Efficient Multi-receiver Certificate-Based Proxy Re-encryption Plus Scheme for Cloud Data Sharing
摘要
Cloud storage data sharing represents a fundamental capability of modern cloud computing, yet raises critical concerns regarding data confidentiality and privacy in untrusted environments. While proxy re-encryption (PRE) enables secure delegation of decryption rights, existing schemes face three major limitations: inability to prevent unauthorized key redistribution, inefficient support for multiple receivers, and lack of fine-grained message-level access control. This paper presents MR-CBPRE \(^{+}\) , a novel Certificate-Based Multi-Receiver Proxy Re-Encryption Plus scheme that simultaneously addresses these challenges through three key innovations: a non-transferable delegation mechanism preventing malicious proxy-key redistribution, an efficient single-rekey multi-receiver architecture reducing computational and communication costs, and messagelevel conditional access control implemented through ephemeral randomness binding. The scheme’s IND-CCA security is formally proven under the \((q,n+1,f,g)-GDDHE\) assumption in the random oracle model. Comprehensive performance evaluations demonstrate that MR-CBPRE \(^{+}\) achieves \(37\% \) lower computational cost during re-encryption and \(28\% \) smaller ciphertext size compared to state-of-the-art multi-receiver PRE schemes while maintaining critical security features. Implementation results show practical execution times of \(42\;ms\) for 10-receiver scenarios on standard hardware, advancing the practical deployment of secure cloud data sharing systems as the first certificate-based solution combining multi-receiver efficiency with strong non-transferability guarantees and fine-grained access control.