International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Role of KGC for Proxy Re-encryption in Identity Based Setting

Authors:
Xu an Wang
Xiaoyuan Yang
Download:
URL: http://eprint.iacr.org/2008/410
Search ePrint
Search Google
Abstract: In 1998, Blaze, Bleumer, and Strauss proposed a kind of cryptographic primitive called proxy re-encryption\cite{Blaze:98}. In proxy re-encryption, a proxy can transform a ciphertext computed under Alice's public key into one that can be opened under Bob's decryption key. They predicated that proxy re-encryption and re-signature will play an important role in our life. In 2007, Matsuo proposed the concept of four types of re-encryption schemes: CBE to IBE(type 1), IBE to IBE(type 2), IBE to CBE (type 3), CBE to CBE (type 4)\cite{Matsuo:07}. Now CBE to IBE and IBE to IBE proxy re-encryption schemes are being standardized by IEEEP1363.3 working group\cite{P1363.3:08}. In this paper, based on \cite{Matsuo:07} we pay attention to the role of KGC for proxy re-encryption in identity based setting. We find that if we can introduce the KGC in the process of generating re-encryption key for proxy re-encryption in identity based setting, many open problems can be solved. Our main results are as following: 1. One feature of proxy re-encryption from CBE to IBE scheme in \cite{Matsuo:07} is that it inherits the key escrow problem from IBE, that is, KGC can decrypt every re-encrypted ciphertext for IBE users. We ask question like this: is it possible that the malicious KGC can not decrypt the re-encryption ciphertext? Surprisingly, the answer is affirmative.We construct such a scheme and prove its security in the standard model. 2. We propose a proxy re-encryption scheme from IBE to CBE. To the best of our knowledge, this is the first type 3 scheme. We give the security model for proxy re-encryption scheme from IBE to CBE and prove our scheme's security in this model without random oracle. 3. In \cite{Matsuo:08} there was a conclusion that it is hard to construct proxy re-encryption scheme based on BF and SK IBE. When considering KGC in the proxy key generation, we can construct a proxy re-encryption scheme based on SK IBE. Interestingly, this proxy re-encryption even can achieve IND-Pr-ID-CCA2 secure, which makes it is a relative efficient proxy re-encryption scheme using pairing which can achieve CCA2 secure in the literature.
BibTeX
@misc{eprint-2008-18145,
  title={On the Role of KGC for Proxy Re-encryption in Identity Based Setting},
  booktitle={IACR Eprint archive},
  keywords={Proxy re-encryption in identity based setting,  KGC},
  url={http://eprint.iacr.org/2008/410},
  note={ wangxahq@yahoo.com.cn 14280 received 25 Sep 2008, last revised 4 Feb 2009},
  author={Xu an Wang and Xiaoyuan Yang},
  year=2008
}