Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage

Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage

Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage
Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage


Data sharing is an important functionality in cloud storage. In this paper, we show how to securely, efficiently, and flexibly share data with others in cloud storage. We describe new public-key cryptosystems that produce constant-size cipher texts such that efficient delegation of decryption rights for any set of ciphertexts is possible. The novelty is that one can aggregate any set of secret keys and make them as compact as a single key, but encompassing the power of all the keys being aggregated. In other words, the secret key holder can release a constant-size aggregate key for flexible choices of ciphertext set in cloud storage, but the other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in a smart card with very limited secure storage. We provide formal security analysis of our schemes in the standard model. We also describe other application of our schemes. In particular, our schemes give the first public-key patient-controlled encryption for flexible hierarchy, which was yet to be known.


Considering data privacy, a traditional way to ensure it is to rely on the server to enforce the access control after authentication, which means any unexpected privilege escalation will expose all data. In a shared-tenancy cloud computing environment, things become even worse.

Regarding availability of files, there are a series of cryptographic schemes which go as far as allowing a third-party auditor to check the availability of files on behalf of the data owner without leaking anything about the data, or without compromising the data owners anonymity. Likewise, cloud users probably will not hold the strong belief that the cloud server is doing a good job in terms of confidentiality.

A cryptographic solution, with proven security relied on number-theoretic assumptions is more desirable, whenever the user is not perfectly happy with trusting the security of the VM or the honesty of the technical staff.


  1. The costs and complexities involved generally increase with the number of the decryption keys to be shared.
  2. The encryption key and decryption key are different in publickey encryption.


In this paper, we study how to make a decryption key more powerful in the sense that it allows decryption of multiple ciphertexts, without increasing its size. Specifically, our problem statement is “To design an efficient public-key encryption scheme which supports flexible delegation in the sense that any subset of the ciphertexts (produced by the encryption scheme) is decry ptable by a constant-size decryption key (generated by the owner of the master-secret key).” We solve this problem by introducing a special type of public-key encryption which we call key-aggregate cryptosystem (KAC). In KAC, users encrypt a message not only under a public-key, but also under an identifier of ciphertext called class. That means the ciphertexts are further categorized into different classes. The key owner holds a master-secret called master-secret key, which can be used to extract secret keys for different classes. More importantly, the extracted key have can be an aggregate key which is as compact as a secret key for a single class, but aggregates the power of many such keys, i.e., the decryption power for any subset of ciphertext classes.


  1. The extracted key have can be an aggregate key which is as compact as a secret key for a single class.
  2. The delegation of decryption can be efficiently implemented with the aggregate key.




  1. System Model
  2. Key Generation
  3. Encryption
  4. Aggregate Key Transfer


System Model:

  • Data Owner (Alice): In this module we executed by the data owner to setup an account on an untrusted server. On input a security level parameter 1λand the number of ciphertext classes n (i.e., class index should be an integer bounded by 1 and n), it outputs the public system parameter param, which is omitted from the input of the other algorithms for brevity.
  • Network Storage: With our solution, Alice can simply send Bob a single aggregate key via a secure e-mail. Bob can download the encrypted photos from Alice’s Dropbox space and then use this aggregate key to decrypt these encrypted photos. In this Network Storage is untrusted third party server.

Key Generation

  • Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked.
  • The public key is used to encrypt plain text whereas the private key is used to decrypt cipher text .Data owner to randomly generate a public/master-secret key pair.


  • Encryption keys also come with two flavours symmetric key or asymmetric (public) key. Using symmetric encryption, when Alice wants the data to be originated from a third party, she has to give the encrypted her secret key; obviously, this is not always desirable.
  • By contrast, the encryption key and decryption key are different in public key encryption. The use of public-key encryption gives more flexibility for our applications.

 Aggregate Key Transfer:

  • A key-aggregate encryption scheme consists of five polynomial-time algorithms as follows. The data owner establishes the public system parameter via Setup and generates a public/master-secret key pair via KeyGen.
  • Messages can be encrypted via Encrypt by anyone who also decides what ciphertext class is associated with the plaintext message to be encrypted. The data owner can use the master-secret to generate an aggregate decryption key for a set of ciphertext classes via Extract.
  • The generated keys can be passed to delegates securely (via secure e-mails or secure devices) finally; any user with an aggregate key can decrypt any ciphertext provided that the ciphertext’s class is contained in the aggregate key via Decrypt



  • System :            Pentium IV 2.4 GHz.
  • Hard Disk :        40 GB.
  • Floppy Drive :   44 Mb.
  • Monitor :           15 VGA Colour.
  • Mouse :             Logitech
  • Ram :                512 Mb.


  • Operating system : Windows XP/7.
  • Coding Language : net,
  • Tool :                       Visual Studio 2010
  • Database :              SQL SERVER 2008


Cheng-Kang Chu, Sherman S.M. Chow, Wen-Guey Tzeng, Jianying Zhou, and Robert H. Deng, “Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud Storage” IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,VOL. 25, NO. 2, FEBRUARY 2014.