CCA-Secure Proxy Re-encryption without Pairings

  • Jun Shao
  • Zhenfu Cao
Conference paper

DOI: 10.1007/978-3-642-00468-1_20

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5443)
Cite this paper as:
Shao J., Cao Z. (2009) CCA-Secure Proxy Re-encryption without Pairings. In: Jarecki S., Tsudik G. (eds) Public Key Cryptography – PKC 2009. PKC 2009. Lecture Notes in Computer Science, vol 5443. Springer, Berlin, Heidelberg


In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alice’s public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto conversion, we propose a proxy re-encryption scheme without pairings, in which the proxy can only transform the ciphertext in one direction. The proposal is secure against chosen ciphertext attack (CCA) and collusion attack in the random oracle model based on Decisional Diffie-Hellman (DDH) assumption over \(\mathbb{Z}_{N^2}^*\) and integer factorization assumption, respectively. To the best of our knowledge, it is the first unidirectional PRE scheme with CCA security and collusion-resistance.


Unidirectional PRE DDH random oracle CCA security collusion-resistance 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jun Shao
    • 1
    • 2
  • Zhenfu Cao
    • 1
  1. 1.Department of Computer Science and EngineeringShanghai Jiao Tong University 
  2. 2.College of Information Sciences and TechnologyPennsylvania State University 

Personalised recommendations