Volume 10 - Issue 3
Non-transferability in Proxy Re-Encryption Revisited
- Arinjita Paul
Department of Computer Science and Engineering, IIT Madras, Chennai, India
arinjita@cse.iitm.ac.in
- Lihua Wang
National Institute of Information and Communications Technology (NICT), Tokyo, Japan
lh-wang@nict.go.jp
- S. Sharmila Deva Selvi
Department of Computer Science and Engineering, IIT Madras, Chennai, India
sharmila@cse.iitm.ac.in
- C. Pandu Rangan
Department of Computer Science and Engineering, IIT Madras, Chennai, India
prangan@cse.iitm.ac.in
Keywords: Proxy Re-Encryption, Non-transferability, Unidirectional, CCA-secure, Random Oracle, Bilinear Pairing
Abstract
Proxy re-encryption (PRE) is a cryptographic primitive envisioned by Blaze, Bleumer and Strauss to
realise delegation of decryption rights from a delegator to a delegatee via a semi-trusted proxy. The
widely accepted model for PRE security prevents the proxy, which is equipped with transformation
power, to learn anything about the underlying plaintext. However, such a security notion is not sufficient
in practical scenarios wherein the proxy could be corrupted. In this work, we study an attractive
property of PRE, namely non-transferability that prevents the colluding proxy and the delegatee from
re-delegating decryption rights to a malicious user. In Pairing 2010, a CPA secure non-transferable
identity-based PRE scheme was presented in the random oracle model. In this work, we show that the
scheme does not realize non-transferability. Also, we formalize the notion of a non-transferable PRE
and introduce a security definition for the same. We then present the first provably secure construction
of a non-transferable PRE scheme in the PKI setting based on bilinear maps. Our scheme meets
chosen ciphertext security and non-transferability in the random oracle model assuming a variant of
the decisional bilinear Diffie-Hellman problem.