Adaptively Secure Proxy Re-encryption

Georg Fuchsbauer, Chethan Kamath, Karen Klein, and Krzysztof Pietrzak

Abstract

A proxy re-encryption (PRE) scheme is a public-key encryption scheme that allows the holder of a key pk to derive a re-encryption key for any other key pk'. This re-encryption key lets anyone transform ciphertexts under pk into ciphertexts under pk' without knowing the underlying message, while transformations from pk' to pk should not be possible (unidirectional). Security is defined in a multi-user setting against an adversary that gets the users’ public keys and can ask for re-encryption keys and can corrupt users by requesting their secret keys. Any ciphertext that the adversary cannot trivially decrypt given the obtained secret and re-encryption keys should be secure. All existing security proofs for PRE only show selective security, where the adversary must first declare the users it wants to corrupt. This can be lifted to more meaningful adaptive security by guessing the set of corrupted users among the n users, which loses a factor exponential in n, rendering the result meaningless already for moderate n. Jafargholi et al. (CRYPTO’17) proposed a framework that in some cases allows to give adaptive security proofs for schemes which were previously only known to be selectively secure, while avoiding the exponential loss that results from guessing the adaptive choices made by an adversary. We apply their framework to PREs that satisfy some natural additional properties. Concretely, we give a more fine-grained reduction for several unidirectional PREs, proving adaptive security at a much smaller loss. The loss depends on the graph of users whose edges represent the re-encryption keys queried by the adversary. For trees and chains the loss is quasi-polynomial in the size and for general graphs it is exponential in their depth and indegree (instead of their size as for previous reductions). Fortunately, trees and low-depth graphs cover many, if not most, interesting applications. Our results apply e.g. to the bilinear-map based PRE schemes by Ateniese et al. (NDSS’05 and CT-RSA’09), Gentry’s FHE-based scheme (STOC’09) and the LWE-based scheme by Chandran et al. (PKC’14).

Note: Minor changes.

Metadata
Available format(s)
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Proxy re-encryptionadaptive securitytightness
Contact author(s)
georg fuchsbauer @ ens fr
History
2018-06-18: last of 5 revisions
2018-05-10: received
See all versions
Short URL
https://ia.cr/2018/426
License

CC BY

BibTeX

@misc{cryptoeprint:2018/426,
author = {Georg Fuchsbauer and Chethan Kamath and Karen Klein and Krzysztof Pietrzak},
title = {Adaptively Secure Proxy Re-encryption},
howpublished = {Cryptology ePrint Archive, Paper 2018/426},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/426}},
url = {https://eprint.iacr.org/2018/426}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.