Proactive threshold-proxy re-encryption scheme for secure data sharing on cloud

Cloud-based data sharing addresses the limited storage availability problem for resource-constrained users albeit at the cost of privacy and the need for access control mechanism. However, most of the techniques for secure data sharing with high access control are computationally intensive. Proxy re-encryption scheme is computationally light and provides secure cloud-based data sharing. Proxy re-encryption has a single semi-trust proxy for all intermediate re-encryption processes, which makes it a single point of failure and vulnerable to several attacks. In this paper, we propose, PB-TPRE, a threshold proxy re-encryption with the proactive property. The shares of re-encryption keys are sent to all proxies using shamir secret sharing. The shares may be leaked with passage of time or whenever any proxy leaves or joins the network, then, the secret needs to be change. The proactive property in threshold proxy re-encryption helps renew the shares without changing the secret. PB-TPRE scheme is collusion resistant against the proxies, users and cloud. We present a concrete construction for PB-TPRE that satisfies indistinguishability under chosen-plaintext attacks with a random oracle model and formally proves its security. We compared and discussed PB-TPRE scheme with other threshold proxy re-encryption schemes and found it to be efficient and secure for cloud-based data sharing applications.