[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article
Public Access

Fast Proxy Re-Encryption for Publish/Subscribe Systems

Published: 20 September 2017 Publication History

Abstract

We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption.
We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BV-PRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations.

References

[1]
Martin Albrecht, Shi Bai, and Léo Ducas. 2016. A subfield lattice attack on overstretched NTRU assumptions. In Cryptology (CRYPTO’16). Springer, Berlin, 153--178.
[2]
Yoshinori Aono, Xavier Boyen, Le Trieu Phong, and Lihua Wang. 2013. Key-private proxy re-encryption under LWE. In Progress in Cryptology (INDOCRYPT’13). Springer, 1--18.
[3]
Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2006. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security (TISSEC) 9, 1 (2006), 1--30.
[4]
Aydin Aysu, Cameron Patterson, and Patrick Schaumont. 2013. Low-cost and area-efficient FPGA implementations of lattice-based cryptography. In 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST’13). 81--86.
[5]
Matt Blaze, Gerrit Bleumer, and Martin Strauss. 1998. Divertible protocols and atomic proxy cryptography. In Advances in Cryptology (EUROCRYPT’98). Springer, 127--144.
[6]
Joppe W. Bos, Kristin Lauter, Jake Loftus, and Michael Naehrig. 2013. Improved security for a ring-based fully homomorphic encryption scheme. In Cryptography and Coding, Martijn Stam (Ed.). Lecture Notes in Computer Science, Vol. 8308. Springer, Berlin, 45--64.
[7]
Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2014. (Leveled) fully homomorphic encryption without bootstrapping. ACM Transactions on Computation Theory (TOCT) 6, 3 (2014), 13.
[8]
Zvika Brakerski and Vinod Vaikuntanathan. 2011b. Efficient fully homomorphic encryption from (standard) LWE. In Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS’11). IEEE Computer Society, Washington, DC, 97--106.
[9]
Zvika Brakerski and Vinod Vaikuntanathan. 2011a. Fully homomorphic encryption from ring-LWE and security for key dependent messages. In Advances In Cryptology (CRYPTO’11). 505--524.
[10]
Johannes Buchmann, Florian Göpfert, Tim Güneysu, Tobias Oder, and Thomas Pöppelmann. 2016. High-performance and lightweight lattice-based public-key encryption. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security (IoTPTS’16). 2--9.
[11]
Ran Canetti and Susan Hohenberger. 2007. Chosen-ciphertext secure proxy re-encryption. In Proceedings of the 2007 ACM Conference on Computer and Communications Security, (CCS’07), Peng Ning, Sabrina De Capitani di Vimercati, and Paul F. Syverson (Eds.). ACM, 185--194.
[12]
Yuanmi Chen and Phong Q. Nguyen. 2011. BKZ 2.0: Better lattice security estimates. In Advances In Cryptology (ASIACRYPT’11). Vol. 7073. Springer, 1--20.
[13]
Jung Hee Cheon, Jinhyuck Jeong, and Changmin Lee. 2016. An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS Journal of Computation and Mathematics 19 (2016), 255--266. Issue Special Issue A.
[14]
Jean-François Dhem and Jean-Jacques Quisquater. 2000. Recent results on modular multiplications for smart cards. In Smart Card Research and Applications, Jean-Jacques Quisquater and Bruce Schneier (Eds.). Lecture Notes in Computer Science, Vol. 1820. Springer, Berlin, 336--352.
[15]
Junfeng Fan and Frederik Vercauteren. 2012. Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2012/144. http://eprint.iacr.org/2012/144.
[16]
Xiong Fan and Feng-Hao Liu. 2016. Various proxy re-encryption schemes from lattices. Cryptology ePrint Archive, Report 2016/278. http://eprint.iacr.org/2016/278.
[17]
Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University, Stanford, CA. Advisor(s) Boneh, Dan. AAI3382729.
[18]
Craig Gentry, Shai Halevi, and Nigel Smart. 2012. Homomorphic evaluation of the AES circuit. In Advances in Cryptology (CRYPTO’12), Reihaneh Safavi-Naini and Ran Canetti (Eds.). Lecture Notes in Computer Science, Vol. 7417. Springer, Berlin, 850--867.
[19]
Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 1998. NTRU: A ring-based public key cryptosystem. In Algorithmic Number Theory, Joe P. Buhler (Ed.). Lecture Notes in Computer Science, Vol. 1423. Springer, Berlin, 267--288.
[20]
Anca-Andreea Ivan and Yevgeniy Dodis. 2003. Proxy cryptography revisited. In Proceedings of the Network and Distributed System Security Symposium (NDSS’03).
[21]
Elena Kirshanova. 2014. Proxy re-encryption from lattices. In Public-Key Cryptography (PKC’14). Springer, 77--94.
[22]
Richard Lindner and Chris Peikert. 2011. Better key sizes (and attacks) for LWE-based encryption. In CT-RSA. 319--339.
[23]
Zhe Liu, Hwajeong Seo, Sujoy Sinha Roy, Johann Großschädl, Howon Kim, and Ingrid Verbauwhede. 2015. Efficient Ring-LWE Encryption on 8-Bit AVR Processors. Springer, Berlin, 663--682.
[24]
Adriana López-Alt, Eran Tromer, and Vinod Vaikuntanathan. 2013. Multikey fully homomorphic encryption and on-the-fly multiparty computation. IACR Cryptology ePrint Archive 2013 (2013), 94. http://eprint.iacr.org/2013/094 Full Version of the STOC 2012 paper with the same title.
[25]
Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2010. On ideal lattices and learning with errors over rings. In Advances In Cryptology (EUROCRYPT’10). Springer, Berlin, 1--23.
[26]
Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013. A toolkit for ring-LWE cryptography. In Advances In Cryptology (EUROCRYPT’13). Springer, Berlin, 35--54.
[27]
Daniele Micciancio. 2010. Duality in lattice cryptography. In Public Key Cryptography (PKC’10). Invited talk.
[28]
Daniele Micciancio. 2011. Lattice-based cryptography. In Encyclopedia of Cryptography and Security. Springer, 713--715.
[29]
Daniele Micciancio and Chris Peikert. 2012. Trapdoors for lattices: Simpler, tighter, faster, smaller. In Advances In Cryptology (EUROCRYPT’12). 700--718.
[30]
Daniele Micciancio and Oded Regev. 2007. Worst-case to average-case reductions based on gaussian measures. SIAM Journal on Computing 37, 1 (2007), 267--302. Preliminary version in FOCS 2004.
[31]
Daniele Micciancio and Oded Regev. 2009. Lattice-based cryptography. In Post Quantum Cryptography. Springer, 147--191.
[32]
David Nuñez, Isaac Agudo, and Javier Lopez. 2015. NTRUReEncrypt: An efficient proxy re-encryption scheme based on NTRU. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS’15). 179--189.
[33]
Chris Peikert. 2010. An efficient and parallel gaussian sampler for lattices. In Advances in Cryptology (CRYPTO’10), Tal Rabin (Ed.). Lecture Notes in Computer Science, Vol. 6223. Springer, Berlin, 80--97.
[34]
Le Trieu Phong, Lihua Wang, Yoshinori Aono, Manh Ha Nguyen, and Xavier Boyen. 2016. Proxy re-encryption schemes with key privacy from LWE. Cryptology ePrint Archive, Report 2016/327. (2016). http://eprint.iacr.org/2016/327.
[35]
Oded Regev. 2004. Quantum computation and lattice problems. SIAM Journal on Computing 33, 3 (2004), 738--760. Preliminary version in FOCS 2002.
[36]
Damien Stehlé and Ron Steinfeld. 2011. Making NTRU as secure as worst-case problems over ideal lattices. In Advances in Cryptology (EUROCRYPT’11), Kenneth G. Paterson (Ed.). Lecture Notes in Computer Science, Vol. 6632. Springer, Berlin, 27--47.
[37]
Joop van de Pol. 2012. Quantifying the security of lattice-based cryptosystems in practice. In Mathematical and Statistical Aspects of Cryptography.

Cited By

View all
  • (2024)Post-quantum secure and efficient outsourced machine learningFourth International Conference on Machine Learning and Computer Application (ICMLCA 2023)10.1117/12.3029427(150)Online publication date: 22-May-2024
  • (2024)Public Trace-and-Revoke Proxy Re-Encryption for Secure Data Sharing in CloudsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.335724019(2919-2934)Online publication date: 1-Jan-2024
  • (2024)REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.335381121:5(4526-4542)Online publication date: 1-Sep-2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security
ACM Transactions on Privacy and Security  Volume 20, Issue 4
November 2017
150 pages
ISSN:2471-2566
EISSN:2471-2574
DOI:10.1145/3143524
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 September 2017
Accepted: 01 June 2017
Revised: 01 May 2017
Received: 01 December 2015
Published in TOPS Volume 20, Issue 4

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Proxy re-encryption
  2. delegating access control
  3. lattice encryption
  4. software engineering

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

  • Army Research Laboratory (ARL)
  • Intelligence Advanced Research Projects Activity (IARPA)
  • NSF
  • Simons Investigator Award Agreement
  • Alfred P. Sloan Research Fellowship, the Microsoft Faculty Fellowship, the NEC Corporation, and a Steven and Renee Finn Career Development Chair from MIT
  • Office of the Director of National Intelligence (ODNI)
  • Defense Advanced Research Projects Agency (DARPA)
  • National Security Agency

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)204
  • Downloads (Last 6 weeks)29
Reflects downloads up to 02 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Post-quantum secure and efficient outsourced machine learningFourth International Conference on Machine Learning and Computer Application (ICMLCA 2023)10.1117/12.3029427(150)Online publication date: 22-May-2024
  • (2024)Public Trace-and-Revoke Proxy Re-Encryption for Secure Data Sharing in CloudsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.335724019(2919-2934)Online publication date: 1-Jan-2024
  • (2024)REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.335381121:5(4526-4542)Online publication date: 1-Sep-2024
  • (2024)A Robust and Lightweight Privacy-Preserving Data Aggregation Scheme for Smart GridIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325259321:1(270-283)Online publication date: 1-Jan-2024
  • (2024)FairCMS: Cloud Media Sharing With Fair Copyright ProtectionIEEE Transactions on Computational Social Systems10.1109/TCSS.2024.337445211:5(6192-6209)Online publication date: Oct-2024
  • (2024)Two-Level Identity-Based Encryption Scheme for Internet of Things2024 36th Chinese Control and Decision Conference (CCDC)10.1109/CCDC62350.2024.10587528(3870-3875)Online publication date: 25-May-2024
  • (2024)A Novel Proxy Re-Encryption Technique for Secure Data Sharing in Cloud Environment2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems (ADICS)10.1109/ADICS58448.2024.10533626(1-5)Online publication date: 18-Apr-2024
  • (2024)A trusted and regulated data trading scheme based on blockchain and zero‐knowledge proofIET Blockchain10.1049/blc2.120704:4(443-455)Online publication date: 5-Dec-2024
  • (2024)Improved AB-CPREs with Revocability and HRA Security under LWEIET Information Security10.1049/2024/43338832024Online publication date: 1-Jan-2024
  • (2024)Certificateless Proxy Re-encryption with Cryptographic Reverse Firewalls for Secure Cloud Data SharingFuture Generation Computer Systems10.1016/j.future.2024.08.002Online publication date: Aug-2024
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media