## Cryptology ePrint Archive: Report 2009/189

Efficient Unidirectional Proxy Re-Encryption

Sherman S.M. Chow and Jian Weng and Yanjiang Yang and Robert H. Deng

Abstract: Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into one encrypting the same plaintext for Bob. The proxy only needs a re-encryption key given by Alice, and cannot learn anything about the plaintext encrypted. This adds flexibility in various applications, such as confidential email, digital right management and distributed storage. In this paper, we study unidirectional PRE, which the re-encryption key only enables delegation in one direction but not the opposite. In PKC 2009, Shao and Cao proposed a unidirectional PRE assuming the random oracle. However, we show that it is vulnerable to chosen-ciphertext attack (CCA). We then propose an efficient unidirectional PRE scheme (without resorting to pairings). We gain high efficiency and CCA-security using the token-controlled encryption'' technique, under the computational Diffie-Hellman assumption, in the random oracle model and a relaxed but reasonable definition.

Category / Keywords: public-key cryptography / proxy re-encryption, unidirectional, chosen-ciphertext attack

Publication Info: This is a preliminary full version of a paper appearing in Africacrypt 2010.

Date: received 4 May 2009, last revised 5 Mar 2010

Contact author: schow at cs nyu edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Short URL: ia.cr/2009/189

[ Cryptology ePrint archive ]