Cryptology ePrint Archive: Report 2018/840

Universal Proxy Re-Encryption

Nico Döttling and Ryo Nishimaki

Abstract: We put forward the notion of universal proxy re-encryption (UPRE). A UPRE scheme enables us to convert a ciphertext under a (delegator) public key of any existing public-key encryption (PKE) scheme into another ciphertext under a (delegatee) public key of any existing PKE scheme (possibly different from the delegator one). Such a conversion is executed by a third party called proxy that has a re-encryption key generated from the delegator's secret key and the delegatee public key. Proxy re-encryption is a related notion, but it can neither convert ciphertexts into ones of possibly different PKE schemes nor treat general PKE schemes.

Our contributions are twofold. One is a definitional work. We define the syntax and security of UPRE. The other is showing the feasibility of UPRE. More precisely, we present three generic constructions of UPRE. One is a UPRE based on probabilistic indistinguishability obfuscation (PIO). It can re-encrypt ciphertexts polynomially many times. Another is a relaxed variant of UPRE based on function secret sharing (FSS). It can re-encryption ciphertexts constant times. The relaxed variant means that decryption algorithms for re-encrypted ciphertext are slightly modified though we use only original delegatee secret keys for decryption. The other is the relaxed variant of UPRE based on oblivious transfer and garbled circuits. It can re-encryption ciphertexts polynomially many times.

The supported PKE schemes by the first and second generic constructions vary in the underlying hard problems or cryptographic tools. The third generic construction supports any CPA-secure PKE. The security levels of our UPRE schemes vary in the underlying hard problems or cryptographic tools that they rely on.

Category / Keywords: public-key cryptography / universal proxy re-encryption, proxy re-encryption, public-key encryption, secret sharing

Date: received 7 Sep 2018, last revised 16 Oct 2018

Contact author: ryo nishimaki at gmail com,nico doettling@gmail com

Available format(s): PDF | BibTeX Citation

Note: Added a remark on re-encryption simulatability since eprint archive report 2017/785 was updated.

Version: 20181016:224052 (All versions of this report)

Short URL: ia.cr/2018/840


[ Cryptology ePrint archive ]