Proxy re-encryption

About: Proxy re-encryption is a research topic. Over the lifetime, 708 publications have been published within this topic receiving 33624 citations.

Outsourcing the Re-encryption Key Generation: Flexible Ciphertext-Policy Attribute-Based Proxy Re-encryption

Abstract: In this paper, we introduce a new proxy re-encryption (PRE) in that the re-encryption key generation can be outsourced, in attribute-based encryption. We call this new notion flexible ciphertext-policy attribute-based proxy re-encryption (flexible CP-AB-PRE). In ordinary PRE scheme, re-encryption keys are generated by using user’s decryption key and an access structure. So, whenever the access structure is changed, a PRE user has to generate new different re-encryption keys. In order to overcome this disadvantage of the ordinary PRE, the re-encryption key generation of the proposed scheme is divided into the following two steps. First, a user generates universal re-encryption key urk S which indicates delegator’s attributes set S. Second, an authority who has re-encryption secret key rsk generates ordinary re-encryption key \({\sf rk}_{S\rightarrow{\Bbb M}'}\) by using urk S , rsk, and an access structure \({\Bbb M}'\). The user has only to generate single urk S for all re-encryption keys. By this “outsourcing”, the task of re-encryption key generation for a user is reduced only to generate one urk S . Furthermore, supposing a Private Key Generator (PKG) generates urk simultaneously at the time of decryption key generation, the load of re-encryption key generation for users almost vanishes.

Realizing Proxy Re-encryption in the Symmetric World

Abstract: Proxy re-encryption is a useful concept and many proxy re-encryption schemes have been proposed in the asymmetric encryption setting. In the asymmetric encryption setting, proxy re-encryption can be beautifully implemented because many operations are available to directly transform a cipher to another cipher without the proxy needs to access the plaintexts. However, in many situations, for a better performance, the data is encrypted using symmetric ciphers. Most symmetric ciphers do not support proxy cryptography because of malleability (that is needed to implement the proxy re-encryption) is not a desired property in a secure encryption scheme. In this paper, we suggest an idea to implement a pure proxy re-encryption for the symmetric ciphers by first transforming the plaintext into a random sequence of blocks using an All or nothing transform (AONT). We show an example of the proxy re-encryption scheme using a weak encryption (i.e. simple permutation) that has a simple conversion function to convert a permutation to another. The encryption scheme exploits three characteristics of an AONT transformation: (1) the output of an AONT is a pseudorandom, (2) the output of an AONT cannot be transformed back if any parts is missing, and (3) the output of an AONT cannot be transformed back without having all blocks with correct position. We show security argument of the proposed scheme and its performance evaluation.

Fully-Anonymous Functional Proxy-Re-Encryption.

Abstract: In this paper, we introduce a general notion of functional proxy-re-encryption (F-PRE), where a wide class of functional encryption (FE) is combined with proxy-re-encryption (PRE) mechanism. The PRE encryption system should reveal minimal information to a proxy, in particular, hiding parameters of re-encryption keys and of original ciphertexts which he manipulate is highly desirable. We first formulate such a fully-anonymous security notion of F-PRE including usual payload-hiding properties. We then propose the first fully-anonymous inner-product PRE (IP-PRE) scheme, whose security is proven under the DLIN assumption and the existence of a strongly unforgeable one-time signature scheme in the standard model. Also, we propose the first ciphertext-policy F-PRE scheme with the access structures of Okamoto-Takashima (CRYPTO 2010), which also has an anonymity property for re-encryption keys as well as payload-hiding for original and re-encrypted ciphertexts. The security is proven under the same assumptions as the above IP-PRE scheme in the standard model. For these results, we develop novel blind delegation and subspace insulation for re-enc key basis techniques on the dual system encryption (DSE) paradigm and the dual pairing vector spaces (DPVS) approach. These techniques seem difficult to be realized by a composite-order bilinear group DSE approach.

On the security of a bidirectional proxy re-encryption scheme from PKC 2010

Abstract: In ACM CCS 2007, Canetti and Hohenberger left an interesting open problem of how to construct a chosen-ciphertext secure proxy re-encryption (PRE) scheme without bilinear maps. This is a rather interesting problem and has attracted great interest in recent years. In PKC 2010, Matsuda, Nishimaki and Tanaka introduced a novel primitive named re-applicable lossy trapdoor function, and then used it to construct a PRE scheme without bilinear maps. Their scheme is claimed to be chosen-ciphertext secure in the standard model. In this paper, we make a careful observation on their PRE scheme, and indicate that their scheme does not satisfy chosen-ciphertext security. The purpose of this paper is to clarify the fact that, it is still an open problem to come up with a chosen-ciphertext secure PRE scheme without bilinear maps in the standard model.