Proxy Crypto Library (IAIK-PCL)

Proxy Crypto Library (IAIK-PCL)

IAIK PCL (Proxy Crypto Library) is a JAVA library bundling several cryptographic primitives intended to be used in situations where a proxy acts as intermediary. Such scenarios often occur in cloud computing context but are not limited to latter. Currently, the library offers multiple proxy re-encryption primitives providing different properties.

Main Features

Currently, the following proxy re-encryption schemes are included in the bundle:

  • AFGH: Third attempt in G.Ateniese, K.Fu, M.Green, S.Hohenberger. 2006. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage.
  • LV: Known Secret Key model in Benoît Libert and Damien Vergnaud. 2010. Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption.
  • CDL: Canard, Devigne, and Laguillaumie. 2011. Improving the Security of an Efficient Unidirectional Proxy Re-Encryption Scheme.

Furthermore the following features are available:

  • Key and cipher-text serialization/deserialization.
  • Hybrid encryption.
  • Highly parameterizable, while default parameters ensuring 128 bit security are provided.

 

In order to follow a standardized hybrid encryption format approach, support for IAIK CMS is available as alternative to the hybrid approach provided by PCL. To be more accurate, the CMS content type AuthEnvelopedData can be used together with the KeyTransRecipientInfo type for all available proxy re-enryption schemes.

The following measurements were performed on an Intel® Core™ i7-6700 CPU @ 3.40GHz × 8 processor. If using IAIK CMS, the following time periods are approximately the same. Note: The larger the data to be processed, the more the processing time is dominated by the symmetric encryption scheme, hence AES128. The Re-Encrypt performance is nearly constant as it is only applied to the symmetric key instead of the bulk data.

Hybrid AFGH:

Encrypt Re-Encrypt Decrypt 1 Decrypt 2
1 B 35 ms 38 ms 33 ms 65 ms
1 KiB 33 ms 38 ms 31 ms 63 ms
1 MiB 48 ms 38 ms 45 ms 80 ms
10 MiB 160 ms 28 ms 162 ms 188 ms
100MiB 1329 ms 37 ms 1289 ms 1427 ms

Hybrid LV:

Encrypt Re-Encrypt Decrypt 1 Decrypt 2
1 B 329 ms 130 ms 273 ms 178 ms
1 KiB 430 ms 131 ms 255 ms 176 ms
1 MiB 637 ms 130 ms 268 ms 189 ms
10 MiB 510 ms 129 ms 380 ms 299 ms
100 MiB 1839 ms 128 ms 1485 ms 1433 ms

Hybrid CDL:

Encrypt Re-Encrypt Decrypt 1 Decrypt 2
1 B 116 ms 30 ms 9 ms 25 ms
1 KiB 127 ms 28 ms 8 ms 26 ms
1 MiB 142 ms 28 ms 22 ms 38 ms
10 MiB 277 ms 28 ms 137 ms 154 ms
100 MiB 1386 ms 29 ms 1291 ms 1314 ms

Compared to the plain-text, each scheme adds some overhead to the cipher-text, depending on the cipher-text level:

Level 1 CT Level 2 CT
AFGH 1640 Bytes 1000 Bytes
LV 2260 Bytes 1866 Bytes
CDL 1462 Bytes 8778 Bytes

Any questions?

Don‘t hestitate to ask us about our products.

Contact us