Reference

  • Tracing Malicious Proxies in Proxy Re-Encryption.

    (with Benoît Libert) 2nd International Conference on Pairing-based Cryptography - Pairing 2008
    (S. Galbraith & K. Paterson eds.)
    Springer, Lect. Notes Comput. Sci. vol. 5209, 2008, p. 332-353.
top

Abstract

In 1998, Blaze, Bleumer and Strauss put forth a cryptographic primitive, termed proxy re-encryption, where a semi-trusted proxy is given some piece of information that enables the re-encryption of ciphertexts from one key to another. Unidirectional schemes only allow translating from the delegator to the delegatee and not in the opposite direction. In all constructions described so far, although colluding proxies and delegatees cannot expose the delegator's long term secret, they can derive and disclose sub-keys that suffice to open all translatable ciphertexts sent to the delegator. They can also generate new re-encryption keys for receivers that are not trusted by the delegator. In this paper, we propose traceable proxy re-encryption systems, where proxies that leak their re-encryption key can be identified by the delegator. The primitive does not preclude illegal transfers of delegation but rather strives to deter them. We give security definitions for this new primitive and a construction meeting the formalized requirements. This construction is fairly efficient, with ciphertexts that have logarithmic size in the number of delegations, but uses a non-black-box tracing algorithm. We discuss how to provide the scheme with a black box tracing mechanism at the expense of longer ciphertexts.

Keywords

unidirectional proxy re-encryption; transferability issues; collusion detection; traceability.

top

Download

[abs]   Abstract
[bib]   BibTeX Entry
[doi]   Official version
[ps] [pdf]   Full version
top