On the Relation between Identity-Based Proxy Re-Encryption and Mediated Identity-Based Encryption

Identity-based proxy re-encryption (IBPRE) is a useful primitive, in the sense that a semi-trust proxy can translate ciphertexts originally intended for one identity into ciphertexts intended for another identity. The proxy, however, cannot learn anything about the underlying plaintexts. Mediated identity-based encryption (MIBE), introduced by Ding et al., is particularly useful for the immediate revocation of identities. In this paper, we study the relation between IBPRE and MIBE. We show that, under the chosenplaintext attack (CPA), IBPRE and MIBE are equivalent: we give a generic construction of CPA-secure IBPRE scheme from any CPA-secure MIBE scheme; and a generic construction for the opposite direction is also given. However, under the chosen-ciphertext attack (CCA), we show that IBPRE and MIBE are not equivalent: for an IBPRE scheme generically constructed from CCA-secure MIBE, we can give a concrete attack against this resulting IBPRE scheme; similarly, we also give a concrete attack against the MIBE scheme generically constructed from CCA-secure IBPRE. We believe that our results are theoretically interesting, since for the first time they clarify the relation between IBPRE and MIBE.

[1]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[2]  Joonsang Baek,et al.  Identity-Based Threshold Decryption , 2004, Public Key Cryptography.

[3]  Robert H. Deng,et al.  Conditional Proxy Broadcast Re-Encryption , 2009, ACISP.

[4]  Qiang Tang,et al.  Type-Based Proxy Re-encryption and Its Construction , 2008, INDOCRYPT.

[5]  Xuejia Lai,et al.  On the design and security of block ciphers , 1992 .

[6]  Robert H. Deng,et al.  Efficient Unidirectional Proxy Re-Encryption , 2010, AFRICACRYPT.

[7]  Jean-Jacques Quisquater,et al.  Efficient revocation and threshold pairing based cryptosystems , 2003, PODC '03.

[8]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[9]  Zhenfu Cao,et al.  CCA-Secure Proxy Re-Encryption without Pairings , 2009, IACR Cryptol. ePrint Arch..

[10]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[11]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[12]  Kefei Chen,et al.  Chosen-Ciphertext Secure Proxy Re-encryption without Pairings , 2008, CANS.

[13]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[14]  Gene Tsudik,et al.  Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[15]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[16]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[17]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[18]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[19]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[20]  Chosen-Ciphertext Secure Proxy Re-Encryption Schemes without Pairings , 2010 .

[21]  Robert H. Deng,et al.  Conditional proxy re-encryption secure against chosen-ciphertext attack , 2009, ASIACCS '09.

[22]  Robert H. Deng,et al.  Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security , 2009, ISC.

[23]  M. Mambo,et al.  Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts (Special Section on Cryptography and Information Security) , 1997 .

[24]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[25]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[26]  Yevgeniy Dodis,et al.  Proxy cryptography revisted , 2003 .