An Identity-Based Proxy Re-Encryption Scheme With Single-Hop Conditional Delegation and Multi-Hop Ciphertext Evolution for Secure Cloud Data Sharing

Proxy re-encryption (PRE) provides a promising solution for applications requiring efficient and secure ciphertext conversion, such as secure cloud data sharing. While the one with the function of ciphertext evolution is more desirable for some long-term schemes involving key update. Recently, Yao et al. constructed an identity-based conditional proxy re-encryption scheme simultaneously supporting authorization and ciphertext evolution. However, its delegated ciphertext can be re-authorized, which may cause the authorization to exceed the original delegator's expectation. In contrast, the single-hop PRE authorization scheme may be more appropriate for systems requiring better control over authorization. In this paper, an identity-based proxy re-encryption scheme with single-hop conditional delegation and multi-hop ciphertext evolution (IBPRE-SHCD-MHCE) is proposed. Also, its description, construction, and security analysis are given. The analysis and experimental comparison results show that the proposed scheme has improved the computational efficiency and storage consumption compared with the two underlying schemes.