×

Unidirectional chosen-ciphertext secure proxy re-encryption. (English) Zbl 1162.94382

Cramer, Ronald (ed.), Public key cryptography – PKC 2008. 11th international workshop on practice and theory in public-key cryptography, Barcelona, Spain, March 9–12, 2008. Proceedings. Berlin: Springer (ISBN 978-3-540-78440-1/pbk). Lecture Notes in Computer Science 4939, 360-379 (2008).
Summary: M. Blaze, G. Bleumer and M. Strauss [Lect. Notes Comput. Sci. 1403, 127–144 (1998; Zbl 0929.68048)] proposed a cryptographic primitive called proxy re-encryption, in which a proxy transforms – without seeing the corresponding plaintext – a ciphertext computed under Alice’s public key into one that can be opened using Bob’s secret key. Recently, an appropriate definition of chosen-ciphertext security and a construction fitting this model were put forth by Canetti and Hohenberger. Their system is bidirectional: the information released to divert ciphertexts from Alice to Bob can also be used to translate ciphertexts in the opposite direction. In this paper, we present the first construction of unidirectional proxy re-encryption scheme with chosen-ciphertext security in the standard model (i.e. without relying on the random oracle idealization), which solves a problem left open at CCS 2007. Our construction is efficient and requires a reasonable complexity assumption in bilinear map groups. Like the Canetti-Hohenberger scheme, it ensures security according to a relaxed definition of chosen-ciphertext introduced by Canetti, Krawczyk and Nielsen.
For the entire collection see [Zbl 1130.94002].

MSC:

94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing

Citations:

Zbl 0929.68048
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] An, J.-H.; Dodis, Y.; Rabin, T.; Knudsen, L. R., On the security of joint signature and encryption, Advances in Cryptology - EUROCRYPT 2002, 83-107 (2002), Heidelberg: Springer, Heidelberg · Zbl 1055.94511 · doi:10.1007/3-540-46035-7_6
[2] Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage. In: NDSS (2005) · Zbl 1281.94070
[3] Ateniese, G.; Fu, K.; Green, M.; Hohenberger, S., Improved proxy re-encryption schemes with applications to secure distributed storage, ACM TISSEC, 9, 1, 1-30 (2006) · Zbl 1281.94070 · doi:10.1145/1127345.1127346
[4] Bellare, M.; Rogaway, P., Random oracles are practical: A paradigm for designing efficient protocols, ACM CCS 1993, 62-73 (1993), New York: ACM Press, New York · doi:10.1145/168588.168596
[5] Blaze, M.; Bleumer, G.; Strauss, M.; Nyberg, K., Divertible Protocols and Atomic Proxy Cryptography, Advances in Cryptology - EUROCRYPT ’98, 127-144 (1998), Heidelberg: Springer, Heidelberg · Zbl 0929.68048 · doi:10.1007/BFb0054122
[6] Boneh, D.; Boyen, X.; Cachin, C.; Camenisch, J. L., Efficient selective-ID secure identity based encryption without random oracles, Advances in Cryptology - EUROCRYPT 2004, 223-238 (2004), Heidelberg: Springer, Heidelberg · Zbl 1122.94355
[7] Boneh, D.; Franklin, M.; Kilian, J., Identity-based encryption from the Weil pairing, Advances in Cryptology - CRYPTO 2001, 213-229 (2001), Heidelberg: Springer, Heidelberg · Zbl 1002.94023 · doi:10.1007/3-540-44647-8_13
[8] Boneh, D., Gentry, C., Hamburg, M.: Space-Efficient Identity Based Encryption Without Pairings. In: FOCS 2007 (to appear, 2007)
[9] Boneh, D.; Katz, J.; Menezes, A., Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption, Topics in Cryptology - CT-RSA 2005, 87-103 (2005), Heidelberg: Springer, Heidelberg · Zbl 1079.94535
[10] Boyen, X.; Mei, Q.; Waters, B., Direct Chosen Ciphertext Security from Identity-Based Techniques, ACM CCS 2005, 320-329 (2005), New York: ACM Press, New York · doi:10.1145/1102120.1102162
[11] Boyen, X.; Waters, B.; Dwork, C., Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles), Advances in Cryptology - CRYPTO 2006, 290-307 (2006), Heidelberg: Springer, Heidelberg · Zbl 1161.94390 · doi:10.1007/11818175_17
[12] Canetti, R.; Hohenberger, S., Chosen-Ciphertext Secure Proxy Re-Encryption, ACM CCS 2007, 185-194 (2007), New York: ACM Press, New York · doi:10.1145/1315245.1315269
[13] Canetti, R.; Krawczyk, H.; Nielsen, J. B.; Boneh, D., Relaxing Chosen-Ciphertext Security, Advances in Cryptology - CRYPTO 2003, 565-582 (2003), Heidelberg: Springer, Heidelberg · Zbl 1122.94359
[14] Canetti, R.; Halevi, S.; Katz, J.; Cachin, C.; Camenisch, J. L., Chosen-Ciphertext Security from Identity-Based Encryption, Advances in Cryptology - EUROCRYPT 2004, 207-222 (2004), Heidelberg: Springer, Heidelberg · Zbl 1122.94358
[15] Dodis, Y., Ivan, A.-A.: Proxy Cryptography Revisited. In: NDSS 2003 (2003)
[16] Dodis, Y.; Yampolskiy, A.; Vaudenay, S., A Verifiable Random Function with Short Proofs and Keys, Public Key Cryptography - PKC 2005, 416-431 (2005), Heidelberg: Springer, Heidelberg · Zbl 1081.94521
[17] ElGamal, T.; Blakely, G. R.; Chaum, D., A public key cryptosystem and a signature scheme based on discrete logarithms, Advances in Cryptology, 10-18 (1985), Heidelberg: Springer, Heidelberg · Zbl 1359.94590 · doi:10.1007/3-540-39568-7_2
[18] Granger, R., Smart, N.P.: On Computing Products of Pairings. Cryptology ePrint Archive, Report 2006/172 (2006)
[19] Green, M.; Ateniese, G.; Katz, J.; Yung, M., Identity-Based Proxy Re-encryption, Applied Cryptography and Network Security, 288-306 (2007), Heidelberg: Springer, Heidelberg · Zbl 1214.94045 · doi:10.1007/978-3-540-72738-5_19
[20] Hohenberger, S.: Advances in Signatures, Encryption, and E-Cash from Bilinear Groups. Ph.D. Thesis, MIT (May 2006)
[21] Hohenberger, S.; Rothblum, G. N.; Shelat, A.; Vaikuntanathan, V.; Vadhan, S. P., Securely Obfuscating Re-encryption, Theory of Cryptography, 233-252 (2007), Heidelberg: Springer, Heidelberg · Zbl 1129.94027 · doi:10.1007/978-3-540-70936-7_13
[22] Jakobsson, M.; Imai, H.; Zheng, Y., On Quorum Controlled Asymmetric Proxy Re-encryption, Public Key Cryptography, 112-121 (1999), Heidelberg: Springer, Heidelberg · Zbl 0947.68528 · doi:10.1007/3-540-49162-7_9
[23] Kiltz, E.; Halevi, S.; Rabin, T., Chosen-Ciphertext Security from Tag-Based Encryption, Theory of Cryptography, 581-600 (2006), Heidelberg: Springer, Heidelberg · Zbl 1113.94008 · doi:10.1007/11681878_30
[24] Kiltz, E.; Yung, M.; Dodis, Y.; Kiayias, A.; Malkin, T. G., On the Limitations of the Spread of an IBE-to-PKE Transformation, Public Key Cryptography - PKC 2006, 274-289 (2006), Heidelberg: Springer, Heidelberg · Zbl 1151.94526 · doi:10.1007/11745853_18
[25] Kiltz, E.; Galindo, D.; Batten, L. M.; Safavi-Naini, R., Direct Chosen-Ciphertext Secure Identity-Based Key Encapsulation without Random Oracles, Information Security and Privacy, 336-347 (2006), Heidelberg: Springer, Heidelberg · Zbl 1176.94046 · doi:10.1007/11780656_28
[26] Mambo, M., Okamoto, E.: Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts. IEICE Trans. Fund. Elect. Communications and CS, E80-A/1, 54-63 (1997)
[27] Rackoff, C.; Simon, D.; Feigenbaum, J., Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, Advances in Cryptology - CRYPTO ’91, 433-444 (1992), Heidelberg: Springer, Heidelberg · Zbl 0767.94006
[28] Shamir, A.; Blakely, G. R.; Chaum, D., Identity based cryptosystems and signature schemes, Advances in Cryptology, 47-53 (1985), Heidelberg: Springer, Heidelberg · Zbl 1359.94626 · doi:10.1007/3-540-39568-7_5
[29] Shoup, V.: A proposal for the ISO standard for public-key encryption (version 2.1). manuscript (2001), http://shoup.net/
[30] Waters, B.; Cramer, R. J.F., Efficient Identity-Based Encryption Without Random Oracles, Advances in Cryptology - EUROCRYPT 2005, 114-127 (2005), Heidelberg: Springer, Heidelberg · Zbl 1137.94360
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.