Abstract
We put forward the notion of universal proxy re-encryption (UPRE). A UPRE scheme enables a proxy to convert a ciphertext under a (delegator) public key of any existing public-key encryption (PKE) scheme into another ciphertext under a (delegatee) public key of any existing PKE scheme (possibly different from the delegator one). The proxy has a re-encryption key generated from the delegator’s secret key and the delegatee public key. Thus UPRE generalizes proxy re-encryption by supporting arbitrary PKE schemes and allowing to convert ciphertexts into ones of possibly different PKE schemes. In this work, we
-
provide syntax and definitions for both UPRE and a variant we call relaxed UPRE. The relaxed variant means that decryption algorithms for re-encrypted ciphertexts are slightly modified but still only use the original delegatee secret keys for decryption.
-
construct a UPRE based on probabilistic indistinguishability obfuscation (PIO). It allows us to re-encrypt ciphertexts polynomially many times.
-
construct relaxed UPRE from garbled circuits (GCs). We provide two variants of this construction, one which allows us to re-encrypt ciphertexts polynomially many times, and a second one which satisfies a stronger security requirement but only allows us to re-encrypt ciphertexts a constant number of times.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A.k.a. “heavy hammers”.
- 2.
Derler, Krenn, Lorünser, Ramacher, Slamanig, and Striecks also proposed a similar security notion in the forward secret setting as (fs)-RIND-CPA [DKL+18].
- 3.
Note that the corrupted delegator does not have a ciphertext to be re-encrypted here.
- 4.
Davidson, Deo, Lee, and Martin [DDLM19] independently introduced a stronger notion called strong post-compromised security in the standard PRE setting. Note that our work appeared before their publication. Our work appeared on September 7th in 2018 while their work [DDLM19] did on April 5th in 2019. (See the submission dates on Cryptology ePrint Archive.).
- 5.
Of course, a re-encryption query from an honest user to a corrupted user is also prohibited in PRE-CPA security.
- 6.
If we prefer longer security parameters, then we can change the condition to \(\lambda _i < c \lambda \) for some constant \(c>1\).
- 7.
The circular security issue arises in constructions that use general PKE schemes. If there exists a cycle, we have no way to use the CPA-security of a PKE scheme in the cycle since the information of each secret key in the cycle is in a re-encryption key in the cycle. This does not happen in concrete constructions based on some hard problems such as the DDH.
- 8.
Note that Cohen does not use key-privacy of PRE [ABH09] to prove PRE-HRA security.
- 9.
We could define a weaker variant of re-encryption simulatability for UPRE (and PRE) that still implies HRA security. However, such a definition is not simple, and proofs are not simplified. Proving such a weak re-encryption simulatability takes almost the same efforts to prove HRA security directly. Thus, we do not use re-encryption simulatability.
- 10.
If there exists \((\widehat{i},j_1,k_1)\) and \((\widehat{i},j_2,k_2)\) such that \((\widehat{i},j_1)\) and \((\widehat{i},j_2)\) are not admissible and \(k_1,k_2 \notin \mathsf {Drv}\), then we can use the same simulation process described in hybrid experiments for those queries.
References
Ateniese, G., Benson, K., Hohenberger, S.: Key-private proxy re-encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 279–294. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00862-7_19
Aono, Y., Boyen, X., Phong, L.T., Wang, L.: Key-private proxy re-encryption under LWE. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 1–18. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03515-4_1
Agrikola, T., Couteau, G., Hofheinz, D.: The usefulness of sparsifiable inputs: how to avoid subexponential iO. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12110, pp. 187–219. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45374-9_7
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy re-encryption schemes with applications to secure distributed storage. In: NDSS 2005 (2005)
Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054122
Barak, B., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012)
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_26
Brakerski, Z., Lombardi, A., Segev, G., Vaikuntanathan, V.: Anonymous IBE, leakage resilience and circular security from new assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 535–564. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_20
Chandran, N., Chase, M., Liu, F.-H., Nishimaki, R., Xagawa, K.: Re-encryption, functional re-encryption, and multi-hop re-encryption: a framework for achieving obfuscation-based security and instantiations from lattices. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 95–112. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_6
Chandran, N., Chase, M., Vaikuntanathan, V.: Functional re-encryption and collusion-resistant obfuscation. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 404–421. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_23
Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. ACM CCS 2007, 185–194 (2007)
Cohen, A., Holmgren, J., Nishimaki, R., Vaikuntanathan, V., Wichs, D.: Watermarking cryptographic capabilities. SIAM J. Comput. 47(6), 2157–2202 (2018)
Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_26
Canetti, R., Lin, H., Tessaro, S., Vaikuntanathan, V.: Obfuscation of probabilistic circuits and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 468–497. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_19
Cohen, A.: What about bob? the inadequacy of CPA security for proxy reencryption. In: PKC 2019, Part II. LNCS, vol. 11443, pp. 287–316 (2019)
Couteau, G., Peters, T., Pointcheval, D.: Encryption switching protocols. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 308–338. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_12
Chow, S.S.M., Weng, J., Yang, Y., Deng, R.H.: Efficient unidirectional proxy re-encryption. In: AFRICACRYPT 10. LNCS, vol. 6055, pp. 316–332 (2010)
Davidson, A., Deo, A., Lee, E., Martin, K.: Strong post-compromise secure proxy re-encryption. In: Jang-Jaccard, J., Guo, F. (eds.) ACISP 2019. LNCS, vol. 11547, pp. 58–77. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21548-4_4
Derler, D., Krenn, S., Lorünser, T., Ramacher, S., Slamanig, D., Striecks, C.: Revisiting proxy re-encryption: forward secrecy, improved security, and applications. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 219–250. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_8
Deng, R.H., Weng, J., Liu, S., Chen, K.: Chosen-ciphertext secure proxy re-encryption without pairings. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 1–17. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89641-8_1
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theor. 31, 469–472 (1985)
Fuchsbauer, G., Kamath, C., Klein, K., Pietrzak, K.: Adaptively secure proxy re-encryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 317–346. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_11
Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_1
Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_20
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45(3), 882–929 (2016)
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)
Gaddam, S., Sinha, R., Luykx, A.: Applying proxy-re-encryption to payments. Real World Crypto 2019 (2019). https://rwc.iacr.org/2019/slides/Applying_PRE_Payments.pdf
Hesse, J., Hofheinz, D., Rupp, A.: Reconfigurable cryptography: a flexible approach to long-term security. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 416–445. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49096-9_18
Hanaoka, G., Kawai, Y., Kunihiro, N., Matsuda, T., Weng, J., Zhang, R., Zhao, Y.: Generic construction of chosen ciphertext secure proxy re-encryption. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 349–364. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_22
Hohenberger, S., Koppula, V., Waters, B.: Universal signature aggregators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 3–34. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_1
Hohenberger, S., Rothblum, G.N., Shelat, A., Vaikuntanathan, V.: Securely obfuscating re-encryption. J. Cryptol. 24(4), 694–719 (2010). https://doi.org/10.1007/s00145-010-9077-7
Ivan, A., Dodis, Y.: Proxy cryptography revisited. In: NDSS 2003 (2003)
Jakobsson, M.: On quorum controlled asymmetric proxy re-encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 112–121. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49162-7_9
Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: PKC 2008. LNCS, vol. 4939, pp. 360–379 (2008)
Nishimaki, R., Xagawa, K.: Key-private proxy re-encryption from lattices, revisited. IEICE Trans. 98-A(1), 100–116 (2015)
Polyakov, Y., Rohloff, K., Sahu, G., Vaikuntanathan, V.: Fast proxy re-encryption for publish/subscribe systems. ACM Trans. Priv. Secur. 20(4), 14:1–14:31 (2017)
Shao, J., Cao, Z.: CCA-secure proxy re-encryption without pairings. In: PKC 2009. LNCS, vol. 5443, pp. 357–376 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Döttling, N., Nishimaki, R. (2021). Universal Proxy Re-Encryption. In: Garay, J.A. (eds) Public-Key Cryptography – PKC 2021. PKC 2021. Lecture Notes in Computer Science(), vol 12710. Springer, Cham. https://doi.org/10.1007/978-3-030-75245-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-75245-3_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75244-6
Online ISBN: 978-3-030-75245-3
eBook Packages: Computer ScienceComputer Science (R0)