1. A multi-hop MSS-secure bidirectional PRE scheme with security against chosen plaintext attacks (CPA) in the standard model, where the ciphertext remains constant size regardless of how many times it has been re-encrypted. To the best of our knowledge, there exists previously no MSS-secure multi-hop bidirectional PRE scheme with constant size of ciphertexts (whether in the random oracle model or not).
2. A single-hop MSS-secure and non-transitive bidirectional PRE scheme with security against chosen ciphertext attacks (CCA) in the standard model. The CCA-secure scheme is based on the CPA-secure scheme, and particularly employs a new re-encryption key (REK) generation mechanism to which each user makes equal contributions, where a \emph{single} REK is used in both directions with the same proxy computation. Single-hop non-transitive bidirectional PRE schemes also enjoy better fine-grained delegate right control (against malicious proxy).
The security analysis uses Coron's technique [Coron, Crypto 2000], which particularly allows adaptive secret key corruption. Along the way, we also refine and clarify the security models for bidirectional PRE.
Category / Keywords: public-key cryptography / public key cryptography Date: received 1 May 2011, last revised 8 May 2011 Contact author: cryptjweng at gmail com Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20110508:084233 (All versions of this report) Discussion forum: Show discussion | Start new discussion