Cryptology ePrint Archive: Report 2009/164

CCA-Secure Proxy Re-Encryption without Pairings

Jun Shao and Zhenfu Cao

Abstract: In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice's public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto conversion, we propose a proxy re-encryption scheme \emph{without} pairings, in which the proxy can only transform the ciphertext in one direction. The proposal is secure against chosen ciphertext attack (CCA) and collusion attack in the \emph{random oracle model} based on Decisional Diffie-Hellman (DDH) assumption over $\mathbb{Z}_{N^2}^*$ and integer factorization assumption, respectively. To the best of our knowledge, it is the \emph{first} unidirectional PRE scheme with CCA security and collusion-resistance.

Category / Keywords: public-key cryptography / Unidirectional PRE, DDH, random oracle, CCA security, collusion-resistance

Publication Info: PKC 2009

Date: received 7 Apr 2009, last revised 19 Oct 2009

Contact author: chn junshao at gmail com

Available format(s): PDF | BibTeX Citation

Note: Add a check equation $A=(g'_0)^{H'(\sigma||m)}\bmod N'^2$ when decrypting re-encrypted ciphertexts.

Version: 20091019:192519 (All versions of this report)

Short URL: ia.cr/2009/164

Discussion forum: Show discussion | Start new discussion