另外,透過本論文的研究發現,假如每個重加密後之密文可以綁定一個特定的權限,那麼委託者 (delegator) 透過代理人 (proxy) 的幫助就可以指定某個密文可被解密的被委託者 (delegatee) 身分,以此達到限制每把重加密金鑰 (re-encryption key) 可應用範圍以及管理所有可取得重加密密文對象的目的。值得注意的是,此研究成果除了提供有彈性地進行重加密權利委託之隱私強化存取控管,更提供針對原密文與重加密後之密文一體適用的解密演算法 (universal decryption);而且保證系統在面對選擇密文攻擊 (chosen-ciphertext attack) 時的不可分辨性 (indistinguishability)。 ;The debate on the issue of access control in literature is always enthusiastic and will never be suspended. Because the information provided by users during interaction with service providers may undermine their privacy. The users must risk being traced or even impersonated by corrupt service providers. Many recent authentication and authorization mechanisms of memberships are introduced to enrich the protection of privacy. Nevertheless, these mechanisms do not apply directly, because the defects regarding computational complexity and security. Besides, the security issues of key exposure attack and unauthorized re-encryption and the performance challenges have been extensively considered in proxy re-encryption systems for years. In this dissertation, not only the aforementioned mechanisms and its application scenarios are mentioned and discussed but also the corresponding countermeasures are proposed. The research orientation of this dissertation can be divided into two parts in substance: one is authentication and authorization of memberships; and the other one is flexible delegation control in proxy re-encryption systems.
For the part of membership authentication, anonymous credential systems and membership authentication systems are two common mechanisms. A user can prove to a verifier that he or she has been given an appropriate credential or membership in zero-knowledge. The verifier can verify the validity of the credential or membership while learning nothing about the user′s real identity. However, existing solutions consist of complicated cryptographic computations, thus, two efficiency-enhanced approaches are suggested for individual systems. For the part of membership authorization, dynamic accumulator is an important invention in which the authority can simply administer each member′s access right and provide differential services for individual groups. However, existing solutions are vulnerable to membership certificate impersonation. The suggested dynamic reversed accumulator can withstand this attack and performs more efficiently.
In addition, for the part of flexible delegation control, our research shows that if each of the re-encrypted ciphertexts is bound to a specific grant; the delegator can decide which of his or her ciphertexts can later be decrypted by a designated delegatee with the help of a semi-trusted proxy. In this way, the power of the re-encryption key is restrained and the re-encryption of all ciphertexts can be handled by the delegator. The suggested ID-based proxy re-encryption system provides a practical solution which has the advantages of flexible delegation control and universal decryption; and guarantees the system supply indistinguishability against chosen-ciphertext attack.
