Achieving key privacy without losing CCA security in proxy re-encryption

In proxy re-encryption (PRE), a semi-trusted proxy can transform a ciphertext under the delegator’s public key into another ciphertext that the delegatee can decrypt by his/her own private key. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. Some of these applications require that vailable online 21 September 2011 eywords: roxy re-encryption hosen ciphertext security ey privacy the underlying PRE scheme is CCA-secure and key-private. However, to the best of our knowledge, none of the existing PRE schemes satisfy this security requirement in the standard model. In this paper, based on the 5-Extended Decision Bilinear Diffie–Hellman assumption and Decision Diffie–Hellman assumption, we propose the first such PRE scheme, which solves an open problem left by Ateniese et al. (2009). © 2011 Elsevier Inc. All rights reserved. tandard model