Proxy Cryptography Revisited
نویسندگان
چکیده
In this work we revisit and formally study the notion of proxy cryptography. Intuitively, various proxy functions allow two cooperating parties F (the “FBI”) and P (the “proxy”) to duplicate the functionality available to the third party U (the “user”), without being able to perform this functionality on their own (without cooperation). The concept is closely related to the notion of threshold cryptography, except we deal with only two parties P and F , and place very strict restrictions on the way the operations are performed (which is done for the sake of efficiency, usability and scalability). For example, for decryption (resp. signature) P (F ) sends a single message to F (P ), after which the latter can decrypt (sign) the message. Our formal modeling of proxy cryptography significantly generalizes, simplifies and simultaneously clarifies the model of “atomic proxy” suggested by Blaze and Strauss [4]. In particular, we define bidirectional and unidirectional variants of our model1, and show extremely simple generic solutions for proxy signature and encryption in these models. We also give more efficient solutions for several specific schemes. We conclude that proxy cryptography is a relatively simple concept to satisfy when looked from the correct and formal standpoint.
منابع مشابه
ar X iv : 0 80 2 . 11 13 v 1 [ cs . C R ] 8 F eb 2 00 8 Multi - Use Unidirectional Proxy Re - Signatures
In 1998, Blaze, Bleumer, and Strauss suggested a cryptographic primitive named proxy re-signatures where a proxy turns a signature computed under Alice’s secret key into one from Bob on the same message. The semi-trusted proxy does not learn either party’s signing key and cannot sign arbitrary messages on behalf of Alice or Bob. At CCS 2005, Ateniese and Hohenberger revisited the primitive by p...
متن کاملZero-Knowledge Proxy Re-Identification Revisited
Zero-knowledge proxy re-identification (ZK-PRI) has been introduced by Blaze et al. in 1998 together with two other well known primitives of recryptography, namely proxy re-encryption (PRE) and proxy re-signature (PRS). A ZK-PRI allows a proxy to transform an identification protocol for Alice into an identification protocol for Bob using a re-proof key. PRE and PRS have been largely studied in ...
متن کاملA Certificateless Proxy Ring Signature Scheme with Provable Security
Proxy ring signature allows proxy signer to sign messages on behalf of the original signer while providing anonymity. Certificateless public key cryptography was first introduced by Al-Riyami and Paterson in Asiacrypt 2003. In certificateless cryptography, it does not require the use of certificates to guarantee the authenticity of users’ public keys. Meanwhile, certificateless cryptography doe...
متن کاملA Provably Secure Certificateless Proxy Signature Scheme
Proxy signature, a variant of digital signature, is in the limelight in recent years for secure communication. For instance, when a manager is occupied with business matters, or travelling on business, he has to delegate an agent to deal with his day-today office concerns. Therefore, a proxy signature scheme is necessary in this scenario. Although identity-based proxy signature schemes have bee...
متن کاملDivertible Protocols and Atomic Proxy Cryptography
First, we introduce the notion of divertibility as a protocol property as opposed to the existing notion as a language property (see Okamoto, Ohta [OO90]). We give a definition of protocol divertibility that applies to arbitrary 2-party protocols and is compatible with Okamoto and Ohta’s definition in the case of interactive zero-knowledge proofs. Other important examples falling under the new ...
متن کامل