The cloud-based data sharing technology with cryptographic primitives enables data owners to outsource data into paradigms and privately share information with arbitrary recipients without geographic barriers. However, we argue that most of existing efforts for outsourced data sharing are either inefficient, inflexible, or incompletely secure due to the following problems: (1) lack of efficient strategies for dynamically designating target ciphertexts to multiple recipients; (2) how to hide the identity of the recipient and (3) how to verify the correctness of outsourced ciphertext transformation without any denial. To the best of our knowledge, no previous work has thoroughly explored the above three issues, motivating us to design such an efficient and comprehensively secure outsourced data sharing mechanism. We design VF-PPBA, the first Verifiable, Fair and Privacy-preserving Broadcast Authorization framework for flexible data sharing in clouds. In more detail, we first invent a new primitive, privacy-preserving multi-recipient broadcast proxy re-encryption (PPMR-BPRE), which enables the authorization of a given ciphertext to different recipients with efficient ciphertext transformation, and further guarantees that any malicious adversary deduces nothing about the identity of the recipient. Then, we present VF-PPBA for flexible data sharing with PPMR-BPRE as the underlying structure, which in addition to inheriting all the functionalities of PPMR-BPRE, is capable of supporting the verifiability of the outcome correctness of the outsourced conversion task, and being immune to the malicious accusation if the outsourcing outcome is correctly completed. We formalize the adversarial models and render comprehensively strict security proofs to prove the security of our proposed solutions. Its performance is also validated via experimental simulations to showcase the practicability and effectiveness.
|Number of pages
|IEEE Transactions on Information Forensics and Security
|Published - 2023