “Identity-based Encryption from the Weil Pairing,”
Advances in Cryptology - CRYPTO'01, LNCS 2139, pp. 213-229, 2001.
34
BIBLIOGRAPHY 35

[9] T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on
Discrete Logarithms,” Advances in Cryptology - CRYPTO'84, LNCS 196, pp.
10-18, 1985.

[10] R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital
Signatures and Public-key Cryptosystems,” Communications of the ACM, Vol.
21, No. 2, pp. 120-126, 1978.

[11] N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, Vol.
48, No. 177, pp. 203-209, 1987.

[12] V. S. Miller, “Use of Elliptic Curve in Cryptography,” Advances in Cryptology
- CRYPTO'85, LNCS 218, pp. 417-426, 1986.

[13] T. Matsuo, “Proxy Re-encryption Systems for Identity-based Encryption,” In:
Proc. of Pairing-based Cryptography - Pairing '07, LNCS 4575, pp. 247-267,
2007.

[14] T. Mizuno and H. Doi, “Secure and E_cient IBE-PKE Proxy Re-encryption,”
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications
and Computer Sciences, Vol. E94-A, No. 1, pp. 36-44, 2011.

[15] H. Wang, Z. Cao, and L. Wang, “Multi-use and Unidirectional Identity-based
Proxy Re-encryption Schemes,” Information Sciences, Vol. 180, No. 20, pp.
4042-4059, 2010.

[16] Y. Cai and X. Liu, “A CCA-secure Multi-use Identity-based Proxy Re-
encryption Scheme, ” In: Proc. of IEEE Symposium on Computer Applications
and Communications - SCAC'14, pp. 51-56, 2014.

[17] B. Libert and D. Vergnaud, “Unidirectional Chosen-ciphertext Secure Proxy
Re-encryption,” In: Proc. of Public Key Cryptography - PKC'08, LNCS 4939,
pp. 360-379, 2008.

[18] J. Shao and Z. Cao, “Cca-secure Proxy Re-encryption without Pairings,” In:
Proc. of Public Key Cryptography - PKC'09, LNCS 5443, pp. 357-376, 2009.

[19] J. Shao, P. Liu, Z. Cao, and G. Wei, “Multi-use Unidirectional Proxy Re-
encryption,” In: Proc. of IEEE International Conference on Communications
- ICC '11, pp. 1-5, 2011.

[20] J. Shao and Z. Cao, “Multi-use Unidirectional Identity-based Proxy Re-
encryption from Hierarchical Identity-based Encryption,” Information Sci-
ences, Vol. 206, pp. 83-95, 2012.
BIBLIOGRAPHY 36

[21] R. H. Deng, J. Weng, S. Liu, and K. Chen, “Chosen-ciphertext Secure Proxy
Re-encryption without Pairings,” In: Proc. of 7th International Conference on
Cryptology and Network Security - CANS'08, LNCS 5339, pp. 1-17, 2008.

[22] J. Weng, R. H. Deng, X. Ding, C. K. Chu, and J. Lai, “Conditional Proxy
Re-encryption Secure against Chosen-ciphertext Attack,” In: Proc. of the 4th
International Symposium on Information, Computer, and Communications Se-
curity - ASIACCS '09, pp. 322-332, 2009.

[23] S. S. Vivek, S. S. D. Selvi, V. Radhakishan, and C. Pandu Rangan, “Con-
ditional Proxy Re-Encryption - A More E_cient Construction,” In: Proc. of
International Conference on Network Security and Applications - CNSA'11,
CCIS, Vol. 196, pp. 502-512, 2011.

[24] J. Li, X. Zhao, Y. Zhang, and W. Yao, “Provably Secure Certi_cate-based Con-
ditional Proxy Re-encryption,” Journal of Information Science and Engineering
- JISE '16, Vol. 32, pp. 813-830, 2016.

[25] Dropbox, https://www.dropbox.com/

[26] Google drive, https://drive.google.com/

[27] B. Waters, “E_cient Identity-based Encryption without Random Oracles,” Ad-
vances in Cryptology - EUROCRYPT'05, LNCS 3494, pp. 114-127, 2005.

[28] D. Dolev, C. Dwork, and M.Naor, “Non-malleable Cryptography,” SIAM Jour-
nal of Computing, vol. 30, pp. 391-437, 2000.

[29] M. Bellare, A. Desai, D. Pointcheval, P. Rogaway, “Relations Among No-
tions of Security for Public-key Encryption Scheme,” Advances in Cryptology -
CRYPTO'98, LNCS 1462, pp. 26-45, 1998.

[30] M. Bellare and P. Rogaway, “Random Oracles Are Practical: A Paradigm
for Designing E_cient Protocols,” In: Proc. of the 1st ACM Conference on
Computer and Communications Security - CCS '93, pp. 62-73, 1993.

[31] R. Canetti, H. Krawczyk, and J. B. Nielsen, “Relaxing Chosen-Ciphertext Secu-
rity,” Advances in Cryptology - CRYPTO'03, LNCS 2729, pp. 565-582, 2003.