International Workshop on Public Key Cryptography

PKC 2009: Public Key Cryptography – PKC 2009 pp 357-376

CCA-Secure Proxy Re-encryption without Pairings

  • Jun Shao
  • Zhenfu Cao
Conference paper

DOI: 10.1007/978-3-642-00468-1_20

Volume 5443 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Shao J., Cao Z. (2009) CCA-Secure Proxy Re-encryption without Pairings. In: Jarecki S., Tsudik G. (eds) Public Key Cryptography – PKC 2009. PKC 2009. Lecture Notes in Computer Science, vol 5443. Springer, Berlin, Heidelberg


In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice’s public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto conversion, we propose a proxy re-encryption scheme without pairings, in which the proxy can only transform the ciphertext in one direction. The proposal is secure against chosen ciphertext attack (CCA) and collusion attack in the random oracle model based on Decisional Diffie-Hellman (DDH) assumption over \(\mathbb{Z}_{N^2}^*\) and integer factorization assumption, respectively. To the best of our knowledge, it is the first unidirectional PRE scheme with CCA security and collusion-resistance.


Unidirectional PREDDHrandom oracleCCA securitycollusion-resistance
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jun Shao
    • 1
    • 2
  • Zhenfu Cao
    • 1
  1. 1.Department of Computer Science and EngineeringShanghai Jiao Tong University 
  2. 2.College of Information Sciences and TechnologyPennsylvania State University