ABSTRACT
In a proxy re-encryption (PRE) system [4], a proxy, authorized by Alice, can convert a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. PRE has found many practical applications requiring delegation. However, it is inadequate to handle scenarios where a fine-grained delegation is demanded. To overcome the limitation of existing PRE systems, we introduce the notion of conditional proxy re-encryption (C-PRE), whereby only ci-phertext satisfying a specific condition set by Alice can be transformed by the proxy and then decrypted by Bob. We formalize its security model and propose an efficient C-PRE scheme, whose chosen-ciphertext security is proven under the 3-quotient bilinear Diffie-Hellman assumption. We further extend the construction to allow multiple conditions with a slightly higher overhead.
- G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. In NDSS 2005, pages 29--43.Google Scholar
- G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Transactions on Information and System Security (TISSEC), 9(1):1--30, February 2006. Google ScholarDigital Library
- J. Baek, R. Safavi-Naini, and W. Susilo. Certificatless public key encryption without pairing. In ISC 2005, pages 134--148. Springer-Verlag. Google ScholarDigital Library
- M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In In advances in Cryptology-Eurocrypt 1998, pages 127--144. Springer-Verlag.Google Scholar
- D. Boneh and X. Boyen. Efficient selective-id secure identity based encryption without random oracles. In In advances in Cryptology-Eurocrypt 2004, pages 223--238. Springer-Verlag.Google Scholar
- D. Boneh and M. Franklin. Identity based encryption from the weil pairing. In In advances in Cryptology-Crypto 2001, pages 213--229. Springer-Verlag. Google ScholarDigital Library
- D. Boneh, E.-J. Goh, and T. Matsuo. Proposal for p1363.3 proxy re-encryption. In http://grouper.ieee.org/groups/1363/IBC/submissions/NTTDataProposal-for- P1363.3-2006-08-14.pdf.Google Scholar
- R. Caneti and S. Hohenberger. Chosen-ciphertext secure proxy re-encryption. In ACM CCS 2007, pages 185--194. ACM Press. Google ScholarDigital Library
- C. Chu and W. Tzeng. Identity-based proxy re-encryption without random oracles. In ISC 2007, pages 189--202. Springer-Verlag. Google ScholarDigital Library
- J.-S. Coron. On the exact security of full domain hash. In In advances in Cryptology-Crypto 2000, pages 229--235. Springer-Verlag. Google ScholarDigital Library
- R. H. Deng, J. Weng, S. Liu, and K. Chen. Chosen-ciphertext secure proxy re-encryption without pairings. In CANS 2008, pages 1--17. Springer-Verlag, December 2008. Google ScholarDigital Library
- Y. Dodis and A.-A. Ivan. Proxy cryptography revisited. In NDSS 2003.Google Scholar
- T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. In In Advances in Cryptology-Crypto'84, pages 10--18. Springer-Verlag. Google ScholarDigital Library
- E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In In Advances in Cryptology-Crypto 1999, pages 537--554. Springer-Verlag. Google ScholarDigital Library
- M. Green and G. Ateniese. Identity-based proxy re-encryption. In ACNS 2007, pages 288--306. Springer-Verlag. Google ScholarDigital Library
- M. Jakobsson. On quorum controlled asummetric proxy re-encryption. In PKC 1999, pages 112--121. Springer-Verlag. Google ScholarDigital Library
- B. Libert and D. Vergnaud. Tracing malicious proxies in proxy re-encryption. In Pairing 2008, pages 332--353. Springer-Verlag. Google ScholarDigital Library
- B. Libert and D. Vergnaud. Unidirectional chosen-ciphertext secure proxy re-encryption. In PKC 2008, pages 360--379. Springer-Verlag. Google ScholarDigital Library
- M. Mambo and E. Okamoto. Proxy cryptosystems: Delegation of the power to decrypt ciphertexts. IEICE Trans. Fund. Electronics Communications and Computer Science, E80-A(1):54--63.Google Scholar
- J. Weng, R. H. Deng, S. Liu, K. Chen, J. Lai, and X. Wang. Chosen-ciphertext secure proxy re-encryption schemes without pairings. In http://eprint.iacr.org/2008/509.pdf (full paper of {11}). Google ScholarDigital Library
Index Terms
- Conditional proxy re-encryption secure against chosen-ciphertext attack
Recommendations
Chosen-ciphertext secure proxy re-encryption
CCS '07: Proceedings of the 14th ACM conference on Computer and communications securityIn a proxy re-encryption (PRE) scheme, a proxy is given special information that allows it to translate a ciphertext under one key into a ciphertext of the same message under a different key. The proxy cannot, however, learn anything about the messages ...
Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search
Weng et al. introduced the notion of conditional proxy re-encryption (or C-PRE, for short), whereby only the ciphertext satisfying one condition set by the delegator can be transformed by the proxy and then decrypted by delegatee. Nonetheless, they left ...
Chosen-Ciphertext Secure Proxy Re-encryption without Pairings
CANS '08: Proceedings of the 7th International Conference on Cryptology and Network SecurityIn a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such ...
Comments