Improving the Security of an Efficient Unidirectional Proxy Re-Encryption Scheme

A proxy re-encryption (PRE) scheme allows a designated proxy, that has beforehand received a so-called re-encryption key, to translate a ciphertext intended to one user to a ciphertext intended to another one. Traditionally, the re-encryption key is generated at the initiative of the initial receiver and ideally, no secret keys should be known to the proxy. Such scheme is said unidirectional if the transformation from one user to another does not necessarily imply the possibility to make the inverse transformation. Regarding the literature on unidirectional proxy re-encryption, it seems hard to prove the strongest security level (namely indistinguishability under chosen ciphertext attacks IND-CCA) of such schemes. Most of the time, PRE either reaches a chosen-plaintext security or a replayable CCA security. At Africacrypt 2010, Chow, Weng, Yang and Deng proposed a scheme that satisfies CCA security in the random oracle model. However, their model can actually be strengthen. Indeed, we show in this paper how to modify this scheme so that its improved security achieves a full CCA security. In particular, we now allow the adversary of the CCA security for re-encryption to corrupt the user i′ who is the initial receiver of the challenged ciphertext and at the same time to obtain the re-encryption key from i′ to the targeted users. The resulting scheme is therefore a fully secure PRE which does not rely on pairings, and secure in the random oracle model. It can be implemented efficiently with any traditional modular arithmetic.