Cryptology ePrint Archive: Report 2018/840

Universal Proxy Re-Encryption

Nico Döttling and Ryo Nishimaki

Abstract: We put forward the notion of universal proxy re-encryption (UPRE). A UPRE scheme enables a proxy to convert a ciphertext under a (delegator) public key of any existing public-key encryption (PKE) scheme into another ciphertext under a (delegatee) public key of any existing PKE scheme (possibly different from the delegator one). The proxy has a re-encryption key generated from the delegator's secret key and the delegatee public key. Thus UPRE generalizes proxy re-encryption by supporting arbitrary PKE schemes and allowing to convert ciphertexts into ones of possibly different PKE schemes. In this work, we

- provide syntax and definitions for both UPRE and a variant we call relaxed UPRE. The relaxed variant means that decryption algorithms for re-encrypted ciphertexts are slightly modified but still only use the original delegatee secret keys for decryption.

- construct a UPRE based on probabilistic indistinguishability obfuscation (PIO). It allows us to re-encrypt ciphertexts polynomially many times.

- construct relaxed UPRE from garbled circuits (GCs). We provide two variants of this construction, one which allows us to re-encrypt ciphertexts polynomially many times, and a second one which satisfies a stronger security requirement but only allows us to re-encrypt ciphertexts a constant number of times.

Category / Keywords: public-key cryptography / universal proxy re-encryption, proxy re-encryption, public-key encryption, secret sharing

Original Publication (with major differences): IACR-PKC-2021

Date: received 7 Sep 2018, last revised 2 Mar 2021

Contact author: ryo nishimaki at gmail com,nico doettling@gmail com

Available format(s): PDF | BibTeX Citation

Note: Full version.

Version: 20210302:111456 (All versions of this report)

Short URL: ia.cr/2018/840


[ Cryptology ePrint archive ]