Paper 2007/171

Chosen-Ciphertext Secure Proxy Re-Encryption

Ran Canetti and Susan Hohenberger

Abstract

In a proxy re-encryption (PRE) scheme, a proxy is given special information that allows it to translate a ciphertext under one key into a ciphertext of the same message under a different key. The proxy cannot, however, learn anything about the messages encrypted under either key. PRE schemes have many practical applications, including distributed storage, email, and DRM. Previously proposed re-encryption schemes achieved only semantic security; in contrast, applications often require security against chosen ciphertext attacks. We propose a definition of security against chosen ciphertext attacks for PRE schemes, and present a scheme that satisfies the definition. Our construction is efficient and based only on the Decisional Bilinear Diffie-Hellman assumption in the standard model. We also formally capture CCA security for PRE schemes via both a game-based definition and simulation-based definitions that guarantee universally composable security. We note that, simultaneously with our work, Green and Ateniese proposed a CCA-secure PRE, discussed herein.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Full version of paper in ACM CCS 2007.
Keywords
re-encryptionchosen-ciphertext securityobfuscation
Contact author(s)
susan @ cs jhu edu
History
2007-10-29: revised
2007-05-12: received
See all versions
Short URL
https://ia.cr/2007/171
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/171,
      author = {Ran Canetti and Susan Hohenberger},
      title = {Chosen-Ciphertext Secure Proxy Re-Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2007/171},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/171}},
      url = {https://eprint.iacr.org/2007/171}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.