Paper 2009/344

Comments on Shao-Cao's Unidirectional Proxy Re-Encryption Scheme from PKC 2009

Xi Zhang, Min-Rong Chen, and Xia Li

Abstract

In Eurocrypt'98, Blaze, Bleumer and Strauss [4] introduced a primitive named proxy re-encryption (PRE), in which a semi-trusted proxy can convert - without seeing the plaintext - a ciphertext originally intended for Alice into an encryption of the same message intended for Bob. PRE systems can be categorized into bidirectional PRE, in which the proxy can transform from Alice to Bob and vice versa, and unidirectional PRE, in which the proxy cannot transforms ciphertexts in the opposite direction. How to construct a PRE scheme secure against chosen-ciphertext attack (CCA) without pairings is left as an open problem in ACM CCS'07 by Canetti and Hohenberger [7]. In CANS'08, Deng et al. [8] successfully proposed a CCA-secure bidirectional PRE scheme without pairings. In PKC'09, Shao and Cao [10] proposed a unidirectional PRE without pairings, and claimed that their scheme is CCA-secure. They compared their scheme with Libert-Vergnaud's pairing-based unidirectional PRE scheme from PKC'08, and wanted to indicate that their scheme gains advantages over Libert-Vergnaud's scheme. However, Weng et al. [13] recently pointed out that Shao-Cao's scheme is not CCA-secure by giving a concrete chosen-ciphertext attack, and they also presented a more efficient CCA-secure unidirectional PRE scheme without parings. In this paper, we further point out that, Shao-Cao's comparison between their scheme and Libert-Vergnaud's scheme is unfair, since Shao-Cao's scheme is even not secure against chosen-plaintext attack (CPA) in Libert-Vergnaud's security model.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
public-key cryptography
Contact author(s)
csxizhang @ gmail com
History
2009-07-16: received
Short URL
https://ia.cr/2009/344
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/344,
      author = {Xi Zhang and Min-Rong Chen and Xia Li},
      title = {Comments on Shao-Cao's Unidirectional Proxy Re-Encryption Scheme  from {PKC} 2009},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/344},
      year = {2009},
      url = {https://eprint.iacr.org/2009/344}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.