How to Solve Key Escrow Problem in Proxy Re-encryption from CBE to IBE

In 1998, Blaze, Bleumer, and Strauss proposed a kind of cryptographic primitive called proxy re-encryption. In proxy re-encryption, a proxy can transform a ciphertext computed under Alice's public key into one that can be opened under Bob's decryption key. In 2007, Matsuo proposed a new type of re-encryption scheme which can re-encrypt the ciphertext in the certificate based encryption(CBE) setting to one that can be decrypted in identity based setting (IBE). Now this scheme is being standardized by IEEEP1363.3 working group. In this paper, we further extend their research. One feature of their scheme is that it inherits the key escrow problem from IBE, that is, KGC can decrypt every re-encrypted ciphertext for IBE users.We ask question like this: can the malicious KGC not decrypt the re-encryption ciphertext? Surprisingly, the answer is affirmative. We construct such a scheme and prove its security in the standard model. So we give the conclusion that key escrow problem is not unavoidable in re-encryption from CBE to IBE.

[1]  AtenieseGiuseppe,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006 .

[2]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[3]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[4]  Toshihiko Matsuo,et al.  Proxy Re-encryption Systems for Identity-Based Encryption , 2007, Pairing.

[5]  Fred B. Schneider,et al.  Distributed Blinding for ElGamal Re-encryption , 2004 .

[6]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[7]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[8]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[9]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[10]  Zhenfu Cao,et al.  Identity-Based Proxy Re-encryption Schemes with Multiuse, Unidirection, and CCA Security , 2008, IACR Cryptol. ePrint Arch..

[11]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[12]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[13]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[14]  Abhi Shelat,et al.  Securely Obfuscating Re-Encryption , 2007, Journal of Cryptology.

[15]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[16]  Markus Jakobsson,et al.  On Quorum Controlled Asymmetric Proxy Re-encryption , 1999, Public Key Cryptography.

[17]  Benoît Libert,et al.  Tracing Malicious Proxies in Proxy Re-encryption , 2008, Pairing.

[18]  Yevgeniy Dodis,et al.  Proxy cryptography revisted , 2003 .

[19]  Susan Hohenberger,et al.  Advances in signatures, encryption, and E-Cash from bilinear groups , 2006 .

[20]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.