Paper 2009/164
CCA-Secure Proxy Re-Encryption without Pairings
Jun Shao and Zhenfu Cao
Abstract
In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice's public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto conversion, we propose a proxy re-encryption scheme \emph{without} pairings, in which the proxy can only transform the ciphertext in one direction. The proposal is secure against chosen ciphertext attack (CCA) and collusion attack in the \emph{random oracle model} based on Decisional Diffie-Hellman (DDH) assumption over $\mathbb{Z}_{N^2}^*$ and integer factorization assumption, respectively. To the best of our knowledge, it is the \emph{first} unidirectional PRE scheme with CCA security and collusion-resistance.
Note: Add a check equation $A=(g'_0)^{H'(\sigma||m)}\bmod N'^2$ when decrypting re-encrypted ciphertexts.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. PKC 2009
- Keywords
- Unidirectional PREDDHrandom oracleCCA securitycollusion-resistance
- Contact author(s)
- chn junshao @ gmail com
- History
- 2009-10-19: last of 3 revisions
- 2009-04-10: received
- See all versions
- Short URL
- https://ia.cr/2009/164
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2009/164, author = {Jun Shao and Zhenfu Cao}, title = {{CCA}-Secure Proxy Re-Encryption without Pairings}, howpublished = {Cryptology {ePrint} Archive, Paper 2009/164}, year = {2009}, url = {https://eprint.iacr.org/2009/164} }