Proxy Re-encryption (PRE) offers an efficient solution for enforcing access control on outsourced data through delegation of decryption rights of a delegator to a delegatee. However, to meet practical security requirements of an access control model, the delegator must control these delegations such that a re-encryption key enables the delegation of decryption rights of only a subset of the delegator’s ciphertexts. In this paper, we focus on a category of PRE-based primitives, which we refer to as “PRE with controlled delegation”. In these primitives, instead of the re-encryption key alone, the re-encryption key and authorization of the delegatee for a data item collectively determine whether the ciphertext transformation results in a valid re-encrypted ciphertext under the delegatee’s public key. This paper provides an exhaustive functional, security and performance analysis of all the existing schemes for PRE with controlled delegation in a concrete fine-grained access control model. We show that the traditional PRE security notions are insufficient to address all the security aspects of the access control model. Motivated by our analysis, we formulate stronger security notions and state the desirable efficiency requirements for PRE schemes applicable in the concrete fine-grained access control model. We show the validity of the proposed security notions by formally proving the insecurity of a conventional PRE scheme and security of one of the PRE schemes with controlled delegation under the proposed stronger PRE security notions. We critically analyze all schemes for PRE with controlled delegation under the proposed stronger security notions and with respect to the efficiency requirements. We show that no scheme for PRE with controlled delegation simultaneously satisfies the efficiency and security requirements formulated in this paper. Finally, we present possible future research directions to obtain a PRE-based solution that is secure under the proposed stronger security notions and satisfies all desirable performance requirements in a fine-grained access control model.

代理重新加密（PRE）提供了一种有效的解决方案，可通过将委派者的解密权委派给委派者来对外包数据实施访问控制。但是，为了满足访问控制模型的实际安全性要求，委托人必须控制这些委派，以便重新加密密钥能够委派委托人密文的子集的解密权限。在本文中，我们专注于一类基于PRE的基元，我们称其为“具有受控委托的PRE”。在这些原语中，代替单独的重新加密密钥，数据对象的重新加密密钥和委托人的授权共同确定密文转换是否在委托人的公共密钥下导致有效的重新加密密文。本文提供了详尽的功能，在一个具体的细粒度访问控制模型中，对具有控制权的PRE的所有现有方案的安全性和性能进行分析。我们表明，传统的PRE安全概念不足以解决访问控制模型的所有安全问题。根据我们的分析，我们提出了更强的安全性概念，并提出了适用于具体细粒度访问控制模型的PRE方案的理想效率要求。通过在拟议的更强的PRE安全性概念下正式证明常规PRE方案的不安全性以及具有受控委托的PRE方案之一的安全性，我们证明了所提出的安全性概念的有效性。我们在提议的更强安全性概念和效率要求的基础上，严格分析了所有具有可控委托的PRE方案。我们表明，没有一种具有可控委派的PRE方案可以同时满足本文提出的效率和安全性要求。最后，我们提出了可能的未来研究方向，以获取基于PRE的解决方案，该解决方案在建议的更强安全性概念下是安全的，并满足细粒度访问控制模型中所有期望的性能要求。