Showing papers on "Proxy re-encryption published in 2008"

Unidirectional chosen-ciphertext secure proxy re-encryption

Abstract: In 1998, Blaze, Bleumer, and Strauss proposed a cryptographic primitive called proxy re-encryption, in which a proxy transforms - without seeing the corresponding plaintext - a ciphertext computed under Alice's public key into one that can be opened using Bob's secret key. Recently, an appropriate definition of chosen-ciphertext security and a construction fitting this model were put forth by Canetti and Hohenberger. Their system is bidirectional: the information released to divert ciphertexts from Alice to Bob can also be used to translate ciphertexts in the opposite direction. In this paper, we present the first construction of unidirectional proxy re-encryption scheme with chosen-ciphertext security in the standard model (i.e. without relying on the random oracle idealization), which solves a problem left open at CCS'07. Our construction is efficient and requires a reasonable complexity assumption in bilinear map groups. Like the Canetti-Hohenberger scheme, it ensures security according to a relaxed definition of chosen-ciphertext introduced by Canetti, Krawczyk and Nielsen.

Chosen-Ciphertext Secure Proxy Re-encryption without Pairings

Abstract: In a proxy re-encryption system, a semi-trusted proxy can convert a ciphertext originally intended for Alice into a ciphertext intended for Bob, without learning the underlying plaintext. Proxy re-encryption has found many practical applications, such as encrypted email forwarding, secure distributed file systems, and outsourced filtering of encrypted spam. In ACM CCS'07, Canetti and Hohenberger presented a proxy re-encryption scheme with chosen-ciphertext security, and left an important open problem to construct a chosen-ciphertext secure proxy re-encryption scheme without pairings. In this paper, we solve this open problem by proposing a new proxy re-encryption scheme without resort to bilinear pairings. Based on the computational Diffie-Hellman (CDH) problem, the chosen-ciphertext security of the proposed scheme is proved in the random oracle model.

Type-Based Proxy Re-encryption and Its Construction

Abstract: Recently, the concept of proxy re-encryption has been shown very useful in a number of applications, especially in enforcing access control policies. In existing proxy re-encryption schemes, the delegatee can decrypt all ciphertexts for the delegator after re-encryption by the proxy. Consequently, in order to implement fine-grained access control policies, the delegator needs to either use multiple key pairs or trust the proxy to behave honestly. In this paper, we extend this concept and propose type-based proxy re-encryption, which enables the delegator to selectively delegate his decryption right to the delegatee while only needs one key pair. As a result, type-based proxy re-encryption enables the delegator to implement fine-grained policies with one key pair without any additional trust on the proxy. We provide a security model for our concept and provide formal definitions for semantic security and ciphertext privacy which is a valuable attribute in privacy-sensitive contexts. We propose two type-based proxy re-encryption schemes: one is CPA secure with ciphertext privacy while the other is CCA secure without ciphertext privacy.

Tracing Malicious Proxies in Proxy Re-encryption

Abstract: In 1998, Blaze, Bleumer and Strauss put forth a cryptographic primitive, termed proxy re-encryption, where a semi-trusted proxy is given some piece of information that enables the re-encryption of ciphertexts from one key to another. Unidirectional schemes only allow translating from the delegator to the delegatee and not in the opposite direction. In all constructions described so far, although colluding proxies and delegatees cannot expose the delegator's long term secret, they can derive and disclose sub-keys that suffice to open all translatable ciphertexts sent to the delegator. They can also generate new re-encryption keys for receivers that are not trusted by the delegator. In this paper, we propose traceable proxy re-encryptionsystems, where proxies that leak their re-encryption key can be identified by the delegator. The primitive does not preclude illegal transfers of delegation but rather strives to deter them. We give security definitions for this new primitive and a construction meeting the formalized requirements. This construction is fairly efficient, with ciphertexts that have logarithmic size in the number of delegations, but uses a non-black-box tracing algorithm. We discuss how to provide the scheme with a black box tracing mechanism at the expense of longer ciphertexts.

Inter-domain Identity-based Proxy Re-encryption

Abstract: Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). So far, no particular research efforts have been devoted to this primitive in the inter-domain identity-based setting, where the delegator and the delegatee are registered at different domains. In this paper we analyze the trust relationships and possible threats to the plaintexts of both the delegator and the delegatee in this setting, and provide game-based semantic security definitions. We propose a new inter-domain identity-based proxy re-encryption scheme and prove its security in our security model. An interesting property of our scheme is that, to achieve the chosen plaintext security for the delegator, the delegatee's IBE only needs to be one-way.

A Type-and-Identity-Based Proxy Re-encryption Scheme and Its Application in Healthcare

Abstract: Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatee's private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme.

A Type-and-Identity-based Proxy Re-Encryption Scheme and its Application in Healthcare

Abstract: Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatee's private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme.

RSA-TBOS signcryption with proxy re-encryption

Abstract: The recent attack on Apple iTunes Digital Rights Management [17] has brought to light the usefulness of proxy re-encryption schemes for Digital Rights Management. It is known that the use of proxy re-encryption would have prevented the attack in [17]. With this utility in mind and with the added requirement of non-repudiation, we propose the first ever signcryption scheme with proxy re-encryption that does not involve bilinear maps. Our scheme is called RSA-TBOS-PRE and is based on the RSA-TBOS signcryption scheme of Mao and Malone-Lee [7]. We adapt various models available in the literature concerning authenticity, unforgeability and non-repudiation and propose a signature non-repudiation model suitable for signcryption schemes with proxy re-encryption. We show the non-repudiability of our scheme in this model. We also introduce and define a new security notion of Weak-IND-CCA2, a slightly weakened adaptation of the IND-CCA2 security model for signcryption schemes and prove that RSA-TBOS-PRE is secure in this model. Our scheme is Weak-IND-CCA2 secure, unidirectional, extensible to multi-use and does not use bilinear maps. This represents significant progress towards solving the open problem of designing an IND-CCA2 secure, unidirectional, multi-use scheme not using bilinear maps proposed in [15][12].

Key-Private Proxy Re-Encryption.

Abstract: Proxy re-encryption (PRE) allows a proxy to convert a ciphertext encrypted under one key into an encryption of the same message under another key. The main idea is to place as little trust and reveal as little information to the proxy as necessary to allow it to perform its translations. At the very least, the proxy should not be able to learn the keys of the participants or the content of the messages it re-encrypts. However, in all prior PRE schemes, it is easy for the proxy to determine between which participants a re-encryption key can transform ciphertexts. This can be a problem in practice. For example, in a secure distributed file system, content owners may want to use the proxy to help re-encrypt sensitive information without revealing to the proxy the identity of the recipients. In this work, we propose key-private (or anonymous) re-encryption keys as an additional useful property of PRE schemes. We formulate a definition of what it means for a PRE scheme to be secure and key-private. Surprisingly, we show that this property is not captured by prior definitions or achieved by prior schemes, including even the secure obfuscation of PRE by Hohenberger et al. (TCC 2007). Finally, we propose the first key-private PRE construction and prove its CPA-security under a simple extension of Decisional Bilinear Diffie Hellman assumption and its key-privacy under the Decision Linear assumption in the standard model.

Signcryption with Proxy Re-encryption.

Abstract: Con dentiality and authenticity are two of the most fundamental problems in cryptography. Many applications require both condentiality and authenticity, and hence an e cient way to get both together was very desirable. In 1997, Zheng proposed the notion of signcryption , a single primitive which provides both con dentiality and authenticity in a way that's more e cient than signing and encrypting separately. Proxy re-encryption is a primitive that allows a semi-trusted entity called the proxy to convert ciphertexts addressed to a delegator to those that can be decrypted by a delegatee , by using some special information given by the delegator, called the rekey . In this work, we propose the notion of signcryption with proxy re-encryption (SCPRE), and motivate the same. We de ne security models for SCPRE, and also propose a concrete unidirectional, non-interactive identity-based SCPRE construction. We also provide complete proofs of security for the scheme in the security models dened. We nally provide directions for further research in this area.

Chosen-Ciphertext Secure Proxy Re-Encryption without Pairings.

Abstract: Proxy re-encryption (PRE), introduced by Blaze, Bleumer and Strauss, allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into an encryption of the same message intended for Bob. Proxy re-encryption has found many practical applications, such as encrypted email forwarding, secure distributed file systems, and outsourced filtering of encrypted spam. In ACM CCS’07, Canetti and Hohenberger presented a bidirectional PRE scheme with chosen-ciphertext security, and left an important open problem to construct a chosen-ciphertext secure proxy reencryption scheme without pairings. In this paper, we propose a bidirectional PRE scheme with chosen-ciphertext security. The proposed scheme is fairly efficient due to two distinguished features: (i) it does not use the costly bilinear pairings; (ii) the computational cost and the ciphertext length decrease with re-encryption.

On the Role of PKG for Proxy Re-encryption in Identity Based Setting.

Abstract: In 1998, Blaze, Bleumer, and Strauss proposed a kind of cryptographic primitive called proxy re-encryption[3] In proxy re-encryption, a proxy can transform a ciphertext computed under Alice’s public key into one that can be opened under Bob’s decryption key In 2007, Matsuo proposed the concept of four types of proxy re-encryption schemes: CBE(Certificate Based Public Key Encryption) to IBE(Identity Based Encryption)(type 1), IBE to IBE(type 2), IBE to CBE (type 3), CBE to CBE (type 4)[29] Now CBE to IBE and IBE to IBE proxy re-encryption schemes are being standardized by IEEEP13633 working group[31] In this paper, based on [29] we pay attention to the role of PKG for proxy re-encryption in identity based setting We find that if we allow the PKG to use its master-key in the process of generating re-encryption key for proxy re-encryption in identity based setting, many open problems can be solved Our main results are as following: We construct the first proxy re-encryption scheme from CBE to IBE which can resist malicious PKG attack, the first proxy re-encryption scheme from IBE to CBE, the second proxy re-encryption scheme based on a variant of BB1 IBE , the first proxy re-encryption scheme based on BB2 IBE, the first proxy re-encryption scheme based on SK IBE, we also prove their security in their corresponding security models

Fully Secure Identity Based Proxy Re-Encryption Schemes in the Standard Model

Abstract: A proxy re-encryption scheme allows the proxy to transform ciphertext computed under one public key into the different ciphertext that can be decrypted by using another public key. Recently, many identity-based proxy re-encryption schemes have been proposed. However, all of these schemes are only proved secure in the random oracle not in the standard model. In this paper, Based on Waters's identity based encryption, an identity based proxy re-encryption scheme is proposed that is proved fully secure without the random model. The proposed scheme's security can be reduced to the decision Bilinear Diffie-Hellman assumption.

Efficient ibe-pke proxy re-encryption

Abstract: In proxy re-encryption schemes, a semi-trusted entity called proxy can convert a ciphertext encrypted for Alice into a new ciphertext for Bob without seeing the underlying plaintext. Several proxy re-encryption schemes have been proposed, however, only one scheme which enables the conversion of IBE ciphertexts to PKE ciphertexts has been proposed and it has some drawbacks. In that scheme, the size of the re-encrypted ciphertext increases and Bob must be aware of existence of the proxy, which means Bob cannot decrypt a re-encrypted ciphertext with same PKE decryption algorithm. We propose a new, efficient scheme that enables the conversion of IBE ciphertexts to PKE ciphertexts, and prove CPA security in the standard model. In our scheme, the size of the re-encrypted ciphertext is optimal and Bob does not aware of existence of the proxy. As far as we knows, this is the first IBE-PKE type scheme that holds the above properties.

Secure proxy re-encryption from CBE to IBE

Abstract: In this paper, an efficient hybrid proxy re-encryption scheme that allows the transformation of the ciphertexts in a traditional public key cryptosystem into the ciphertexts in an identity-based system is proposed. The scheme is non-interactive, unidirectional and collude “safe”. Furthermore, it is compatible with current IBE (identity-based encryption) deployments. The scheme has chosen ciphertext security in the random oracle model assuming the hardness of the Decisional Bilinear Diffie-Hellman problem.