Cryptology ePrint Archive: Report 2016/293

A Parametric Family of Attack Models for Proxy Re-Encryption

David Nuñez, Isaac Agudo, and Javier Lopez

Abstract: Proxy Re-Encryption (PRE) is a type of Public-Key Encryption (PKE) that provides an additional re-encryption functionality. Although PRE is inherently more complex than PKE, attack models for PRE have not been developed further than those inherited from PKE. In this paper we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of fine-grained security notions for PRE, ranging from “plain” IND-CPA to “full” IND-CCA. We analyze some relations among these notions of security, and in particular, the separations, which further support the importance of the re-encryption oracle. The identified separations stem from the study of a new property of PRE, called privacy of re-encryption keys, which captures the requirement that re-encryption keys should not be leaked through the re-encryption function. Finally, we show that the scheme by Kirshanova (PKC 2014), which does not satisfy this property, cannot achieve a meaningful security notion for PRE since it is vulnerable to chosen-ciphertext attacks using the re-encryption oracle. This attack emphasizes the fact that PRE schemes that leak re-encryption keys cannot achieve strong security notions.

Category / Keywords: public-key cryptography / proxy re-encryption, security notions, attack models

Original Publication (with minor differences): Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF 2015)

Date: received 16 Mar 2016

Contact author: dnunez at lcc uma es

Available format(s): PDF | BibTeX Citation

Note: This is the revised version of the paper with the same title that appears in Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF 2015)

Version: 20160317:161806 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]