Conditional Proxy Re-Encryption-Based Key Sharing Mechanism for Clustered Federated Learning
Abstract
:1. Introduction
- In this paper, a key distribution and management scheme is proposed based on proxy re-encryption to ensure the privacy of homomorphic encryption key storage and sharing in cluster federated learning. The scheme employs a fine-grained strategy and provides a framework model and a security model.
- This paper uses a bilinear pair accumulator to implement integrity verification of homomorphic encryption keys and evaluates the effectiveness of the proposed scheme.
2. Related Work
2.1. Proxy Re-Encryption
2.2. Cryptographic Accumulator
3. Preliminaries
3.1. Bilinear Map**
- for all and .
- .
3.2. The N-BDHE Presupposition
3.3. The Q-SDH Presupposition
3.4. Tag Index Table
4. Scheme
4.1. Overview
4.2. Re-Encryption Construction
- : Let us generate a set of instructions for constructing a bilinear map parameter and message . Start by stochastically selecting and from and Z from D. Assign for . Introduce and as collision-resistant hash functions. Calculate . The output will be the public key and the main secret key , defined as , .
- : The private key of user i is .
- : To securely encrypt information for a user-set based on the prerequisite set W, the encrypt function is employed. First, a random selection of and is made. The initial ciphertext consists of six components from Equation (7) to Equation (10), including . These components include not only the encrypted information but also the part used to construct the re-cipher key Equation (15). The resulting ciphertext is denoted as .
- : The following definitions are made: q represents the polynomial, x is a non-leaf node, is the tree, r is the root node, and expresses the degree of the root of the tree. Given the inputs , , and , we proceed with the following steps. Firstly, we stochastically select and a for each x in the . The process begins at the r and is used to opt for the polynomials in a top-down manner. is described as follows: for each node x, the is set with a degree of . The is set to . For other x, we set to , and then stochastically opt for the remaining coefficients to completely define the polynomial . We set for each x. Now, let us calculate the re-encryption key in Equation (15) for the agent:Choose a random value and calculate it: .Selects stochastic value and sets:Output the re-cipher key which is used to encrypt the ciphtext C into the cryptographic text Equation (21) that can be decrypted by others’ private keys in the group:
- : Enter a and a C. Verify if the equations below hold:Equations (16)–(18) are used to verify the integrity of ciphertext C.In the event that any of the aforementioned equations fail to hold, the output will be ⊥. Conversely, a recursive algorithm named is introduced to process the initial C, the , and the note x within the tree.
- When it comes to leaf x, if , let , then. Otherwise, output ⊥.
- In the case where x represents a non-leaf node, the recursive procedureis called by all descendent nodes z of ancestor nodes x, and the resulting outcome is stored as . Let denote a random selection of children nodes z with a size of , ensuring that . If the condition is not satisfied, returns the value ⊥. However, if a satisfactory set can be formed, then the following computation is carried out using the Lagrange coefficient generated in Equation (6) and the result of :In the end, using Equation (19) to calculate :The ciphertext C is re-encrypted into re-cipher :
The original ciphertext C can be decrypted by user i’s private and the re-cipher can be decrypted by user j’s private key . If the result of and is equal, then the re-encryption succeed. - : Enter a and a with the following program:
- Calculates . If hold, returns .
- : Enter a and a with the following program:
- Checks the equations:Equations (22) and (23) are used to verify the integrity of re-cipher . Success goes to the next step while failure returns ⊥.
- Calculate , if , output . Success goes to the next step while failure returns ⊥.
- Calculate . If , output . Otherwise, returns ⊥ and call off.
- If represents the initial ciphertext, then the following conditions apply:
- If represents the re-encrypted ciphertext, then the following conditions apply:It is eventually feasible of calculating:
4.3. Integrity Verification Construction
- Construct bilinear map tuple and . Randomly select .
- Divide the data C into n copies, which is . Then, each data block corresponds to a label , where i is the segment index. Store each label in afterward.
- Add tags to the corresponding ciphertext segment , generate a data block , and calculate the accumulated value of the data block .
- Generate and outsource them to the provider.
- The provider calculates , where s represents the unknown number and represents the coefficient of s. Finally, obtain .
- The witness calculates the challenge block: .
- The cloud storage provider sends to the trusted witness.
- The witness first checks . In case the preceding equation fails to satisfy, an error symbol ⊥ should be outputted. If the equation holds, then proceed with the subsequent instructions.
- The witness retrieves the data segment and its associated indicator from the challenged block. Then, using and , the witness calculates .
- Verify .
5. Proof of Security
5.1. Ind-Cca Security
- : After verifying that i is not an element of , proceeds to check . If the tuple is present in , will provide H with the corresponding . However, if the tuple does not exist, then will generate a biased coin with a probability of equal to .
- -
- If , then termination.
- -
- If , then calculates the following equation to obtain the private key of user i in :
- : Set , , and . ensures that there are no tuples in of the form , where ∗ is a placeholder. If such a tuple is found, terminates the process. However, if there exists a tuple in , returns the value of . If neither of these conditions is met, then proceeds with the following steps:Suppose there is a tuple present in . In that case, employs to create the re-cipher key using the algorithm, following the same procedure as in the actual scheme. then provides the re-cipher key to H, includes in , and randomly selects and R during the algorithm.Alternatively, employs a biased coin to make a decision. If equals 1, interacts with to obtain . Subsequently, generates the re-encryption key using the algorithm, returns it to H, and adds and to and , respectively. In the case where equals 0, sets for randomly selected and from D. Next, constructs and selects and R. Finally, forwards the re-cipher key to H and then appends to .
- : executes the subsequent procedures:In the presence of in , encrypts as C using the encrypt function. If equals 1, then employs the re-encryption key to generate through the . Following this, appends to and returns to H.If is not found in , initiates an query to acquire the re-encryption key . Subsequently, generates and includes in the .
- : performs a validation check to confirm the fulfillment of Equations (16)∼(18). If these equations are unsatisfied, then outputs ⊥. Otherwise, B proceeds with the following steps:If there is an entry in , then utilizes to retrieve .In the absence of in , B initiates an query to acquire and applies to restore .
- : validates the validity of Equations (22) and (23). If the aforementioned formulas are invalid, then outputs ⊥ and terminates. If they hold, then continues with the following steps:If there is an entry in , then utilizes to retrieve .In the absence of in , B initiates an query to acquire and applies to restore .
5.2. Attack Prevention
6. Performance
6.1. Performance of PBRE
6.2. Performance of Integrity Verification
7. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Yin, C.; ** and blockchain-based privacy-preserving and data sharing scheme for smart grid. Int. J. Netw. Secur. 2023, 25, 151–160. [Google Scholar]
- Ge, C.; Susilo, W.; Baek, J.; Liu, Z.; **a, J.; Fang, L. A verifiable and fair attribute-based proxy re-encryption scheme for data sharing in clouds. IEEE Trans. Dependable Secur. Comput. 2021, 19, 2907–2919. [Google Scholar] [CrossRef]
- Ren, Y.; Huang, D.; Wang, W.; Yu, X. BSMD: A blockchain-based secure storage mechanism for big spatio-temporal data. Future Gener. Comput. Syst. 2023, 138, 328–338. [Google Scholar] [CrossRef]
- Blaze, M.; Bleumer, G.; Strauss, M. Divertible protocols and atomic proxy cryptography. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Espoo, Finland, 31 May–4 June 1998; pp. 127–144. [Google Scholar]
- Weng, J.; Deng, R.H.; Ding, X.; Chu, C.K.; Lai, J. Conditional proxy re-encryption secure against chosen-ciphertext attack. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, Sydney, Australia, 10–12 March 2009; pp. 322–332. [Google Scholar]
- Fang, G.; Sun, Y.; Almutiq, M.; Zhou, W.; Zhao, Y.; Ren, Y. Distributed Medical Data Storage Mechanism Based on Proof of Retrievability and Vector Commitment for Metaverse Services. IEEE J. Biomed. Health Inform. 2023; early access. [Google Scholar]
- Chu, C.K.; Weng, J.; Chow, S.S.; Zhou, J.; Deng, R.H. Conditional proxy broadcast re-encryption. In Proceedings of the Information Security and Privacy: 14th Australasian Conference, ACISP 2009, Proceedings 14, Brisbane, Australia, 1–3 July 2009; pp. 327–342. [Google Scholar]
- Liu, Y.; Ren, Y.; Ge, C.; **a, J.; Wang, Q. A CCA-secure multi-conditional proxy broadcast re-encryption scheme for cloud storage system. J. Inf. Secur. Appl. 2019, 47, 125–131. [Google Scholar] [CrossRef]
- Ren, Y.; Qi, J.; Liu, Y.; Wang, J.; Kim, G.J. Integrity verification mechanism of sensor data based on bilinear map accumulator. ACM Trans. Internet Technol. (TOIT) 2021, 21, 1–19. [Google Scholar] [CrossRef]
- Ge, C.; Liu, Z.; **a, J.; Fang, L. Revocable identity-based broadcast proxy re-encryption for data sharing in clouds. IEEE Trans. Dependable Secur. Comput. 2019, 18, 1214–1226. [Google Scholar] [CrossRef]
- Weng, J.; Chen, M.; Yang, Y.; Deng, R.; Chen, K.; Bao, F. CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles. Sci. China Inf. Sci. 2010, 53, 593–606. [Google Scholar] [CrossRef]
- Borcea, C.; Polyakov, Y.; Rohloff, K.; Ryan, G. PICADOR: End-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption. Future Gener. Comput. Syst. 2017, 71, 177–191. [Google Scholar] [CrossRef]
- Benaloh, J.; de Mare, M.; Accumulators, O.W. A Decentralized Alternative to Digital Signatures. In Proceedings of the Advances in Cryptology-Proceedings of Eurocrypt, Perugia, Italy, 9–12 May 1994; Volume 93. [Google Scholar]
- Miers, I.; Garman, C.; Green, M.; Rubin, A.D. Zerocoin: Anonymous distributed e-cash from bitcoin. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, IEEE, Berkeley, CA, USA, 19–22 May 2013; pp. 397–411. [Google Scholar]
- Ren, Y.; Lv, Z.; **ong, N.N.; Wang, J. HCNCT:A Cross-chain Interaction Scheme for the Blockchain-based Metaverse. ACM Trans. Multimed. Comput. Commun. Appl. 2023; accepted. [Google Scholar] [CrossRef]
- Wang, J.; Gao, Y.; Liu, W.; Wu, W.; Lim, S.J. An Asynchronous Clustering and Mobile Data Gathering Schema Based on Timer Mechanism in Wireless Sensor Networks. Comput. Mater. Contin. 2019, 58, 711–725. [Google Scholar] [CrossRef]
- Wang, J.; Ju, C.; Gao, Y.; Sangaiah, A.K.; Kim, G.J. A PSO based energy efficient coverage control algorithm for wireless sensor networks. Comput. Mater. Contin. 2018, 56, 433–446. [Google Scholar]
- Ren, Y.; Zhu, F.; Sharma, P.K.; Wang, T.; Wang, J.; Alfarraj, O.; Tolba, A. Data query mechanism based on hash computing power of blockchain in internet of things. Sensors 2019, 20, 207. [Google Scholar] [CrossRef] [PubMed]
- Ge, C.; Susilo, W.; Liu, Z.; **a, J.; Szalachowski, P.; Fang, L. Secure keyword search and data sharing mechanism for cloud computing. IEEE Trans. Dependable Secur. Comput. 2020, 18, 2787–2800. [Google Scholar] [CrossRef]
- Barić, N.; Pfitzmann, B. Collision-free accumulators and fail-stop signature schemes without trees. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Konstanz, Germany, 11–15 May 1997; pp. 480–494. [Google Scholar]
- Camenisch, J.; Lysyanskaya, A. Dynamic accumulators and application to efficient revocation of anonymous credentials. In Proceedings of the Advances in Cryptology—CRYPTO 2002: 22nd Annual International Cryptology Conference, Proceedings 22, Santa Barbara, CA, USA, 18–22 August 2002; pp. 61–76. [Google Scholar]
- Nguyen, L. Accumulators from bilinear pairings and applications. In Proceedings of the Topics in Cryptology–CT-RSA 2005: The Cryptographers’ Track at the RSA Conference 2005, San Francisco, CA, USA, 14–18 February 2005; pp. 275–292. [Google Scholar]
- Damgård, I.; Triandopoulos, N. Supporting Non-Membership Proofs with Bilinear-Map Accumulators. Cryptology ePrint Archive. 2008. Available online: https://eprint.iacr.org/2008/538 (accessed on 28 December 2008).
- Barsoum, A.F.; Hasan, M.A. Provable multicopy dynamic data possession in cloud computing systems. IEEE Trans. Inf. Forensics Secur. 2014, 10, 485–497. [Google Scholar] [CrossRef]
- Hao, Z.; Zhong, S.; Yu, N. A privacy-preserving remote data integrity checking protocol with data dynamics and public verifiability. IEEE Trans. Knowl. Data Eng. 2011, 23, 1432–1437. [Google Scholar]
Scheme | RKGen (ms) | Encrypt (ms) | ReEncrypt (ms) | DecryptO (ms) | DecryptR (ms) |
---|---|---|---|---|---|
Scheme [32] | 26.87 | 14.96 | 169.6 | 19.45 | 20.37 |
This system | 27.93 | 19.58 | 53.06 | 21.88 | 25.97 |
Scheme | Setup (s) | Challenge (s) | Proof (s) | Verify (Bytes) | Storage (MB) |
---|---|---|---|---|---|
Scheme [46] | 9480 | 3.3 | 68.4 | 42.3 | 33.1 |
This system | 18.9 | 0.64 | 53.06 | 0.0033 | 28.9 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhang, Y.; Zhang, Z.; Ji, S.; Wang, S.; Huang, S. Conditional Proxy Re-Encryption-Based Key Sharing Mechanism for Clustered Federated Learning. Electronics 2024, 13, 848. https://doi.org/10.3390/electronics13050848
Zhang Y, Zhang Z, Ji S, Wang S, Huang S. Conditional Proxy Re-Encryption-Based Key Sharing Mechanism for Clustered Federated Learning. Electronics. 2024; 13(5):848. https://doi.org/10.3390/electronics13050848
Chicago/Turabian StyleZhang, Yong**g, Zhouyang Zhang, Shan Ji, Shenqing Wang, and Shitao Huang. 2024. "Conditional Proxy Re-Encryption-Based Key Sharing Mechanism for Clustered Federated Learning" Electronics 13, no. 5: 848. https://doi.org/10.3390/electronics13050848