TY - GEN
T1 - Chosen-ciphertext secure proxy re-encryption
AU - Canetti, Ran
AU - Hohenberger, Susan
PY - 2007
Y1 - 2007
N2 - In a proxy re-encryption (PRE) scheme, a proxy is given special information that allows it to translate a ciphertext under one key into a ciphertext of the same message under a different key. The proxy cannot, however, learn anything about the messages encrypted under either key. PRE schemes have many practical applications, including distributed storage, email, and DRM. Previously proposed re-encryption schemes achieved only semantic security; in contrast, applications often require security against chosen ciphertext attacks. We propose a definition of security against chosen ciphertext attacks for PRE schemes, and present a scheme that satisfies the definition. Our construction is efficient and based only on the Decisional Bilinear Diffie-Hellman assumption in the standard model. We also formally capture CCA security for PRE schemes via both a game-based definition and simulation-based definitions that guarantee universally composable security. We note that, simultaneously with our work, Green and Ateniese proposed a CCA-secure PRE, discussed herein.
AB - In a proxy re-encryption (PRE) scheme, a proxy is given special information that allows it to translate a ciphertext under one key into a ciphertext of the same message under a different key. The proxy cannot, however, learn anything about the messages encrypted under either key. PRE schemes have many practical applications, including distributed storage, email, and DRM. Previously proposed re-encryption schemes achieved only semantic security; in contrast, applications often require security against chosen ciphertext attacks. We propose a definition of security against chosen ciphertext attacks for PRE schemes, and present a scheme that satisfies the definition. Our construction is efficient and based only on the Decisional Bilinear Diffie-Hellman assumption in the standard model. We also formally capture CCA security for PRE schemes via both a game-based definition and simulation-based definitions that guarantee universally composable security. We note that, simultaneously with our work, Green and Ateniese proposed a CCA-secure PRE, discussed herein.
KW - Chosen-ciphertext security
KW - Encryption
KW - Obfuscation
KW - Re-encryption
UR - http://www.scopus.com/inward/record.url?scp=77952361637&partnerID=8YFLogxK
U2 - 10.1145/1315245.1315269
DO - 10.1145/1315245.1315269
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:77952361637
SN - 9781595937032
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 185
EP - 194
BT - CCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security
T2 - 14th ACM Conference on Computer and Communications Security, CCS'07
Y2 - 29 October 2007 through 2 November 2007
ER -