Proxy-invisible CCA-secure type-based proxy re-encryption without random oracles

Abstract

In a proxy re-encryption (PRE) scheme, a delegator gives a re-encryption key to a semi-trusted proxy who, by using the re-encryption key, can transform a ciphertext encrypted under the delegator's public key into one that can be decrypted using a private key of another user (called a delegatee). To provide fine-grained delegation, type-based PRE (TB-PRE) was introduced in which the decryption right can be selectively delegated. The proxy in TB-PRE can only re-encrypt ciphertexts with a specific type selected by the delegator. Tang proposed the first proxy-invisible TB-PRE scheme where proxy invisibility means that an adversary cannot distinguish between original ciphertexts and re-encrypted ciphertexts. However, Tang's scheme is only secure against chosen-plaintext attacks. Jia et al. proposed a proxy-invisible TB-PRE scheme that is secure against chosen-ciphertext attacks with random oracle heuristic. To date, there is no TB-PRE scheme achieving both proxy invisibility and chosen-ciphertext security in the standard model (i.e., without random oracles). We propose the first proxy-invisible TB-PRE scheme that is secure against chosen-ciphertext attacks in the standard model. (C) 2012 Elsevier B.V. All rights reserved.