On the Insecurity of an Identity Based Proxy Re-encryption Scheme
暂无分享,去创建一个
At Pairing'07, Matsuo proposed two proxy re-encryption schemes: proxy re-encryption fromCBE to IBE and IBE to IBE. Now both schemes have been standardized by P1363.3workgroup. In this paper, we show that their identity based proxy re-encryption scheme is insecure. We give two attacks to this scheme. The first attack shows that the proxy can re-encrypt any IBE user's ciphertext to be the delegatee's ciphertext. The second attack implies that, if the proxy colludes with any delegatee, the proxy and this delegatee can derive any other IBE user's secret key.
[1] Matthew Green,et al. Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.
[2] Dan Boneh,et al. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..
[3] Matt Blaze,et al. Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.
[4] Matthew Green,et al. Identity-Based Proxy Re-encryption , 2007, ACNS.