Chosen-Ciphertext Secure Proxy Re-encryption without Pairings

In a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such as encrypted email forwarding, secure distributed file systems, and outsourced filtering of encrypted spam. In ACM CCS'07, Canetti and Hohenberger presented a proxy re-encryption scheme with chosen-ciphertext security, and left an important open problem to construct a chosen-ciphertext secure proxy re-encryption scheme without pairings. In this paper, we solve this open problem by proposing a new proxy re-encryption scheme without resort to bilinear pairings. Based on the computational Diffie-Hellman (CDH) problem, the chosen-ciphertext security of the proposed scheme is proved in the random oracle model.

[1]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[2]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption , 2008, Public Key Cryptography.

[3]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[4]  Benoît Libert,et al.  Multi-use unidirectional proxy re-signatures , 2008, CCS.

[5]  Joonsang Baek,et al.  Certificateless Public Key Encryption Without Pairing , 2005, ISC.

[6]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[7]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[8]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[9]  Toshihiko Matsuo,et al.  Proxy Re-encryption Systems for Identity-Based Encryption , 2007, Pairing.

[10]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[11]  Markus Jakobsson,et al.  On Quorum Controlled Asymmetric Proxy Re-encryption , 1999, Public Key Cryptography.

[12]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[13]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Identity-Based Encryption in the Standard Model with short Ciphertexts , 2006, IACR Cryptol. ePrint Arch..

[14]  Eike Kiltz,et al.  Direct chosen-ciphertext secure identity-based key encapsulation without random oracles , 2009, Theor. Comput. Sci..

[15]  M. Mambo,et al.  Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts (Special Section on Cryptography and Information Security) , 1997 .

[16]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[17]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[18]  Benoît Libert,et al.  Tracing Malicious Proxies in Proxy Re-encryption , 2008, Pairing.

[19]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[20]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[21]  Yevgeniy Dodis,et al.  Proxy cryptography revisted , 2003 .

[22]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[23]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.