Improving the Security of an Efficient Unidirectional Proxy Re-Encryption Scheme

A proxy re-encryption (PRE) scheme allows a designated proxy, that has beforehand received a so-called re-encryption key, to translate a ciphertext intended to one user to a ciphertext intended to another one. Traditionally, the re-encryption key is generated at the initiative of the initial receiver and ideally, no secret keys should be known to the proxy. Such scheme is said unidirectional if the transformation from one user to another does not necessarily imply the possibility to make the inverse transformation. Regarding the literature on unidirectional proxy re-encryption, it seems hard to prove the strongest security level (namely indistinguishability under chosen ciphertext attacks IND-CCA) of such schemes. Most of the time, PRE either reaches a chosen-plaintext security or a replayable CCA security. At Africacrypt 2010, Chow, Weng, Yang and Deng proposed a scheme that satisfies CCA security in the random oracle model. However, their model can actually be strengthen. Indeed, we show in this paper how to modify this scheme so that its improved security achieves a full CCA security. In particular, we now allow the adversary of the CCA security for re-encryption to corrupt the user i′ who is the initial receiver of the challenged ciphertext and at the same time to obtain the re-encryption key from i′ to the targeted users. The resulting scheme is therefore a fully secure PRE which does not rely on pairings, and secure in the random oracle model. It can be implemented efficiently with any traditional modular arithmetic.

[1]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[2]  Susan Hohenberger,et al.  Key-Private Proxy Re-encryption , 2009, CT-RSA.

[3]  Ryo Nishimaki,et al.  CCA Proxy Re-Encryption without Bilinear Maps in the Standard Model , 2010, Public Key Cryptography.

[4]  Robert H. Deng,et al.  Efficient Unidirectional Proxy Re-Encryption , 2010, AFRICACRYPT.

[5]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[6]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[7]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[8]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[9]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[10]  Hugo Krawczyk,et al.  Relaxing Chosen-Ciphertext Security , 2003, CRYPTO.

[11]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[12]  Kefei Chen,et al.  Chosen-Ciphertext Secure Proxy Re-encryption without Pairings , 2008, CANS.

[13]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[14]  Zhenfu Cao,et al.  CCA-Secure Proxy Re-Encryption without Pairings , 2009, IACR Cryptol. ePrint Arch..

[15]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[16]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[17]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.