| dc.contributor.author | Polyakov, Yuriy | |
| dc.contributor.author | Rohloff, Kurt | |
| dc.contributor.author | Sahu, Gyana | |
| dc.contributor.author | Vaikuntanathan, Vinod | |
| dc.date.accessioned | 2021-10-27T20:34:57Z | |
| dc.date.available | 2021-10-27T20:34:57Z | |
| dc.date.issued | 2017 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/136343 | |
| dc.description.abstract | © 2017 ACM. We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption. We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BVPRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations. | |
| dc.language.iso | en | |
| dc.publisher | Association for Computing Machinery (ACM) | |
| dc.relation.isversionof | 10.1145/3128607 | |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | |
| dc.source | Other repository | |
| dc.title | Fast Proxy Re-Encryption for Publish/Subscribe Systems | |
| dc.type | Article | |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | |
| dc.relation.journal | ACM Transactions on Privacy and Security | |
| dc.eprint.version | Author's final manuscript | |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | |
| dc.date.updated | 2019-07-09T15:50:41Z | |
| dspace.orderedauthors | Polyakov, Y; Rohloff, K; Sahu, G; Vaikuntanathan, V | |
| dspace.date.submission | 2019-07-09T15:50:42Z | |
| mit.journal.volume | 20 | |
| mit.journal.issue | 4 | |
| mit.metadata.status | Authority Work and Publication Information Needed | |
