Paper 2013/872

PRE^{+}: Dual of Proxy Re-encryption and Its Application

Xu An Wang and Yunlong Ge and Xiaoyuan Yang

Abstract

In Eurocrypt’98, Blaze et al. introduced the concept of proxy re-encryption (PRE). It allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into one which can be decrypted by Bob, without the proxy knowing the corresponding plaintext. PRE has found many applications, such as in encrypted e-mail forwarding[8], distributed secure file systems[1,2], multicast[10] cloud computation etc. However, all the PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we introduce a new primitive: PRE^{+}, which is almost the same as the traditional PRE except the re-encryption keys generated by the encrypter. Interestingly, this PRE^{+} can be viewed as the dual of the traditional PRE. Compared with PRE, PRE can easily achieve the non-transferable property and message-level based fine-grained delegation, while these two properties are very desirable in practical applications. We first categorize PRE^{+} as the single-hop and multi-hop variant and discuss its potential applications, then we give the definition and security model for the single-hop PRE^{+}, construct a concrete scheme and prove its security. Finally we conclude our paper with many interesting open problems.

Note: Welcome any comments.