Cryptology ePrint Archive: Report 2007/171
Chosen-Ciphertext Secure Proxy Re-Encryption
Ran Canetti and Susan Hohenberger
Abstract: In a proxy re-encryption (PRE) scheme, a proxy is given special information that
allows it to translate a ciphertext under one key into a ciphertext of the
same message under a different key. The proxy cannot, however, learn
anything about the messages encrypted under either key. PRE
schemes have many practical applications, including distributed storage, email, and DRM. Previously proposed re-encryption schemes achieved
only semantic security;
in contrast, applications often require security
against chosen ciphertext attacks. We propose a definition of security
against chosen ciphertext attacks for PRE schemes, and present a
scheme that satisfies the definition. Our construction is efficient and based
only on the Decisional Bilinear Diffie-Hellman assumption
in the standard model. We also formally capture CCA security for PRE schemes
via both a game-based definition and simulation-based definitions that
guarantee universally composable security.
We note that, simultaneously with our work, Green and Ateniese proposed
a CCA-secure PRE, discussed herein.
Category / Keywords: public-key cryptography / re-encryption, chosen-ciphertext security, obfuscation
Publication Info: Full version of paper in ACM CCS 2007.
Date: received 8 May 2007, last revised 29 Oct 2007
Contact author: susan at cs jhu edu
Available format(s): PDF | BibTeX Citation
Version: 20071029:223232 (All versions of this report)
Short URL: ia.cr/2007/171
[ Cryptology ePrint archive ]