Paper 2018/321
Revisiting Proxy Re-Encryption: Forward Secrecy, Improved Security, and Applications
David Derler, Stephan Krenn, Thomas Lorünser, Sebastian Ramacher, Daniel Slamanig, and Christoph Striecks
Abstract
We revisit the notion of proxy re-encryption (PRE), an enhanced public-key encryption primitive envisioned by Blaze et al. (Eurocrypt'98) and formalized by Ateniese et al. (NDSS'05) for delegating decryption rights from a delegator to a delegatee using a semi-trusted proxy. PRE notably allows to craft re-encryption keys in order to equip the proxy with the power of transforming ciphertexts under a delegator's public key to ciphertexts under a delegatee's public key, while not learning anything about the underlying plaintexts. We study an attractive cryptographic property for PRE, namely that of forward secrecy. In our forward-secret PRE (fs-PRE) definition, the proxy periodically evolves the re-encryption keys and permanently erases old versions while the delegator's public key is kept constant. As a consequence, ciphertexts for old periods are no longer re-encryptable and, in particular, cannot be decrypted anymore at the delegatee's end. Moreover, delegators evolve their secret keys too, and, thus, not even they can decrypt old ciphertexts once their key material from past periods has been deleted. This, as we will discuss, directly has application in short-term data/message-sharing scenarios. Technically, we formalize fs-PRE. Thereby, we identify a subtle but significant gap in the well-established security model for conventional PRE and close it with our formalization (which we dub fs-PRE^+). We present the first provably secure and efficient constructions of fs-PRE as well as PRE (implied by the former) satisfying the strong fs-PRE^+ and PRE^+ notions, respectively. All our constructions are instantiable in the standard model under standard assumptions and our central building block are hierarchical identity-based encryption (HIBE) schemes that only need to be selectively secure.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- A major revision of an IACR publication in PKC 2018
- DOI
- 10.1007/978-3-319-76578-5_8
- Keywords
- forward secrecyproxy re-encryptionimproved security model
- Contact author(s)
- sebastian ramacher @ iaik tugraz at
- History
- 2018-05-03: revised
- 2018-04-09: received
- See all versions
- Short URL
- https://ia.cr/2018/321
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/321, author = {David Derler and Stephan Krenn and Thomas Lorünser and Sebastian Ramacher and Daniel Slamanig and Christoph Striecks}, title = {Revisiting Proxy Re-Encryption: Forward Secrecy, Improved Security, and Applications}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/321}, year = {2018}, doi = {10.1007/978-3-319-76578-5_8}, url = {https://eprint.iacr.org/2018/321} }