The Internet of Things (IoT) often relies on the cloud services for data sharing. To ensure the confidentiality of data, proxy re-encryption (PRE) is always applied when encrypting outsourced data. However, the existing conditional PRE schemes lack support for attaching weights to conditions, thus limiting the flexibility of re-encryption privilege management. To address this issue, we propose a cloud-sharing scheme based on the dual attribute conversion (DAC-CSS) specifically designed for IoT applications. The DAC-CSS scheme utilizes PRE techniques to convert identity-based encryption (IBE) ciphertext into attribute-based encryption (ABE) ciphertext. We design the condition policies for PRE based on the data attributes and their weights. This allows the proxy to convert only the IBE ciphertext that satisfies the conditions and generates ABE ciphertext. We construct user access policies based on the user attributes and their weights to ensure that only users satisfying the access policies can decrypt the ABE ciphertext. Based on the extended decisional parallel bilinear Diffie-Hellman exponent (EDPBDHE) assumption, we prove that the proposed scheme achieves security against adaptively chosen ciphertext attacks based on the access policy and identity selection (selective-CCA2) under the random oracle model (ROM). The experiments demonstrate that the proposed scheme gains high computational efficiency.

中文翻译：

---

基于双属性转换的云辅助物联网安全数据共享方案


物联网 （IoT） 通常依赖云服务进行数据共享。为了确保数据的机密性，在加密外包数据时，始终应用代理重新加密 （PRE）。但是，现有的条件 PRE 方案不支持将权重附加到条件，从而限制了重新加密权限管理的灵活性。为了解决这个问题，我们提出了一种基于双属性转换 （DAC-CSS） 的云共享方案，专为 IoT 应用而设计。DAC-CSS 方案利用 PRE 技术将基于身份的加密 （IBE） 密文转换为基于属性的加密 （ABE） 密文。我们根据数据属性及其权重为 PRE 设计条件策略。这允许代理仅转换满足条件的 IBE 密文并生成 ABE 密文。我们根据用户属性和权重构建用户访问策略，确保只有满足访问策略的用户才能解密 ABE 密文。基于扩展决策并行双线性 Diffie-Hellman 指数 （EDPBDHE） 假设，我们证明所提出的方案在随机预言机模型 （ROM） 下实现了对基于访问策略和身份选择 （selective-CCA2） 的自适应选择密文攻击的安全性。实验表明，所提方案具有较高的计算效率。