Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption.

B. Libert and D. Vergnaud

In 1998, Blaze, Bleumer, and Strauss proposed a cryptographic primitive
called proxy re-encryption, in which a proxy transforms - without seeing the
corresponding plaintext - a ciphertext computed under Alice's public key into
one that can be opened using Bob's secret key. Recently, an appropriate
definition of chosen-ciphertext security and a construction fitting this
model were put forth by Canetti and Hohenberger. Their system is
bidirectional : the information released to divert ciphertexts from Alice to
Bob can also be used to translate ciphertexts in the opposite direction. In
this paper, we present the first construction of unidirectional proxy
re-encryption scheme with chosen-ciphertext security in the standard model
(i. e. without relying on the random oracle idealization), which solves a
problem left open at CCS'07. Our construction is efficient and requires a
reasonable complexity assumption in bilinear map groups. Like the
Canetti-Hohenberger scheme, it ensures security according to a relaxed
definition of chosen-ciphertext introduced by Canetti, Krawczyk and Nielsen.