Efficient subtree-based encryption for fuzzy-entity data sharing

Cloud storage brings strong conveniences for flexible data sharing. When sharing data with a large number of entities described with fuzzy identities, the data owners must leverage a suitable encryption scheme to meet the security and efficiency requirements. (hierarchical) Identity-based encryption is a promising candidate to ensure fuzzy-entity data sharing while meeting the security requirement, but encounters the efficiency difficulty in multireceiver settings. We introduce the notion of subtree-based encryption (SBE) to support multireceiver data sharing mechanism in large-scale enterprises. Users in SBE are organized in a tree structure. Superior users can generate the secret keys to their subordinates. Unlike HIBE merely allowing a single decryption path, SBE enables encryption for a subset of users. We define the security notion for SBE, namely Ciphertext Indistinguishability against Adaptively Chosen-Sub-Tree and Chosen-Ciphertext Attack (IND-CST-CCA2). We propose two secure SBE schemes (SBEs). We first propose a basic SBEs against Adaptively Chosen-Sub-Tree and Chosen-Plaintext Attack (IND-CST-CPA), in which we do not allow the attacker to get decryption results from other users in the security game. We then propose a CCA2-secure SBEs from the basic scheme without requiring any other cryptographic primitives. Our CCA2-secure scheme natively allows public ciphertext validity test, which is a useful property when a CCA2-secure SBEs is used to design advanced protocols and auditing mechanisms for fuzzy-entity data sharing.