2011 Volume E94.A Issue 1 Pages 36-44
In proxy re-encryption schemes, a semi-trusted entity called a proxy can convert a ciphertext encrypted for Alice into a new ciphertext for Bob without seeing the underlying plaintext. Several proxy re-encryption schemes have been proposed, however, only two schemes which enables the conversion of IBE ciphertexts to PKE ciphertexts has been proposed. One of schemes has some drawbacks such that the size of the re-encrypted ciphertext increases and Bob must be aware of existence of the proxy, which means Bob cannot decrypt a re-encrypted ciphertext with same PKE decryption algorithm. The other one achieves security under Selective-ID model. We propose a new, efficient scheme that enables the conversion of IBE ciphertexts to PKE ciphertexts, and prove full-ID CPA security in the standard model. In our scheme, the size of the re-encrypted ciphertext is optimal and Bob should not aware of existence of the proxy. As far as we know, this is the first IBE-PKE type scheme that holds the above properties.