Cloud-based data-sharing scheme using verifiable and CCA-secure re-encryption from indistinguishability obfuscation
A cloud-based re-encryption scheme allows a semi-trusted cloud proxy to convert a ciphertext under delegator's public-key into a ciphertext of delegatee's. However, for an untrusted cloud proxy, as the re-encryption program was outsourced on the cloud, the cloud can debug the program and might have illegal activities in practice, such as monitoring the program executing, returning an incorrect re-encryption ciphertext, or colluding with the participants to obtain the sensitive information. In this work, we propose a construction of cloud-based verifiable re-encryption by incorporating new cryptographic primitives of indistinguishability obfuscation and puncturable pseudorandom functions, which can achieve the master-secret security even if the proxy colludes with the delegatee. Furthermore, our scheme can provide the white-box security in re-encryption procedure to implement the sensitive-data protection in the presence of white-box access, and it resists on chosen-ciphertext attacks in both the first-level encryption and the second-level encryption. The decryption is very efficient since it only requires several symmetric PRF operations, which can be deployed and applied in the light-weight security device such as Mobile Phones (MPs), Wireless Body Area Networks (WBANs) and nodes in Internet-of-Things (IoTs).