Non-transferability in Proxy
Re-Encryption Revisited 1Department
of Computer Science and Engineering, IIT Madras, Chennai, India 2National Institute of Information and Communications Technology (NICT), Tokyo, Japan lh-wang@nict.go.jp
Abstract Proxy re-encryption (PRE) is a cryptographic primitive envisioned by Blaze, Bleumer and Strauss to realise delegation of decryption rights from a delegator to a delegatee via a semi-trusted proxy. The widely accepted model for PRE security prevents the proxy, which is equipped with transformation power, to learn anything about the underlying plaintext. However, such a security notion is not sufficient in practical scenarios wherein the proxy could be corrupted. In this work, we study an attractive property of PRE, namely non-transferability that prevents the colluding proxy and the delegatee from re-delegating decryption rights to a malicious user. In Pairing 2010, a CPA secure non-transferable identity-based PRE scheme was presented in the random oracle model. In this work, we show that the scheme does not realize non-transferability. Also, we formalize the notion of a non-transferable PRE and introduce a security definition for the same. We then present the first provably secure construction of a non-transferable PRE scheme in the PKI setting based on bilinear maps. Our scheme meets chosen ciphertext security and non-transferability in the random oracle model assuming a variant of the decisional bilinear Diffie-Hellman problem. Keywords: Proxy Re-Encryption,
Non-transferability, Unidirectional, CCA-secure, Random Oracle, Bilinear Pairing +: Corresponding author: Arinjita Paul
Journal
of Internet Services and Information Security
(JISIS), 10(3): 1-30, August 2020 DOI: 10.22667/JISIS.2020.08.31.001 [pdf] |