Identity-Based proxy Re-encryption

By Mattew G. and Ginseppe A.

Name:  TohyeTewodros Gizaw

ID Number :201914090111
Phd Student in SISE

Course Advisor: Professor Hu Xoing

Nov,2019 1
 Outline
Introduction 1

2
Mathematical Background

Concert Construction 3

Analysis(observation) 4

Conclusion 2
5
 1. Introduction
PRE
In a proxy re-encryption scheme, a proxy can convert an
encryption computed under sender public-key into an

 A proxy re-encryption scheme is a type of encryption intended for receiver.

Asymmetric public key encryption
because users of the scheme need both
public keys and private keys in order to
perform the anticipated task.

Such a scheme can be used by Alice to temporarily forward encrypted message to bob without giving him
her secrete key.

The proxy and Bob ,however , are not allowed to collude, thus it is usually assumed that at least one of the
two is honest.

The Fundamental property of proxy re-encryption schemes is that the proxy is not fully trusted, i.e., it does
not know the secret keys of Alice or Bob and does not learn the plaintext during the conversion.

3
 Proxy re-encryption
(PRE)
As shown in Fig. the architecture for the
Proxy Re-encryption(PRE) proxy Re-Encryption system Consists of
the following entities:

Proxy. a proxy can convert an encryption computed

under Alice public-key into an encryption intended for
Bob.
 Delegator(Alice). This is a user who owns data files
and encrypt files and enforcing a re-encryption key
to the proxy server. Giving the delegation of
decryption rights to delegate.
 Delegate (Bob). This is an entity who wants to
receives delegation of decryption right from the
delegator and want to decrypt it .

4
 Cont…
 To do so in the proxy re-encryption scheme, Alice uses her p
rivate key and the public key of Bob to generate a re-encryp
tion key.
 Alice then sends the re-encryption key to the server.
 Upon receiving this re-encryption key, the server uses the ke
y to transform all the n encrypted messages C1, C2, …, Cn to
a new form denoted as D1, D2, …, Dn.
 Bob can then download D1, D2, …, Dn, decrypt them, and re
cover the messages M1, M2, … Mn using his private key.

5 5
Draw back of Proxy re-encryption based
on Integer
 Need of digital certificate
 Poor in public key management
 Not efficient with respect to memory consumption

6
 Related Work
 Mambo and Okamoto proposed a technique for delegating
decryption rights
 Blaze, Bleumer and Strauss [2] later presented the first secu
re “atomic” re-encryption primitive.
 Jakobsson [4], and Zhou, et. al. [14] addressed this collusion
problem via quorum-based protocols which divided the prox
y into many distinct components.
 Dodis and Ivan [5] realized a form of unidirectional proxy e
ncryption by doubly-encrypting messages under two separat
e keys.

7
 Identity-Based proxy Re-encryption
 Identity based proxy re-encryption was first introduced by s
hamir in 1984.
 In identity-Based proxy re-encryption (IBE), in which send
ers encrypt messages using the recipient’s identity (a string)
as the public key.
The identity that can be used for encryption can be anything tha
t uniquely describe the receiver identity such as:-
 Email address
 Passport number

8
 Identity -Based Encryption
(IBE)
Identity -based Encryption scheme IBE
Identity -Based Encryption consists of four algorithms below.
 Setup (λ): The setup algorithm takes as input - a security parameter λ. It
(IBE) Outputs (PK, MK), where PK denotes the public key and MK denotes

the master key of the identity authority..

 
 KeyGen (, MK): For each user’s private key request, the key extraction
algorithm takes as input- a user's access structure (resp. identity set) and
the identity authority's master Key MK. It outputs the user's private key
SK.

 
 Encrypt (M,): The encryption algorithm takes as input - a message M
and the identity set (resp. access structure) . It outputs the ciphertext
CT with access policy.

 
 Decrypt (CT,SK) : The decryption algorithm takes as input - a ciphertext
CT which was assumed to be encrypted under the identity set (resp.
access structure) and the private key SK for access structure (resp.
Data Owner attribute set) ,. It outputs the message M if (, ) = 1 and the error symbol ⊥
Otherwise, where the predicate is predefined.

9
Motivation of the Scheme
 The idea is that any easy-to-remember string can be a publi
c key.
 The motivation for IBE schemes is to simplify key manage
ment and remove the need of public key certificates as muc
h as possible:
 since a key is the identity of its owner, there is no need to b
ind them by a digital certificate and a public repository cont
aining a list of user names and their associated public keys
becomes useless since public keys are human-memorable.

10
 Cont…
 End users do not have to enquire for a certificate for their p
ublic key.
 The only things that still must be certified are the public ke
ys of trusted authorities called private key generators (PKG
s) that have to generate private keys associated to users iden
tities thanks to their secret key.
 This does not completely remove the need of certificates bu
t, since many users depend on the same authority, this need
is drastically reduced.

11
Architecture of Identity-Based pro
xy
Re-Encryption

12
 Properties of the Scheme
 Unidirectionality
 Non-Interactivity(to secure private key)
 Multiple-use capability: - permits the proxy (or proxies) to
perform multiple consecutive re-encryptions on a cipher tex
t.
 Space-optimality: - doesn’t incur additional communication
costs in order to support re-encryption.
 In the presented scheme which is Identity-based proxy re-e
ncryption (IB-PRE) schemes allow a proxy to translate a ci
pher text encrypted under sender identity into one compute
d under receiver identity.
13
2. Mathematical Background
 

Definition 1 (Bilinear Map): Let G, be cyclic groups

of prime order q, writing the group action
multiplicatively. g is a generator of G. Let e : G × G →
be a map with the following properties:

14
 Defintion1 Bilinear map

  Bilinearity: for all and ;



 Non-degeneracy: There exists such that , in other words, the

map does not send all pairs in G × G to the identity in ;

 Computability: There is an efficient algorithm to compute

for all

18
 Cont…

 A group {ZP*,(x mod N) form a cyclic group under multipl

ication modulo.

 Example:- ZP*7={1,2,3,4,5,6}

 <3>. {30 = 1, 31= 3, 32 =2, 33=6, 34=4, 35=5

 ………..form a cyclic group}

16
Defntion2 Decisional Bilinear Diffie H
ellman Assumption(DBDH)).
The schemes are based on the assumed intractability of the De
cisional Bilinear Diffie-Hellman problem (DBDH) in G,GT.
This assumption is believed to hold in certain groups, and used
as the basis of several Identity-Based Encryption schemes.

17
3. Concreate Construction

18
Cont…

19
Decryption

20
 Correctness
 IB-PRE scheme is correct if the Decrypt algorithm always o
utputs the expected decryption of a properly generated ciph
ertext(when supplied with the appropriate decryption key).
We define “proper generation” as the process of
 Encrypting a plaintext using Encrypt, and
 subsequently iteratively applying the Reencrypt algorithm
up to MaxLevels−1 times using valid re-encryption keys.

21
Validity of Correctness

22
Final stage of correctness

23
 4. Analysis (Observation)
 The presented scheme solves the problem of untrusty proxy
using a different approach which is unidirectional and non-i
nteractive by giving all the delegation authority to the user.

 In addition to that, since the model is depend upon the iden

tity which is string rather than using public keys of integer
numbers it solves the problem of modulus attack, factoring
and time attack .

24
 Cont…
 The proposed scheme is a multi-use capability and space optimal.

 So it is possible to perform multiple consecutive re-encryption on

a ciphertext when we do this doesn’t incur additional communicat
ion coast in order to support re-encryption.

 Generally speaking, in the presented scheme in more secure man

ner we can easily send the required message for the intended user.

25
 Cont…
 There are possibilities that we can forget our public key ide
ntity like E-mail, passport numbers. In this regard if the pu
blic key used for encryption is biometrics information's thi
s will be robust.

 The identity which is used to encrypt the message is not ad

dress many user at the same time like attribute based encry
ption.

26
5. Conclusion and future work
 In this work the researcher introduced new constructions en
abling non-interactive, unidirectional proxy re-encryption i
n the IBE setting.

 The schemes are very efficient and can be deployed within

standard IBE frameworks. New compelling applications ca
n be realized most notably attribute-based delegation and a
ccess control.

27
 Cont…
 An interesting open problem is to find efficient construction
s for multi-use CCA-secure IBE-PRE schemes.

 Another important open problem is to find efficient IBE-PR

E secure in the standard model (rather than in the RO mode
l).

28
Thank You
Xie Xie
Nov, 2019
UESTC
29