Broadcast Proxy Reencryption Based on Certificateless Public Key Cryptography for Secure Data Sharing

Broadcast proxy reencryption (BPRE), which combines broadcast encryption (BE) and proxy reencryption (PRE), is a technology used for the redistribution of data uploaded on the cloud to multiple users. BPRE reencrypts data encrypted by the distributor and then uploads it to the cloud into a ciphertext that at a later stage targets multiple recipients. As a result of this, flexible data sharing is possible for multiple recipients. However, various inefficiencies and vulnerabilities of the BE, such as the recipient anonymity problem and the key escrow problem, also creep into BPRE. Our aim in this study was to address this problem of the existing BPRE technology. The partial key verification problem that appeared in the process of solving the key escrow problem was solved, and the computational efficiency was improved by not using bilinear pairing, which requires a lot of computation time.

Efficient Identity-Based Broadcast Encryption Scheme on Lattices for the Internet of Things

In an identity-based broadcast encryption (IBBE) scheme, the ciphertext is usually appended with a set of user identities to specify intended recipients. However, as IBBE is adopted in extensive industries, the demand of anonymity for specific scenarios such as military applications is urgent and ought no more to be ignored. On the contrary, how to optimize computation and communication is an unavoidable challenge in the IBBE scheme construction, especially in the large-scaled resource-limited wireless networks such as the Internet of Things (IoT), where the cost of computation and communication should be mitigated as much as possible since other functions including connectivity and privacy should be given the top priority. Thus, we present an IBBE scheme from the lattice, in which we employ the Chinese remainder theorem and lattice basis delegation in fixed dimensions to obtain several desirable characteristics, such as constant-size public parameter, private key, and ciphertext. In addition, our encryption and decryption algorithms are more efficient than broadcast encryption (BE) schemes based on number-theoretic problems. To be noticed, our scheme can simultaneously achieve confidentiality and outsider anonymity against the chosen-plaintext attack under the hardness of the learning with error (LWE) problem.

Hierarchical Identity-based Broadcast Cryptography and its Application in Blockchain

Blockchain as an emerging cryptographic database technology has gained wide attention in many directions. Among them, data security is one of the hot spots of research in blockchain. In this paper, we first analyze the security problems of blockchain and then propose to solve them with hierarchical identity-based broadcast encryption (HIBBE). HIBBE, as a variant of hierarchical identity-based cryptography, can effectively improve the data security. HIBBE has all the characteristics of hierarchical identity-based cryptography, so it has potential in decentralized application scenarios. Then we made an overview of the several existing HIBBE scheme. This paper also gives a formal definition of HIBBE and concludes with the research direction of HIBBE-based blockchain.

Anonymous Certificate-Based Inner Product Broadcast Encryption

Broadcast encryption scheme enables a sender distribute the confidential content to a certain set of intended recipients. It has been applied in cloud computing, TV broadcasts, and many other scenarios. Inner product broadcast encryption takes merits of both broadcast encryption and inner product encryption. However, it is crucial to reduce the computation cost and to take the recipient’s privacy into consideration in the inner product broadcast encryption scheme. In order to address these problems, we focus on constructing a secure and practical inner product broadcast encryption scheme in this paper. First, we build an anonymous certificate-based inner product broadcast encryption scheme. Especially, we give the concrete construction and security analysis. Second, compared with the existing inner product broadcast encryption schemes, the proposed scheme has an advantage of anonymity. Security proofs show that the proposed scheme achieves confidentiality and anonymity against adaptive chosen-ciphertext attacks. Finally, we implement the proposed anonymous inner product broadcast encryption scheme and evaluate its performance. Test results show that the proposed scheme supports faster decryption operations and has higher efficiency.

Privacy-Enhancing k-Nearest Neighbors Search over Mobile Social Networks

Focusing on the diversified demands of location privacy in mobile social networks (MSNs), we propose a privacy-enhancing k-nearest neighbors search scheme over MSNs. First, we construct a dual-server architecture that incorporates location privacy and fine-grained access control. Under the above architecture, we design a lightweight location encryption algorithm to achieve a minimal cost to the user. We also propose a location re-encryption protocol and an encrypted location search protocol based on secure multi-party computation and homomorphic encryption mechanism, which achieve accurate and secure k-nearest friends retrieval. Moreover, to satisfy fine-grained access control requirements, we propose a dynamic friends management mechanism based on public-key broadcast encryption. It enables users to grant/revoke others’ search right without updating their friends’ keys, realizing constant-time authentication. Security analysis shows that the proposed scheme satisfies adaptive L-semantic security and revocation security under a random oracle model. In terms of performance, compared with the related works with single server architecture, the proposed scheme reduces the leakage of the location information, search pattern and the user–server communication cost. Our results show that a decentralized and end-to-end encrypted k-nearest neighbors search over MSNs is not only possible in theory, but also feasible in real-world MSNs collaboration deployment with resource-constrained mobile devices and highly iterative location update demands.

Location-sharing protocol for privacy protection in mobile online social networks

Location-based services are becoming more and more popular in mobile online social networks (mOSNs) for smart cities, but users’ privacy also has aroused widespread concern, such as locations, friend sets and other private information. At present, many protocols have been proposed, but these protocols are inefficient and ignore some security risks. In the paper, we present a new location-sharing protocol, which solves two issues by using symmetric/asymmetric encryption properly. We adopt the following methods to reduce the communication and computation costs: only setting up one location server; connecting social network server and location server directly instead of through cellular towers; avoiding broadcast encryption. We introduce dummy identities to protect users’ identity privacy, and prevent location server from inferring users’ activity tracks by updating dummy identities in time. The details of security and performance analysis with related protocols show that our protocol enjoys two advantages: (1) it’s more efficient than related protocols, which greatly reduces the computation and communication costs; (2) it satisfies all security goals; however, most previous protocols only meet some security goals.