Paper 2008/463

Key-Private Proxy Re-Encryption

Giuseppe Ateniese, Karyn Benson, and Susan Hohenberger


Proxy re-encryption (PRE) allows a proxy to convert a ciphertext encrypted under one key into an encryption of the same message under another key. The main idea is to place as little trust and reveal as little information to the proxy as necessary to allow it to perform its translations. At the very least, the proxy should not be able to learn the keys of the participants or the content of the messages it re-encrypts. However, in all prior PRE schemes, it is easy for the proxy to determine between which participants a re-encryption key can transform ciphertexts. This can be a problem in practice. For example, in a secure distributed file system, content owners may want to use the proxy to help re-encrypt sensitive information *without* revealing to the proxy the *identity* of the recipients. In this work, we propose key-private (or anonymous) re-encryption keys as an additional useful property of PRE schemes. We formulate a definition of what it means for a PRE scheme to be secure and key-private. Surprisingly, we show that this property is not captured by prior definitions or achieved by prior schemes, including even the secure *obfuscation* of PRE by Hohenberger, Rothblum, shelat and Vaikuntanathan (TCC 2007). Finally, we propose the first key-private PRE construction and prove its security under a simple extension of the Decisional Bilinear Diffie Hellman assumption and its key-privacy under the Decision Linear assumption in the standard model.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. To appear in CT-RSA 2009. This is the full version.
Contact author(s)
susan @ cs jhu edu
2009-01-22: revised
2008-11-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Giuseppe Ateniese and Karyn Benson and Susan Hohenberger},
      title = {Key-Private Proxy Re-Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2008/463},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.