Zero-Knowledge Proxy Re-Identification Revisited

Zero-knowledge proxy re-identification (ZK-PRI) has been introduced by Blaze et al. in 1998 together with two other well known primitives of recryptography, namely proxy re-encryption (PRE) and proxy re-signature (PRS). A ZK-PRI allows a proxy to transform an identification protocol for Alice into an identification protocol for Bob using a re-proof key. PRE and PRS have been largely studied in the last decade, but surprisingly, no results about ZK-PRI have been published since the pioneer paper of Blaze et al.. We first show the insecurity of this scheme: just by observing the communications Alice can deduce Bob’s secret key. Then we give (i) definitions of the different families of ZK-PRI (bidirectional/unidirectional and interactive/non-interactive) (ii) a formal security model for these primitives and (iii) a concrete construction for each family. Moreover, we show that ZK-PRI can be used to manage the acces policy to several services that require a public key authentication.