Comments on Shao-Cao's Unidirectional Proxy Re-Encryption Scheme from PKC 2009

نویسندگان

  • Min-Rong Chen
  • Xi Zhang
  • Xia Li
چکیده

In Eurocrypt’98, Blaze, Bleumer and Strauss [4] introduced a primitive named proxy reencryption (PRE), in which a semi-trusted proxy can convert without seeing the plaintext a ciphertext originally intended for Alice into an encryption of the same message intended for Bob. PRE systems can be categorized into bidirectional PRE, in which the proxy can transform from Alice to Bob and vice versa, and unidirectional PRE, in which the proxy cannot transform ciphertexts in the opposite direction. How to construct a PRE scheme secure against chosen-ciphertext attack (CCA) without pairings is left as an open problem in ACM CCS’07 by Canetti and Hohenberger [7]. In CANS’08, Deng et al. [8] successfully proposed a CCAsecure bidirectional PRE scheme without pairings. In PKC’09, Shao and Cao [10] proposed a unidirectional PRE without pairings, and claimed that their scheme is CCA-secure. They compared their scheme with Libert-Vergnaud’s pairing-based unidirectional PRE scheme from PKC’08, and wanted to indicate that their scheme gains advantages over Libert-Vergnaud’s scheme. However, Weng et al. [13] recently pointed out that Shao-Cao’s scheme is not CCAsecure by giving a concrete chosen-ciphertext attack, and they also presented a more efficient CCA-secure unidirectional PRE scheme without parings. In this paper, we further point out that, Shao-Cao’s comparison between their scheme and Libert-Vergnaud’s scheme is unfair, since Shao-Cao’s scheme is even not secure against chosen-plaintext attack (CPA) in LibertVergnaud’s security model.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Efficient Unidirectional Proxy Re-Encryption

Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into one encrypting the same plaintext for Bob. The proxy only needs a re-encryption key given by Alice, and cannot learn anything about the plaintext encrypted. This adds flexibility in various applications, such as confidential email, digital right management and distributed storage. In...

متن کامل

CCA-Secure Proxy Re-encryption without Pairings

In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice’s public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto con...

متن کامل

Chosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes

A proxy re-encryption scheme enables a proxy to re-encrypt a ciphertext and designate it to a delegatee. Proxy re-encryption schemes have been found useful in many applications, including e-mail forwarding, law-enforcement monitoring, and content distribution. Libert and Vergnaud presented the first construction of unidirectional proxy re-encryption scheme with chosen ciphertext security in the...

متن کامل

CCA-Secure PRE Scheme without Random Oracles

In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice’s public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using the techniques of Canetti-Hohenberger and Kuros...

متن کامل

Conditional Proxy Broadcast Re-Encryption

A proxy re-encryption (PRE) scheme supports the delegation of decryption rights via a proxy, who makes the ciphertexts decryptable by the delegatee. PRE is useful in various applications such as encrypted email forwarding. In this paper, we introduce a more generalized notion of conditional proxy broadcast re-encryption (CPBRE). A CPBRE scheme allows Alice to generate a re-encryption key for so...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2009  شماره 

صفحات  -

تاریخ انتشار 2009