Hierarchical Conditional Proxy Re-Encryption: A New Insight of Fine-Grained Secure Data Sharing

Outsource local data to remote cloud has become prevalence for Internet users to date. While being unable to "handle" (outsourced) data at hand, Internet users may concern about the confidentiality of data but also further operations over remote data. This paper deals with the case where a secure data sharing mechanism is needed when data is encrypted and stored in remote cloud. Proxy re-encryption (PRE) is a promising cryptographic tool for secure data sharing. It allows a "honest-but-curious" third party (e.g., cloud server), which we call "proxy", to convert all ciphertexts encrypted for a delegator into those intended for a delegatee. The delegatee can further gain access to the plaintexts with private key, while the proxy learns nothing about the underlying plaintexts. Being regarded as a general extension of PRE, conditional PRE supports a fine-grained level of data sharing. In particular, condition is embedded into ciphertext that offers a chance for the delegator to generate conditional re-encryption key to control with which ciphertexts he wants to share. In this paper, for the first time, we introduce a new notion, called "hierarchical conditional" PRE. The new notion allows re-encryption rights to be "re-delegated" for "low-level" encrypted data. We propose the seminal scheme satisfying the notion in the context of identity-based encryption and further, prove it secure against chosen-ciphertext security.