A proxy re-encryption method based on key shares

By combining a key share-based proxy re-encryption method with secret sharing technology, the security and scalability issues of traditional proxy re-encryption technology are solved, achieving more efficient data sharing and fine-grained access control.

CN119051959BActive Publication Date: 2026-06-09QUFU NORMAL UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
QUFU NORMAL UNIV
Filing Date
2024-09-06
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Traditional proxy re-encryption technology is vulnerable to key leakage and has poor security under large-scale data requests, making it difficult to achieve fine-grained access control and efficient data sharing.

Method used

A proxy re-encryption method based on key share is adopted, which integrates key share into the proxy re-encryption key generation process and combines secret sharing technology to improve security and flexibility.

Benefits of technology

It enhances the security and flexibility of re-encryption keys, and improves the security of data sharing and fine-grained access control under large-scale data requests.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN119051959B_ABST
    Figure CN119051959B_ABST
Patent Text Reader

Abstract

The present application relates to the field of information security and cryptography, in particular to a proxy re-encryption encryption method based on key shares. Proxy re-encryption is a key conversion mechanism between ciphertexts, specifically, a semi-trusted proxy converts the ciphertext encrypted by a data owner Alice into a ciphertext that can be decrypted by a data requester Bob, so that Bob obtains the plaintext information. In this process, the proxy cannot obtain any information about the plaintext, thereby ensuring data security and sharing flexibility. The method of the present application introduces a key distribution mechanism under the premise of ensuring security and correctness, and integrates the distributed key shares into the construction of the proxy re-encryption key, so that the proxy re-encryption scheme achieves a good balance in communication overhead and computing overhead, and therefore is significantly superior to the traditional proxy re-encryption method in performance.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of information security and cryptography, specifically to a proxy re-encryption method based on key share. Background Technology

[0002] In 1998, Blaze et al. formally defined the concept of proxy re-encryption for the first time. They proposed a proxy re-encryption scheme that uses a partially trusted proxy to convert ciphertext that only the data owner can decrypt into ciphertext that can also be decrypted by the data requester. They ensured that the proxy intermediary service provider could not obtain any specific information about the ciphertext during this process. Then, in 2005, Ateniese et al. proposed a new proxy re-encryption (PRE) scheme that could be applied to secure distributed storage, which brought proxy re-encryption technology back into the spotlight.

[0003] Proxy re-encryption technology has demonstrated its important role in various real-world applications, particularly in data sharing and access control, such as IoT device data management, medical data sharing, and digital rights management. Through proxy re-encryption, data owners can ensure that data remains encrypted during transmission and storage, while allowing authorized data requesters to securely access and share the data. However, traditional proxy re-encryption keys are constructed based on the data owner's private key and the data requester's public key. Key leakage can lead to data security and access control issues. Furthermore, how to achieve more secure data sharing and more granular access control in the face of large-scale data requests remains an unsolved problem. Summary of the Invention

[0004] To overcome the shortcomings of the aforementioned proxy re-encryption techniques, this invention provides a proxy re-encryption method based on key share.

[0005] The technical solution adopted by the present invention to solve its technical problem is: a proxy re-encryption method based on key share, comprising the following steps.

[0006] (1) System initialization

[0007] (2) Generate key and key share

[0008] (3) Data encryption

[0009] (4) Generation of proxy re-encryption keys

[0010] (5) Re-encryption stage

[0011] (6) Decryption

[0012] Compared with existing technologies, the beneficial effects of this invention are that it effectively combines the key distribution mechanism based on secret sharing technology with the proxy re-encryption technology, and integrates the key share into the generation process of the proxy re-encryption key. This not only improves the security and flexibility of the re-encryption key, but also enhances the data sharing security and fine-grained access control capabilities of the system under large-scale data requests. It solves the problems of poor security, inefficiency and difficulty in expansion of existing proxy re-encryption methods in practical applications. Attached Figure Description

[0013] The present invention will be further described below with reference to the accompanying drawings and embodiments. In the accompanying drawings:

[0014] Figure 1 This is an improved proxy re-encryption key generation diagram in this invention.

[0015] Figure 2 A comparison of the time performance of the improved proxy re-encryption method of this invention with that of traditional PRE at each stage of proxy re-encryption. Detailed Implementation

[0016] (1) System initialization:

[0017] (a) Take They are two prime numbers of order. Multiplication cyclic group, It is a multiplication cyclic group generators, bilinear mappings ;

[0018] (b) Randomly define 4 hash functions , , , , , , , ;

[0019] (c) Execution algorithm Generate common parameters for the system, among which .

[0020] (2) Generate key and key share:

[0021] (a) Input system common parameters And select a random number. The private key is calculated. Public key Data owner and data requesters Each person obtains their respective public / private key pair;

[0022] (b) In addition to the asymmetric key, the data owner also needs to generate a symmetric key. Used for key distribution;

[0023] (c) Data owner Choose a prime number ,set up = = Threshold , Random selection nonzero elements , element , implement Algorithm, Construction order polynomial:

[0024]

[0025] (d) Calculate the share value Ultimately, three key shares were obtained, namely A randomly selected key share value is sent to the data requester. Assuming the data requester The received key share is .

[0026] (3) Data encryption:

[0027] (a) To protect the data, it needs to be encrypted. Data owner Will be through encryption algorithm Its plaintext data Encrypt and select a random number. ,calculate ;

[0028] (b) Calculation

[0029]

[0030]

[0031]

[0032]

[0033]

[0034]

[0035] (c) Thus, the initially encrypted ciphertext is obtained. And send it to a semi-trusted proxy cloud server. Store it.

[0036] (4) Generate proxy re-encryption key:

[0037] (a) Data owner Combine your private key and data requesters Key share and its public key Generate conversion key ;

[0038] (b) Calculation

[0039]

[0040] .

[0041] (5) Proxy re-encryption phase:

[0042] (a) Data owner After generating the re-encryption key, it is sent to the semi-trusted proxy cloud server. It is responsible for completing the ciphertext conversion, that is, using the re-encryption key to convert the ciphertext... Convert to re-encrypted ciphertext ;

[0043] (b) Perform re-encryption operation

[0044]

[0045]

[0046]

[0047]

[0048]

[0049]

[0050]

[0051] (c) Generate re-encrypted ciphertext It can then be sent to the data requester. .

[0052] (6) Ciphertext Decryption:

[0053] (a) Data requester Obtain the converted ciphertext Then, use your own key share. and private key Decrypt it;

[0054] (b) Calculation

[0055]

[0056]

[0057]

[0058] (c) Finally, the data requester The data owner can be identified by decrypting the ciphertext. plaintext data .

Claims

1. A proxy re-encryption scheme based on key share, characterized in that, The specific implementation steps are as follows: (1) System initialization: (a) Take They are two prime numbers of order. Multiplication cyclic group, It is a multiplication cyclic group generators, bilinear mappings ; (b) Randomly define 4 hash functions , , , , , , , ; (c) Execution algorithm Generate common parameters for the system, among which ; (2) Generate key and key share: (a) Input system common parameters And select a random number. The private key is calculated. Public key Data owner and data requesters Each person obtains their respective public / private key pair; (b) In addition to the asymmetric key, the data owner also needs to generate a symmetric key. Used for key distribution; (c) Data owner Choose a prime number ,set up = = Threshold , Random selection nonzero elements , element , implement Algorithm, Construction order polynomial: ; (d) Calculate the share value Ultimately, three key shares were obtained, namely Randomly select a key share value and send it to the data requester. Assuming the data requester The received key share is ; (3) Data encryption: (a) To protect the data, it needs to be encrypted; the data owner Will be through encryption algorithm Its plaintext data Encrypt and select a random number. ,calculate ; (b) Calculation; (c) Thus, the initially encrypted ciphertext is obtained. And send it to a semi-trusted proxy cloud server. Store; (4) Generate proxy re-encryption key: (a) Data owner Combine your private key and data requesters Key share and its public key Generate conversion key ; (b) Calculation; ; (5) Proxy re-encryption phase: (a) Data owner After generating the re-encryption key, it is sent to the semi-trusted proxy cloud server. It is responsible for completing the ciphertext conversion, that is, using the re-encryption key to convert the ciphertext... Convert to re-encrypted ciphertext ; (b) Perform re-encryption operation (c) Generate re-encrypted ciphertext It can then be sent to the data requester. ; (6) Ciphertext Decryption: (a) Data requester Obtain the converted ciphertext Then, use your own key share. and private key Decrypt it; (b) Calculation (c) Finally, the data requester The data owner can be identified by decrypting the ciphertext. plaintext data .