## Cryptology ePrint Archive: Report 2021/1424

PREs with HRA Security and Key Privacy Based on Standard LWE Assumptions

Yang Wang and Yanmin Zhao and Mingqiang Wang

Abstract: Proxy re-encryption (PRE) schemes, which nicely solve the problem of delegating decryption rights, enable a semi-trusted proxy to transform a ciphertext encrypted under one key into a ciphertext of the same message under another arbitrary key. For a long time, the semantic security of PREs is quite similar to that of public key encryption (PKE) schemes. Cohen first pointed out the insufficiency of the security under chosen-plaintext attacks (CPA) of PREs in PKC 2019, and proposed a {\it{strictly stronger}} security notion, named security under honest re-encryption attacks (HRA), of PREs. Surprisingly, a few PREs satisfy the stronger HRA security and almost all of them are paring-based till now. To the best of our knowledge, we present the first detailed construction of HRA secure single-hop PREs based on standard LWE problems with {\it{comparably small and polynomially-bounded}} parameters in this paper. Combing known reductions, the HRA security of our PREs could also be guaranteed by the worst-case basic lattice problems (e.g. SIVP$_{\gamma}$). Meanwhile, our single-hop PRE schemes are also key-private, which means that the implicit identities of a re-encryption key will not be revealed even in the case of a proxy colluding with some corrupted users. Some discussions about key-privacy of multi-hop PREs are also proposed, which indicates that several constructions of multi-hop PREs do not satisfy their key-privacy definitions.

Category / Keywords: public-key cryptography / Lattice-based Cryptography and Proxy Re-encryption and Key Privacy and HRA Security and LWE

Date: received 22 Oct 2021, last revised 29 Oct 2021

Contact author: wyang1114 at sdu edu cn, ymzhao at cs hku hk, wangmingqiang at sdu edu cn

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2021/1424

[ Cryptology ePrint archive ]