In order to solve the challenges of user data security in the cloud computing (storage) environment, many encryption solutions with different features have been presented. Among them, proxy reencryption (PRE) based on public-key infrastructure (PKI) is a promising technology for secure cloud sharing. And identity-based proxy reencryption (IBPRE), which uses identity as the public key, eliminates burdensome certificate management and is, therefore, more preferable. However, most of the current IBPRE schemes only focus on the processing of data sharing while overlooking the functions of authorization revocation and ciphertext update, which are more closely related to the security of data itself. Moreover, the few existing schemes that involve ciphertext update turn out to be impractical because the length of ciphertext increases with the reencryption of ciphertext. In this paper, an improved IBPRE scheme, which provides improvements on the inadequacies of the scheme proposed by Ateniese et al. especially in terms of collusion safety and ciphertext evolution, is proposed. To the best of our knowledge, this is a practical IBPRE scheme integrating the functions of access authorization, delegation revocation, ciphertext update, reauthorization, and conditional reservation delegation. The proposed technique has high practicability in the scenario where a large number of ciphertexts need to be updated synchronously. Lastly, the comparative analysis and simulation results show that the two reencryption algorithms in the proposed scheme have the shortest computing time than other schemes.
Alternative Certificate Formats for the Public-Key Infrastructure Using X.509 (PKIX) Certificate Management Protocols
