CCA-Secure Proxy Re-encryption without Pairings

In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice’s public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto conversion, we propose a proxy re-encryption scheme without pairings, in which the proxy can only transform the ciphertext in one direction. The proposal is secure against chosen ciphertext attack (CCA) and collusion attack in the random oracle model based on Decisional Diffie-Hellman (DDH) assumption over ZN2 and integer factorization assumption, respectively. To the best of our knowledge, it is the first unidirectional PRE scheme with CCA security and collusion-resistance.