Public Key Cryptography – PKC 2009

Volume 5443 of the series Lecture Notes in Computer Science pp 357-376

CCA-Secure Proxy Re-encryption without Pairings

  • Jun ShaoAffiliated withDepartment of Computer Science and Engineering, Shanghai Jiao Tong UniversityCollege of Information Sciences and Technology, Pennsylvania State University
  • , Zhenfu CaoAffiliated withDepartment of Computer Science and Engineering, Shanghai Jiao Tong University


In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice’s public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto conversion, we propose a proxy re-encryption scheme without pairings, in which the proxy can only transform the ciphertext in one direction. The proposal is secure against chosen ciphertext attack (CCA) and collusion attack in the random oracle model based on Decisional Diffie-Hellman (DDH) assumption over \(\mathbb{Z}_{N^2}^*\) and integer factorization assumption, respectively. To the best of our knowledge, it is the first unidirectional PRE scheme with CCA security and collusion-resistance.


Unidirectional PRE DDH random oracle CCA security collusion-resistance