Journal of Reliable and Secure Computing Home About Editors Current Issue
A Blockchain-Based Revocable Identity-Based Proxy Re-Encryption Scheme with Cryptographic Reverse Firewalls for Secure Data Sharing
Research Article  ·  Published: 27 March 2026
Issue cover
Journal of Reliable and Secure Computing
Volume 2, Issue 1, 2026: 50-65
Research Article Open Access

A Blockchain-Based Revocable Identity-Based Proxy Re-Encryption Scheme with Cryptographic Reverse Firewalls for Secure Data Sharing

by
Negalign Wake Hundera Negalign Wake Hundera ORCID
Rashad Elhabob Rashad Elhabob ORCID
Deepak Adhikari Deepak Adhikari ORCID
Hu Xiong Hu Xiong ORCID
1 School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China
2 Network and Data Security Key Laboratory of Sichuan Province, Chengdu, China
Volume 2, Issue 1
Volume 2, Issue 1 2026
Received: 22 January 2026 Accepted: 23 March 2026 Published: 27 March 2026 CrossMark
Download PDF 2.44 MB Cite Metrics
DOI: 10.62762/JRSC.2026.796877
ARK: ark:/57805/jrsc.2026.796877

Article Information

Published in Journal of Reliable and Secure Computing
Volume/Issue Volume 2, Issue 1, 2026
Pages 50-65

Abstract

With the rapid growth of Internet of Things (IoT) applications and decentralized data-driven systems, secure and flexible data sharing remains a critical challenge. Identity-Based Proxy Re-Encryption (IB-PRE) is an effective cryptographic primitive for enabling fine-grained access delegation without exposing plaintext data. However, existing IB-PRE schemes remain vulnerable to algorithm substitution attacks (ASA), malicious key generation, inefficient ciphertext management, and the lack of practical revocation mechanisms. To address these limitations, we propose a blockchain-based revocable identity-based proxy re-encryption scheme with cryptographic reverse firewalls (BRIBPR-CRF) for secure IoT data sharing. The proposed scheme integrates CRFs into the key generation, encryption, and proxy re-encryption key generation processes to mitigate ASA and limit the impact of potentially compromised cryptographic components. An efficient identity revocation mechanism enables the removal of compromised or expired users without requiring global key updates. In addition, a consortium blockchain is employed to record initial ciphertexts and execute proxy re-encryption via smart contracts, thereby eliminating single points of failure and reducing trust assumptions compared with traditional proxy-based systems. We formally prove the security of BRIBPR-CRF in the random-oracle model. Finally, extensive performance evaluations demonstrate that the proposed scheme achieves lower communication, computation, and energy overhead compared with existing schemes, making it suitable for secure and scalable data sharing in decentralized and semi-trusted IoT environments.

Graphical Abstract

A Blockchain-Based Revocable Identity-Based Proxy Re-Encryption Scheme with Cryptographic Reverse Firewalls for Secure Data Sharing

Keywords

secure data sharing proxy re-encryption blockchain revocation cryptographic reverse firewalls

Data Availability Statement

Data will be made available on request.

Funding

This work was supported in part by the National Foreign Expert Program under Grant Y20250135; in part by the National Key Research and Development Program of China under Grant 2022YFB2701400; in part by the Sichuan Science and Technology Support Plan under Grant 2024NSFTD0005.

Conflicts of Interest

The authors declare no conflicts of interest.

AI Use Statement

The authors declare that no generative AI was used in the preparation of this manuscript.

Ethical Approval and Consent to Participate

Not applicable.

References

  1. Chen, J., Wang, M., Cao, Z., Dong, X., & Sun, L. (2025). Secure and controllable cloud--edge collaborative data sharing scheme for wireless body area networks in IIoT. Computers & Security, 153, 104389.
    [CrossRef] [Google Scholar]
  2. Bayat, M., Jamali, M. A. J., Abbasi, M., Anari, B., & Akbarpour, S. (2025). Enhancing secure IoT data sharing through dynamic Q-learning and blockchain at the edge. Scientific Reports, 15(1), 39153.
    [CrossRef] [Google Scholar]
  3. Shang, F., & Deng, X. (2025). A data sharing scheme based on blockchain for privacy protection certification of Internet of Vehicles. Vehicular Communications, 51, 100864.
    [CrossRef] [Google Scholar]
  4. Zhang, Q., Yuan, L., Xie, T., & Chen, H. (2024). Auditable and dynamic access control scheme with behavior and identity tracing. Computer Networks, 251, 110623.
    [CrossRef] [Google Scholar]
  5. Blaze, M., Bleumer, G., & Strauss, M. (1998, May). Divertible protocols and atomic proxy cryptography. In International conference on the theory and applications of cryptographic techniques (pp. 127-144). Berlin, Heidelberg: Springer Berlin Heidelberg.
    [CrossRef] [Google Scholar]
  6. Wang, F., Cui, J., Zhang, Q., He, D., Gu, C., & Zhong, H. (2023). Lightweight and secure data sharing based on proxy re-encryption for blockchain-enabled industrial internet of things. IEEE Internet of Things Journal, 11(8), 14115-14126.
    [CrossRef] [Google Scholar]
  7. Tang, Q., & Yung, M. (2017, October). Cliptography: Post-snowden cryptography. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (pp. 2615-2616).
    [CrossRef] [Google Scholar]
  8. Bellare, M., Paterson, K. G., & Rogaway, P. (2014, August). Security of symmetric encryption against mass surveillance. In Annual cryptology conference (pp. 1-19). Berlin, Heidelberg: Springer Berlin Heidelberg.
    [CrossRef] [Google Scholar]
  9. Mironov, I., & Stephens-Davidowitz, N. (2015, April). Cryptographic reverse firewalls. In Annual international conference on the theory and applications of cryptographic techniques (pp. 657-686). Berlin, Heidelberg: Springer Berlin Heidelberg.
    [CrossRef] [Google Scholar]
  10. Zhang, Q., Fu, Y., Cui, J., He, D., & Zhong, H. (2024). Efficient fine-grained data sharing based on proxy re-encryption in iiot. IEEE Transactions on Dependable and Secure Computing, 21(6), 5797–5809.
    [CrossRef] [Google Scholar]
  11. Lv, Y., Li, X., Wang, Y., Chen, K., Hou, Z., & Feng, R. (2024). Cross-chain sharing of personal health records: Heterogeneous and interoperable blockchains. In 2024 IEEE International Conference on Bioinformatics and Biomedicine (BIBM) (pp. 3588–3591). IEEE.
    [CrossRef] [Google Scholar]
  12. Zhang, J., Su, S., Zhong, H., Cui, J., & He, D. (2023). Identity-based broadcast proxy re-encryption for flexible data sharing in VANETs. IEEE Transactions on Information Forensics and Security, 18, 4830–4842.
    [CrossRef] [Google Scholar]
  13. Green, M., & Ateniese, G. (2007, June). Identity-based proxy re-encryption. In International Conference on Applied Cryptography and Network Security (pp. 288-306). Berlin, Heidelberg: Springer Berlin Heidelberg.
    [CrossRef] [Google Scholar]
  14. Cohen, A. (2019, April). What about bob? The inadequacy of CPA security for proxy reencryption. In IACR International Workshop on Public Key Cryptography (pp. 287-316). Cham: Springer International Publishing.
    [CrossRef] [Google Scholar]
  15. Susilo, W., Dutta, P., Duong, D. H., & Roy, P. S. (2021, October). Lattice-based HRA-secure attribute-based proxy re-encryption in standard model. In European Symposium on Research in Computer Security (pp. 169-191). Cham: Springer International Publishing.
    [CrossRef] [Google Scholar]
  16. Zhao, F., Weng, J., Xie, W., Li, M., & Weng, J. (2024). HRA-secure attribute-based threshold proxy re-encryption from lattices. Information Sciences, 655, 119900.
    [CrossRef] [Google Scholar]
  17. Ge, C., Susilo, W., Liu, Z., Baek, J., Luo, X., & Fang, L. (2023, July). Attribute-based proxy re-encryption with direct revocation mechanism for data sharing in clouds. In Proceedings of the ACM Turing Award Celebration Conference-China 2023 (pp. 164-165).
    [CrossRef] [Google Scholar]
  18. Luo, F., Al-Kuwari, S., Susilo, W., & Duong, D. H. (2020). Chosen-ciphertext secure homomorphic proxy re-encryption. IEEE Transactions on Cloud Computing, 10(4), 2398–2408.
    [CrossRef] [Google Scholar]
  19. Manzoor, A., Liyanage, M., Braeke, A., Kanhere, S. S., & Ylianttila, M. (2019). Blockchain based proxy re-encryption scheme for secure IoT data sharing. In 2019 IEEE international conference on blockchain and cryptocurrency (ICBC) (pp. 99–103). IEEE.
    [CrossRef] [Google Scholar]
  20. Jin, C., Chen, Z., Qin, W., Sun, K., Chen, G., & Chen, L. (2024). A Blockchain-Based Proxy Re-Encryption Scheme With Cryptographic Reverse Firewall for IoV. International Journal of Network Management, 34(6), e2305.
    [CrossRef] [Google Scholar]
  21. Lin, Z., Zhou, J., Cao, Z., Dong, X., & Choo, K. K. R. (2023). Generalized autonomous path proxy re-encryption scheme to support branch functionality. IEEE Transactions on Information Forensics and Security, 18, 5387-5400.
    [CrossRef] [Google Scholar]
  22. Zhou, Y., Guo, J., & Li, F. (2020). Certificateless public key encryption with cryptographic reverse firewalls. Journal of Systems Architecture, 109, 101754.
    [CrossRef] [Google Scholar]
  23. Ma, H., Zhang, R., Yang, G., Song, Z., Sun, S., & Xiao, Y. (2018). Concessive online/offline attribute based encryption with cryptographic reverse firewalls—Secure and efficient fine-grained access control on corrupted machines. In European symposium on research in computer security (pp. 507–526). Springer.
    [CrossRef] [Google Scholar]
  24. Li, F., & Xiong, P. (2013). Practical secure communication for integrating wireless sensor networks into the internet of things. IEEE Sensors Journal, 13(10), 3677–3684.
    [CrossRef] [Google Scholar]
  25. Hundera, N. W., Aftab, M. U., Mesfin, D., Dioubi, F., Xu, H., & Zhu, X. (2024). An efficient heterogeneous online/offline anonymous certificateless signcryption with proxy re-encryption for Internet of Vehicles. Vehicular Communications, 49, 100811.
    [CrossRef] [Google Scholar]
  26. Hundera, N. W., Mei, Q., Xiong, H., & Geressu, D. M. (2020). A secure and efficient identity-based proxy signcryption in cloud data sharing. KSII Transactions on Internet & Information Systems, 14(1).
    [CrossRef] [Google Scholar]
  27. Zhou, Y., Zhao, L., Jin, Y., & Li, F. (2022). Backdoor-resistant identity-based proxy re-encryption for cloud-assisted wireless body area networks. Information Sciences, 604, 80–96.
    [CrossRef] [Google Scholar]
  28. Hundera, N. W., Jin, C., Geressu, D. M., Aftab, M. U., Olanrewaju, O. A., & Xiong, H. (2022). Proxy-based public-key cryptosystem for secure and efficient IoT-based cloud data sharing in the smart city. Multimedia Tools and Applications, 81(21), 29673–29697.
    [CrossRef] [Google Scholar]
  29. Li, Y., Chen, R., & Rahmani, R. (2023, August). Secure data sharing in internet of vehicles based on blockchain and attribute-based encryption. In 2023 IEEE International Conference on Smart Internet of Things (SmartIoT) (pp. 56-63). IEEE.
    [CrossRef] [Google Scholar]
  30. Sanchol, P., & Fugkeaw, S. (2023). A fully outsourced attribute-based signcryption scheme supporting privacy-preserving policy update in mobile cloud computing. IEEE Access, 11, 145915-145930.
    [CrossRef] [Google Scholar]
  31. Ateniese, G., Fu, K., Green, M., & Hohenberger, S. (2006). Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security (TISSEC), 9(1), 1–30.
    [CrossRef] [Google Scholar]
  32. Sun, M., Ge, C., Fang, L., & Wang, J. (2018). A proxy broadcast re-encryption for cloud data sharing. Multimedia Tools and Applications, 77(9), 10455–10469.
    [CrossRef] [Google Scholar]
  33. Xu, L., Wu, X., & Zhang, X. (2012). CL-PRE: a certificateless proxy re-encryption scheme for secure data sharing with public cloud. In Proceedings of the 7th ACM symposium on information, computer and communications security (pp. 87–88).
    [CrossRef] [Google Scholar]
  34. Wang, Z. (2018). Leakage resilient ID-based proxy re-encryption scheme for access control in fog computing. Future Generation Computer Systems, 87, 679–685.
    [CrossRef] [Google Scholar]
  35. Luo, S., Shen, Q., & Chen, Z. (2011, November). Fully secure unidirectional identity-based proxy re-encryption. In International Conference on Information Security and Cryptology (pp. 109-126). Berlin, Heidelberg: Springer Berlin Heidelberg.
    [CrossRef] [Google Scholar]
  36. Lynn, B. (2007). Pbc library-pairing-based cryptography. http://crypto. stanford. edu/pbc/.
    [Google Scholar]
  37. Daemen, J., & Rijmen, V. (2002). Related block ciphers. In The Design of Rijndael: AES—The Advanced Encryption Standard (pp. 161-173). Berlin, Heidelberg: Springer Berlin Heidelberg.
    [CrossRef] [Google Scholar]
  38. Lo, N.-W., & Tsai, J.-L. (2015). An efficient conditional privacy-preserving authentication scheme for vehicular sensor networks without pairings. IEEE Transactions on Intelligent Transportation Systems, 17(5), 1319–1328.
    [CrossRef] [Google Scholar]
  39. Fan, K., Ren, Y., Wang, Y., Li, H., & Yang, Y. (2018). Blockchain-based efficient privacy preserving and data sharing scheme of content-centric network in 5G. IET Communications, 12(5), 527–532.
    [CrossRef] [Google Scholar]
  40. Buterin, V. (2014). A next-generation smart contract and decentralized application platform. white paper, 3(37), 2-1.
    [Google Scholar]
  41. Wu, T. Y., Wu, H., Tang, M., Kumari, S., & Chen, C. M. (2025). CD-AKA-IoV: A Provably Secure Cross-Domain Authentication and Key Agreement Protocol for Internet of Vehicle. Computers, Materials & Continua, 85(1).
    [CrossRef] [Google Scholar]
  42. Chinnadurai, G., & Nagarajan, S. (2026). Development of advanced sensor materials and encryption techniques for secure Wireless Body Area Networks (WBANs) in healthcare applications. Matéria (Rio de Janeiro), 31, e20250390.
    [CrossRef] [Google Scholar]

Cite This Article

APA Style
Hundera, N. W., Elhabob, R., Adhikari, D., & Xiong, H. (2026). A Blockchain-Based Revocable Identity-Based Proxy Re-Encryption Scheme with Cryptographic Reverse Firewalls for Secure Data Sharing. Journal of Reliable and Secure Computing, 2(1), 50–65. https://doi.org/10.62762/JRSC.2026.796877
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
TY  - JOUR
AU  - Hundera, Negalign Wake
AU  - Elhabob, Rashad
AU  - Adhikari, Deepak
AU  - Xiong, Hu
PY  - 2026
DA  - 2026/03/27
TI  - A Blockchain-Based Revocable Identity-Based Proxy Re-Encryption Scheme with Cryptographic Reverse Firewalls for Secure Data Sharing
JO  - Journal of Reliable and Secure Computing
T2  - Journal of Reliable and Secure Computing
JF  - Journal of Reliable and Secure Computing
VL  - 2
IS  - 1
SP  - 50
EP  - 65
DO  - 10.62762/JRSC.2026.796877
UR  - https://www.icck.org/article/abs/JRSC.2026.796877
KW  - secure data sharing
KW  - proxy re-encryption
KW  - blockchain
KW  - revocation
KW  - cryptographic reverse firewalls
AB  - With the rapid growth of Internet of Things (IoT) applications and decentralized data-driven systems, secure and flexible data sharing remains a critical challenge. Identity-Based Proxy Re-Encryption (IB-PRE) is an effective cryptographic primitive for enabling fine-grained access delegation without exposing plaintext data. However, existing IB-PRE schemes remain vulnerable to algorithm substitution attacks (ASA), malicious key generation, inefficient ciphertext management, and the lack of practical revocation mechanisms. To address these limitations, we propose a blockchain-based revocable identity-based proxy re-encryption scheme with cryptographic reverse firewalls (BRIBPR-CRF) for secure IoT data sharing. The proposed scheme integrates CRFs into the key generation, encryption, and proxy re-encryption key generation processes to mitigate ASA and limit the impact of potentially compromised cryptographic components. An efficient identity revocation mechanism enables the removal of compromised or expired users without requiring global key updates. In addition, a consortium blockchain is employed to record initial ciphertexts and execute proxy re-encryption via smart contracts, thereby eliminating single points of failure and reducing trust assumptions compared with traditional proxy-based systems. We formally prove the security of BRIBPR-CRF in the random-oracle model. Finally, extensive performance evaluations demonstrate that the proposed scheme achieves lower communication, computation, and energy overhead compared with existing schemes, making it suitable for secure and scalable data sharing in decentralized and semi-trusted IoT environments.
SN  - 3070-6424
PB  - Institute of Central Computation and Knowledge
LA  - English
ER  -
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
@article{Hundera2026A,
  author = {Negalign Wake Hundera and Rashad Elhabob and Deepak Adhikari and Hu Xiong},
  title = {A Blockchain-Based Revocable Identity-Based Proxy Re-Encryption Scheme with Cryptographic Reverse Firewalls for Secure Data Sharing},
  journal = {Journal of Reliable and Secure Computing},
  year = {2026},
  volume = {2},
  number = {1},
  pages = {50-65},
  doi = {10.62762/JRSC.2026.796877},
  url = {https://www.icck.org/article/abs/JRSC.2026.796877},
  abstract = {With the rapid growth of Internet of Things (IoT) applications and decentralized data-driven systems, secure and flexible data sharing remains a critical challenge. Identity-Based Proxy Re-Encryption (IB-PRE) is an effective cryptographic primitive for enabling fine-grained access delegation without exposing plaintext data. However, existing IB-PRE schemes remain vulnerable to algorithm substitution attacks (ASA), malicious key generation, inefficient ciphertext management, and the lack of practical revocation mechanisms. To address these limitations, we propose a blockchain-based revocable identity-based proxy re-encryption scheme with cryptographic reverse firewalls (BRIBPR-CRF) for secure IoT data sharing. The proposed scheme integrates CRFs into the key generation, encryption, and proxy re-encryption key generation processes to mitigate ASA and limit the impact of potentially compromised cryptographic components. An efficient identity revocation mechanism enables the removal of compromised or expired users without requiring global key updates. In addition, a consortium blockchain is employed to record initial ciphertexts and execute proxy re-encryption via smart contracts, thereby eliminating single points of failure and reducing trust assumptions compared with traditional proxy-based systems. We formally prove the security of BRIBPR-CRF in the random-oracle model. Finally, extensive performance evaluations demonstrate that the proposed scheme achieves lower communication, computation, and energy overhead compared with existing schemes, making it suitable for secure and scalable data sharing in decentralized and semi-trusted IoT environments.},
  keywords = {secure data sharing, proxy re-encryption, blockchain, revocation, cryptographic reverse firewalls},
  issn = {3070-6424},
  publisher = {Institute of Central Computation and Knowledge}
}

Article Metrics

Citations
Crossref
0
Scopus
0
Views
806
PDF Downloads
93

Publisher's Note

ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and Permissions

CC BY Copyright © 2026 by the Author(s). Published by Institute of Central Computation and Knowledge. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.
Journal of Reliable and Secure Computing
Journal of Reliable and Secure Computing
ISSN: 3070-6424 (Online)
Portico
Preserved at
Portico

Article QR Code

Article QR Code
Scan to read this article
Submit Manuscript Edit a Special Issue

Popular Articles

Share This Article