Improving the Security of an Efficient Unidirectional
Proxy Re-Encryption Scheme
Sébastien Canard1, Julien Devigne2
and Fabien Laguillaumie3
1Orange Labs -
Applied Crypto Group
Caen, France
sebastien.canard@orange-ftgroup.com
2Orange Labs - Applied Crypto Group/GREYC - Université de Caen
Basse-Normandie
Caen, France
julien.devigne@orange-ftgroup.com
3GREYC - Université de Caen Basse-Normandie
Caen, France
fabien.laguillaumie@unicaen.fr
Abstract
A proxy re-encryption (PRE) scheme allows a designated proxy, that has beforehand received
a so-called re-encryption key, to translate a ciphertext
intended to one user to a ciphertext intended
to another one. Traditionally, the re-encryption key is
generated at the initiative of the
initial receiver and ideally, no secret keys should be
known to the proxy. Such scheme is said
unidirectional if the transformation from one user to
another does not necessarily imply the possibility
to make the inverse transformation. Regarding the
literature on unidirectional proxy reencryption,
it seems hard to prove the strongest security level
(namely indistinguishability under
chosen ciphertext attacks - IND-CCA) of such schemes.
Most of the time, PRE either reaches a
chosen-plaintext security or a replayable CCA security.
At Africacrypt 2010, Chow, Weng, Yang
and Deng proposed a scheme that satisfies CCA security in
the random oracle model. However,
their model can actually be strengthen. Indeed, we show
in this paper how to modify this scheme
so that its improved security achieves a full CCA
security. In particular, we now allow the adversary
of the CCA security for re-encryption to corrupt the user
i¡Ç who is the initial receiver of the
challenged ciphertext and at the same time to obtain the
re-encryption key from i¡Ç to the
targeted
users. The resulting scheme is therefore a fully secure
PRE which does not rely on pairings,
and
secure in the random oracle model. It can be implemented
efficiently with any traditional modular
arithmetic.
Keywords: Proxy re-encryption, unidirectional, CCA security
Journal of Internet
Services and Information Security (JISIS), 1(2/3):
140-160, August 2011 [pdf]