Practical Revocation and Key Rotation

  • Steven Myers
  • Adam Shull
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10808)


We consider the problems of data maintenance on untrusted clouds. Specifically, two important use cases: (i) using public-key encryption to enforce dynamic access control, and (ii) efficient key rotation.

Enabling access revocation is key to enabling dynamic access control, and proxy re-encryption and related technologies have been advocated as tools that allow for revocation on untrusted clouds. Regrettably, the literature assumes that data is encrypted directly with the primitives. Yet, for efficiency reasons hybrid encryption is used, and such schemes are susceptible to key-scraping attacks.

For key rotation, currently deployed schemes have insufficient security properties, or are computationally quite intensive. Proposed systems are either still susceptible to key-scraping attacks, or too inefficient to deploy.

We propose a new notion of security that is practical for both problems. We show how to construct hybrid schemes that are both resistant to key-scraping attacks and highly efficient in revocation or key rotation. The number of modifications to the ciphertext scales linearly with the security parameter and logarithmically with the file length.



This work was supported by the National Science Foundation under awards CNS–1111149 and CNS–156375.


  1. 1.
    Amazon Web Services. Rotating customer master keys, September 2017.
  2. 2.
    Aono, Y., Boyen, X., Phong, L.T., Wang, L.: Key-private proxy re-encryption under LWE. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 1–18. Springer, Cham (2013). CrossRefGoogle Scholar
  3. 3.
    Ateniese, G., Benson, K., Hohenberger, S.: Key-private proxy re-encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 279–294. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  4. 4.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)CrossRefzbMATHGoogle Scholar
  5. 5.
    Bacis, E., De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Rosa, M., Samarati, P.: Mix&slice: efficient access revocation in the cloud. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 217–228. ACM (2016)Google Scholar
  6. 6.
    Barker, E.: SP 800–57. Recommendation for key management, Part 1: General (revision 4). Technical report, NIST, January 2016Google Scholar
  7. 7.
    Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  8. 8.
    Boyko, V.: On the security properties of OAEP as an all-or-nothing transform. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 503–518. Springer, Heidelberg (1999). CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000). CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: CCS 2007, pp. 185–194 (2007)Google Scholar
  11. 11.
    Crypto++: Crypto++ 5.6.5 benchmarks, September 2017.
  12. 12.
    Dodis, Y., Sahai, A., Smith, A.: On perfect and adaptive security in exposure-resilient cryptography. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 301–324. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  13. 13.
    Everspaugh, A., Paterson, K., Ristenpart, T., Scott, S.: Key rotation for authenticated encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 98–129. Springer, Cham (2017). CrossRefGoogle Scholar
  14. 14.
    Garrison III, W.C., Shull, A., Myers, S., Lee, A.J.: On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: IEEE Proc. S&P (2016)Google Scholar
  15. 15.
    Google: Managing data encryption, September 2017.
  16. 16.
    Green, M., Ateniese, G.: Identity-based proxy re-encryption. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 288–306. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  17. 17.
    Ivan, A., Dodis, Y.: Proxy cryptography revisited. In: NDSS 2003. The Internet Soc. (2003)Google Scholar
  18. 18.
    Katz, J., Lindell, Y.: Intro to Modern Cryptography. Chapman & Hall/CRC, Boca Raton (2007)Google Scholar
  19. 19.
    Li, J., Qin, C., Lee, P.P.C., Li, J.: Rekeying for encrypted deduplication storage. In: DSN 2016, pp. 618–629. IEEE Computer Society (2016)Google Scholar
  20. 20.
    Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: ASIACCS 2009, pp. 276–286 (2009)Google Scholar
  21. 21.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  22. 22.
    Mambo, M., Okamoto, E.: Proxy cryptosystems: delegation of the power to decrypt ciphertexts. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 80, 54–63 (1997)Google Scholar
  23. 23.
    Myers, S., Shull, A.: Efficient hybrid proxy re-encryption for practical revocation and key rotation. Cryptology ePrint Archive, Report 2017/833 (2017).
  24. 24.
    Open Web Application Security Project. Cryptographic storage cheat sheet, August 2016.
  25. 25.
    Payment Card Industry Security Standards Council. Payment card industry (PCI) data security standard, v3.2, April 2016Google Scholar
  26. 26.
    Phong, L.T., Wang, L., Aono, Y., Nguyen, M.H., Boyen, X.: Proxy re-encryption schemes with key privacy from LWE. Cryptology ePrint Archive, Report 2016/327 (2016).
  27. 27.
    Rivest, R.L.: All-or-nothing encryption and the package transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997). CrossRefGoogle Scholar
  28. 28.
    Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  29. 29.
    Wang, H., Cao, Z., Wang, L.: Multi-use and unidirectional identity-based proxy re-encryption schemes. Inf. Sci. 180(20), 4042–4059 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Watanabe, D., Yoshino, M.: Key update mechanism for network storage of encrypted data. In: CloudCom 2013, pp. 493–498 (2013)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Indiana UniversityBloomingtonUSA

Personalised recommendations