An Improved Cloud-Based Revocable Identity-Based Proxy Re-encryption Scheme

Key revocation and ciphertext update are two prominent security requirements for identity-based encryption systems from a practical view. Several solutions to offer efficient key revocation or ciphertext update for identity-based encryption systems have been proposed in the literature. However, how to achieve both key revocation and ciphertext update functionalities simultaneously in identity-based encryption systems is still an open problem. Recently, Liang et al. introduce the notion of cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme with the aim to achieve both ciphertext update and key revocation functionalities, and present a CR-IB-PRE scheme from bilinear pairings. In this paper, we first showed Liang et al.’s scheme has serious security pitfalls such as re-encryption key forgery and collusion attack, which lead to revoked users can decrypt any ciphertext regarding their identities at any time period. We then redefined the syntax and security model of CR-IB-PRE scheme and proposed an improved CR-IB-PRE scheme from bilinear pairings. The improved scheme not only achieves collusion resistance, but also takes lower decryption computation and achieves constant size re-encrypted ciphtertext. Finally, we proved the improved CR-IB-PRE scheme is adaptively secure in the standard model under DBDH assumption.