Abstract
Cloud storage brings strong conveniences for flexible data sharing. When sharing data with a large number of entities described with fuzzy identities, the data owners must leverage a suitable encryption scheme to meet the security and efficiency requirements. (hierarchical) Identity-based encryption is a promising candidate to ensure fuzzy-entity data sharing while meeting the security requirement, but encounters the efficiency difficulty in multireceiver settings. We introduce the notion of subtree-based encryption (SBE) to support multireceiver data sharing mechanism in large-scale enterprises. Users in SBE are organized in a tree structure. Superior users can generate the secret keys to their subordinates. Unlike HIBE merely allowing a single decryption path, SBE enables encryption for a subset of users. We define the security notion for SBE, namely Ciphertext Indistinguishability against Adaptively Chosen-Sub-Tree and Chosen-Ciphertext Attack (IND-CST-CCA2). We propose two secure SBE schemes (SBEs). We first propose a basic SBEs against Adaptively Chosen-Sub-Tree and Chosen-Plaintext Attack (IND-CST-CPA), in which we do not allow the attacker to get decryption results from other users in the security game. We then propose a CCA2-secure SBEs from the basic scheme without requiring any other cryptographic primitives. Our CCA2-secure scheme natively allows public ciphertext validity test, which is a useful property when a CCA2-secure SBEs is used to design advanced protocols and auditing mechanisms for fuzzy-entity data sharing.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Abdalla M, Bellare M, Catalano D, Kiltz E, Kohno T, Lange T, Malone-Lee J, Neven G, Paillier P, Shi H (2005) Searchable encryption revisited: consistency properties, relation to anonymous IBE, and extensions. In: CRYPTO 2005, vol 3621. LNCS. Springer, Berlin, pp 205–222
Boneh D, Boyen X (2004a) Efficient selective-id secure identity-based encryption without random oracles. In: EUROCRYPT 2004, vol 3027. LNCS. Springer, Berlin, pp 223–238
Boneh D, Boyen X (2004b) Secure identity based encryption without random oracles. In: CRYPTO 2004, vol 3152. LNCS. Springer, Berlin, pp 443–459
Boneh D, Franklin M (2001) Identity-based encryption from the Weil pairing. In: CRYPTO 2001, vol 2139. LNCS. Springer, Berlin, pp 213–229
Boneh D, Franklin M (2003) Identity-based encryption from the weil pairing. SIAM J Comput 32(3):586–615
Boneh D, Hamburg M (2008) Generalized identity based and broadcast encryption schemes. In: ASIACRYPT 2008, vol 5350. LNCS. Springer, Berlin, pp 455–470
Boneh D, Katz J (2005) Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. In: CT-RSA 2005, vol 3376. LNCS. Springer, Berlin, pp 87–103
Boneh D, Boyen X, Goh EJ (2005a) Hierarchical identity based encryption with constant size ciphertext. In: EUROCRYPT 2005, vol 3494. LNCS. Springer, Berlin, pp 440–456
Boneh D, Gentry C, Waters B (2005b) Collusion resistant broadcast encryption with short ciphertexts and private keys. In: CRYPTO 2005, vol 3621. LNCS. Springer, Berlin, pp 258–275
Boyen X, Mei Q, Waters B (2005) Direct chosen ciphertext security from identity-based techniques. In: CCS 2005. ACM, pp 320–329
Canetti R, Halevi S, Katz J (2003) A forward-secure public-key encryption scheme. In: EUROCRYPT 2003, vol 2656. LNCS. Springer, Berlin, pp 255–271
Canetti R, Halevi S, Katz J (2004) Chosen-ciphertext security from identity-based encryption. In: EUROCRYPT 2004, vol 3027. LNCS. Springer, Berlin, pp 207–222
Chen HC (2016) A trusted user-to-role and role-to-key access control scheme. Soft Comput 20(5):1721–1733
Chen J, Wee H (2013) Fully, (almost) tightly secure IBE and dual system groups. In: CRYPTO 2013, vol 8043. LNCS. Springer, Berlin, pp 435–460
Chen X, Li J, Huang X, Ma J, Lou W (2015) New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput 12(5):546–556
Cocks C (2001) An identity based encryption scheme based on quadratic residues. In: Cryptography and coding 2001, vol 2260. LNCS. Springer, Berlin, pp 360–363
Delerablée C (2007) Identity-based broadcast encryption with constant size ciphertexts and private keys. In: ASIACRYPT 2007, vol 4833. LNCS. Springer, Berlin, pp 200–215
Delerablée C, Paillier P, Pointcheval D (2007) Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Pairing 2007, vol 4575. LNCS. Springer, Berlin, pp 39–59
Deng H, Wu Q, Qin B, Domingo-Ferrer J, Zhang L, Liu J, Shi W (2014) Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Inf Sci 275:370–384
Fiat A, Naor M (1994) Broadcast encryption. In: CRYPTO 1993, vol 773. LNCS. Springer, Berlin, pp 480–491
Garg S, Gentry C, Halevi S (2013) Candidate multilinear maps from ideal lattices. In: EUROCRYPT 2013, vol 7881. LNCS. Springer, Berlin, pp 1–17
Gentry C (2006) Practical identity-based encryption without random oracles. In: EUROCRYPT 2006, vol 4004. LNCS. Springer, Berlin, pp 445–464
Gentry C, Halevi S (2009) Hierarchical identity based encryption with polynomially many levels. In: TCC 2009, vol 5444. LNCS. Springer, Berlin, pp 437–456
Gentry C, Silverberg A (2002) Hierarchical id-based cryptography. In: ASIACRYPT 2002, vol 2501. LNCS. Springer, Berlin, pp 548–566
Gentry C, Waters B (2009) Adaptive security in broadcast encryption systems (with short ciphertexts). In: EUROCRYPT 2009, vol 5479. LNCS. Springer, Berlin, pp 171–188
Gentry C, Peikert C, Vaikuntanathan V (2008) Trapdoors for hard lattices and new cryptographic constructions. In: STOC 2008. ACM, pp 197–206
Horwitz J, Lynn B (2002) Toward hierarchical identity-based encryption. In: EUROCRYPT 2002, vol 2332. LNCS. Springer, Berlin, pp 466–481
Hu Y, Jia H (2016) Cryptanalysis of GGH map. In: EUROCRYPT 2016, vol 9665. LNCS. Springer, Berlin, pp 537–565
Huan J, Yang Y, Huang X, Yuen TH, Li J, Cao J (2016) Accountable mobile e-commerce scheme via identity-based plaintext-checkable encryption. Inf Sci 345:143–155
Huang X, Xiang Y, Chonka A, Zhou J, Deng RH (2011) A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans Parallel Distrib Syst 22(8):1390–1397
Huang X, Liu JK, Hua S, Xiang Y, Liang K, Zhou J (2015) Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans Comput 64(4):971–983
Kim J, Susilo W, Au MH, Seberry J (2015) Adaptively secure identity-based broadcast encryption with a constant-sized ciphertext. IEEE Trans Inf Forensics Secur 10(3):679–693
Lewko A (2010) New techniques for dual system encryption and fully secure hibe with short ciphertexts. In: TCC 2010, vol 5978. LNCS. Springer, Berlin, pp 455–479
Lewko A, Waters B (2012) New proof methods for attribute-based encryption: Achieving full security through selective techniques. In: CRYPTO 2012, vol 7417. LNCS. Springer, Berlin, pp 180–198
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: EUROCRYPT 2010, vol 6110. LNCS. Springer, Berlin, pp 62–91
Libert B, Paterson KG, Quaglia EA (2012) Anonymous broadcast encryption: Adaptive security and efficient constructions in the standard model. In: PKC 2012, vol 7293. LNCS. Springer, Berlin, pp 206–224
Liu W, Liu J, Wu Q, Qin B (2014) Hierarchical identity-based broadcast encryption. In: ACISP 2014, vol 8544. LNCS. Springer, Berlin, pp 242–257
Liu W, Liu X, Liu J, Wu Q, Zhang J (2015a) Auditing and revocation enabled role-based access control over outsourced private ERHS. In: HPCC, pp 336–341
Liu Z, Weng J, Li J, Yang J, Fu C, Jia C (2015b) Cloud-based electronic health record system supporting fuzzy keyword search. Soft Comput 20(8):3243–3255
Liu W, Liu J, Wu Q, Qin B, Li Y (2016) Practical chosen-ciphertext secure hierarchical identity-based broadcast encryption. Int J Inf Secur 15(1):35–50
Maurer UM, Yacobi Y (1991) Non-interactive public-key cryptography. In: EUROCRYPT 1991, vol 547. LNCS. Springer, Berlin, pp 498–507
Qin B, Wu Q, Zhang L, Farràs O, Domingo-Ferrer J (2012) Provably secure threshold public-key encryption with adaptive security and short ciphertexts. Inf Sci 210:67–80
Ren Y, Gu D (2009) Fully CCA2 secure identity based broadcast encryption without random oracles. Inf Process Lett 109(11):527–533
Seo JH, Kobayashi T, Ohkubo M, Suzuki K (2009) Anonymous hierarchical identity-based encryption with constant size ciphertexts. In: PKC 2009, vol 5443. LNCS. Springer, Berlin, pp 215–234
Shamir A (1985) Identity-based cryptosystems and signature schemes. In: CRYPTO 1984, vol 196. LNCS. Springer, Berlin, pp 47–53
Wang J, Chen X, Huang X, You I, Xiang Y (2015) Verifiable auditing for outsourced database in cloud computing. IEEE Trans Comput 64(11):3293–3303
Waters B (2005) Efficient identity-based encryption without random oracles. In: EUROCRYPT 2005, vol 3494. LNCS. Springer, Berlin, pp 114–127
Waters B (2009) Dual system encryption: realizing fully secure ibe and hibe under simple assumptions. In: CRYPTO 2009, vol 5677. LNCS. Springer, Berlin, pp 619–636
Wu Q, Qin B, Zhang L, Domingo-Ferrer J, Farràs O, Manjón J (2016) Contributory broadcast encryption with efficient encryption and short ciphertexts. IEEE Trans Comput 65(2):466–479
Zhang L, Wu Q, Domingo-Ferrer J, Qin B, Zeng P (2014a) Signatures in hierarchical certificateless cryptography: efficient constructions and provable security. Inf Sci 272:223–237
Zhang M, Yang B, Takagi T (2014b) Anonymous spatial encryption under affine space delegation functionality with full security. Inf Sci 277:715–730
Zhou X, Liu J, Liu W, Wu Q (2016) Anonymous role-based access control on e-health records. In: ASIACCS 2016. ACM, pp 559–570
Acknowledgements
This paper is supported by the Natural Science Foundation of China through Projects 61672083, 61370190, 61532021, 61472429, and 61402029, by the National Cryptography Development Fund through project MMJJ20170106, by the planning fund project of ministry of education through project 12YJAZH136 and by the Beijing Natural Science Foundation through Project 4132056.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Liu, W., Liu, J., Wu, Q. et al. Efficient subtree-based encryption for fuzzy-entity data sharing. Soft Comput 22, 7961–7976 (2018). https://doi.org/10.1007/s00500-017-2743-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-017-2743-z