Key-aggregate encryption (KAE) is a cryptographic technique suitable for data sharing in a secure manner for a wide range of application scenarios. Each ciphertext is associated with a distinct class index, and the owner can efficiently generate an aggregate key that grants access only to the selected classes without revealing information about others. Each user gets only a constant-size secret called the aggregate key, regardless of the number of data items for which the user is authorized. One of the important problems with conventional KAE schemes is that they do not support dynamic updates in access rights. In some of the early schemes, the cost of enforcing dynamic update is almost as much as the cost of initializing the whole cryptosystem. Furthermore, most of the dynamic KAE schemes enforce full user revocation. However, a much more practically applicable feature is to partially revoke the user for only a subset of data items in its authorization set. This paper proposes a novel provably secure cryptosystem called dynamic key-constant aggregate encryption (DKCAE) which securely and efficiently enforces partial revocation of a user for any given data class from its aggregate set. The proposed DKCAE scheme achieves this without updating any secret aggregate key(s) and consequently without needing any secure transmissions. The paper formally proves that the proposed DKCAE scheme is secure under the standard model assumption and the existence of target collision-resistant hash functions. A detailed theoretical and practical comparative analysis of performance further confirms that the proposed DKCAE scheme enforces dynamic access control more efficiently than other existing dynamic KAE schemes.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Dynamic Key-Constant Aggregate Encryption (DKCAE) for Secure Data Sharing in Contemporary Computing

  • Inarat Hussain,
  • Devrikh Jatav,
  • Gaurav Pareek,
  • B. R. Purushothama

摘要

Key-aggregate encryption (KAE) is a cryptographic technique suitable for data sharing in a secure manner for a wide range of application scenarios. Each ciphertext is associated with a distinct class index, and the owner can efficiently generate an aggregate key that grants access only to the selected classes without revealing information about others. Each user gets only a constant-size secret called the aggregate key, regardless of the number of data items for which the user is authorized. One of the important problems with conventional KAE schemes is that they do not support dynamic updates in access rights. In some of the early schemes, the cost of enforcing dynamic update is almost as much as the cost of initializing the whole cryptosystem. Furthermore, most of the dynamic KAE schemes enforce full user revocation. However, a much more practically applicable feature is to partially revoke the user for only a subset of data items in its authorization set. This paper proposes a novel provably secure cryptosystem called dynamic key-constant aggregate encryption (DKCAE) which securely and efficiently enforces partial revocation of a user for any given data class from its aggregate set. The proposed DKCAE scheme achieves this without updating any secret aggregate key(s) and consequently without needing any secure transmissions. The paper formally proves that the proposed DKCAE scheme is secure under the standard model assumption and the existence of target collision-resistant hash functions. A detailed theoretical and practical comparative analysis of performance further confirms that the proposed DKCAE scheme enforces dynamic access control more efficiently than other existing dynamic KAE schemes.