On the security of two multi-use CCA-secure proxy re-encryption schemes

In proxy re-encryption PRE, a semi-trusted proxy can convert a ciphertext originally intended for Alice into one which can be decrypted by Bob, while the proxy cannot know the corresponding plaintext. PRE can be classified as single-use PRE and multi-use PRE according to the times the ciphertext can be transformed. In multi-use PRE schemes, the ciphertext can be transformed from A to B and to C and so on. In CCS'09 post session, Wang et al. proposed a multi-use unidirectional CCA-secure proxy re-encryption scheme. Unfortunately, we show their proposal is not CCA-secure in the corresponding security models by giving concrete attacks. In 2010, Ren et al. proposed a hierarchical identity-based proxy re-encryption scheme without random oracles, and claimed their scheme was also multi-use and CCA-secure, we also show their scheme is not secure.

[1]  Robert H. Deng,et al.  Conditional proxy re-encryption secure against chosen-ciphertext attack , 2009, ASIACCS '09.

[2]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[3]  Kefei Chen,et al.  Chosen-Ciphertext Secure Proxy Re-encryption without Pairings , 2008, CANS.

[4]  Robert H. Deng,et al.  New Constructions for Identity-Based Unidirectional Proxy Re-Encryption , 2010, Journal of Computer Science and Technology.

[5]  Brent Waters,et al.  Realizing Hash-and-Sign Signatures under Standard Assumptions , 2009, EUROCRYPT.

[6]  Xu An Wang,et al.  On the Insecurity of an Identity Based Proxy Re-encryption Scheme , 2010, Fundam. Informaticae.

[7]  Pieter H. Hartel,et al.  A Type-and-Identity-Based Proxy Re-encryption Scheme and Its Application in Healthcare , 2008, Secure Data Management.

[8]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[9]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[10]  Toshihiko Matsuo,et al.  Proxy Re-encryption Systems for Identity-Based Encryption , 2007, Pairing.

[11]  Zhenfu Cao,et al.  CCA-Secure Proxy Re-Encryption without Pairings , 2009, IACR Cryptol. ePrint Arch..

[12]  Zhenfu Cao,et al.  A Fully Secure Unidirectional and Multi-use Proxy Re-encryption Scheme , 2009 .

[13]  Xinpeng Zhang,et al.  Hierarchical Identity-Based Proxy Re-Encryption without Random Oracles , 2010, Int. J. Found. Comput. Sci..

[14]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[15]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[16]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[17]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[18]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[19]  Yevgeniy Dodis,et al.  Proxy cryptography revisted , 2003 .

[20]  Robert H. Deng,et al.  Efficient Unidirectional Proxy Re-Encryption , 2010, AFRICACRYPT.

[21]  Dong Hoon Lee,et al.  Security vulnerability in a non-interactive ID-based proxy re-encryption scheme , 2009, Inf. Process. Lett..

[22]  Pieter H. Hartel,et al.  Inter-domain Identity-Based Proxy Re-encryption , 2008, Inscrypt.

[23]  Robert H. Deng,et al.  CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles , 2010, Science China Information Sciences.

[24]  Zhenfu Cao,et al.  CCA-Secure PRE Scheme without Random Oracles , 2010, IACR Cryptol. ePrint Arch..

[25]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.