PICADOR: End-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption

Cristian Borcea, Arnab “Bobby” Deb Gupta, Yuriy Polyakov, Kurt Rohloff, Gerard Ryan

Research output: Contribution to journalArticlepeer-review

33 Scopus citations


This article presents PICADOR, a system for end-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption. PICADOR is designed for topic-based Pub/Sub systems and provides end-to-end payload confidentiality. The main novelty of PICADOR is that it provides an information distribution service with end-to-end encryption where publishers and subscribers do not need to establish shared encryption and decryption keys. Multiple publishers post encrypted information to a Pub/Sub broker which uses Proxy Re-Encryption (PRE) to convert this information into a representation that can only be decrypted by approved subscribers. The broker is unable to decrypt the information. To support PICADOR, we design and implement a novel PRE scheme that leverages a general lattice encryption software library. We prototype our system using a scalable Java-based information substrate that supports topic-based Pub/Sub operations. We experimentally evaluate performance and scalability tradeoffs in the context of enterprise and mobile applications. We discuss design tradeoffs and application-specific customizations.

Original languageEnglish (US)
Pages (from-to)177-191
Number of pages15
JournalFuture Generation Computer Systems
StatePublished - Jun 1 2017

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications


  • Encryption
  • Information brokering
  • Security


Dive into the research topics of 'PICADOR: End-to-end encrypted Publish–Subscribe information distribution with proxy re-encryption'. Together they form a unique fingerprint.

Cite this