Threshold Proxy Re‑Encryption (TPRE) with National Cryptographic Algorithms for Secure Data Sharing
The article explains how cryptographic access control, especially a hybrid‑encrypted Threshold Proxy Re‑Encryption scheme built on national SM2/SM3/SM4 algorithms, offers high‑strength, decentralized, and efficient data authorization and sharing, addressing the limitations of traditional role‑based models.
In environments where data must be freely exchanged and collaborated on, secure data authorization becomes critical because data owners need to grant other participants access while preserving privacy.
Traditional role‑based access control (RBAC) provides flexibility and scalability but often requires extensive role and permission management, increasing complexity. Cryptographic access control, in contrast, encrypts data to protect its confidentiality during storage and transmission, offering higher customizability, scalability, and suitability for complex authorization scenarios, including decentralized identity and smart‑contract‑based management.
Because public‑key cryptography is inefficient for large data volumes, a hybrid encryption approach combines asymmetric and symmetric algorithms to improve performance while maintaining security.
Umbral, a threshold proxy re‑encryption scheme from Nucypher, uses standards such as AES, ECC, and BLAKE2b, but international restrictions on these algorithms motivate the replacement with domestic cryptographic primitives.
The collaboration between Chengfang Jinke Lab and the SecretFlow (隐语) team addressed this by using SecretFlow’s yacl library to implement a distributed Threshold Proxy Re‑Encryption (TPRE) scheme based on Chinese national algorithms (SM2, SM3, SM4), enabling decentralized management, high‑strength encryption, distributed architecture, sovereign control, and efficient performance.
Key advantages of the TPRE algorithm include:
High‑strength encryption protecting data confidentiality and privacy.
Distributed architecture supporting access control and authorization in distributed data scenarios.
Sovereign control through replacement of international algorithms with SM2/SM3/SM4, reducing security risks.
Efficient performance with low computational overhead, suitable for existing resources.
The algorithm has been contributed to the yacl repository (https://github.com/secretflow/yacl/tree/main/yacl/crypto/primitives/tpre) and is expected to have broad application prospects for secure, efficient, and sovereign data sharing.
References: 1. Nucypher. Umbral: A Threshold Proxy Re‑Encryption Scheme.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.