A DFA-based functional proxy re-encryption scheme for secure public cloud data sharing

Kaitai Liang, Man Ho Au, Joseph K Liu, Willy Susilo, Duncan S Wong, Guomin Yang, Tran Viet Xuan Phuong, Qi Xie

Research output: Contribution to journalArticleResearchpeer-review

95 Citations (Scopus)


In this paper, for the first time, we define a general notion for proxy re-encryption (PRE), which we call deterministic finite automata-based functional PRE (DFA-based FPRE). Meanwhile, we propose the first and concrete DFA-based FPRE system, which adapts to our new notion. In our scheme, a message is encrypted in a ciphertext associated with an arbitrary length index string, and a decryptor is legitimate if and only if a DFA associated with his/her secret key accepts the string. Furthermore, the above encryption is allowed to be transformed to another ciphertext associated with a new string by a semitrusted proxy to whom a re-encryption key is given. Nevertheless, the proxy cannot gain access to the underlying plaintext. This new primitive can increase the flexibility of users to delegate their decryption rights to others. We also prove it as fully chosen-ciphertext secure in the standard model.
Original languageEnglish
Pages (from-to)1667 - 1680
Number of pages14
JournalIEEE Transactions on Information Forensics and Security
Issue number10
Publication statusPublished - Oct 2014
Externally publishedYes


  • Functional encryption
  • functional proxy re-encryption
  • chosen-ciphertext security

Cite this