Key-Private Proxy Re-encryption under LWE
- Cite this paper as:
- Aono Y., Boyen X., Phong L.T., Wang L. (2013) Key-Private Proxy Re-encryption under LWE. In: Paul G., Vaudenay S. (eds) Progress in Cryptology – INDOCRYPT 2013. INDOCRYPT 2013. Lecture Notes in Computer Science, vol 8250. Springer, Cham
Proxy re-encryption (PRE) is a highly useful cryptographic primitive whereby Alice and Bob can endow a proxy with the capacity to change ciphertext recipients from Alice to Bob, without the proxy itself being able to decrypt, thereby providing delegation of decryption authority. Key-private PRE (KP-PRE) specifies an additional level of confidentiality, requiring pseudo-random proxy keys that leak no information on the identity of the delegators and delegatees.
In this paper, we propose a CPA-secure PK-PRE scheme in the standard model (which we then transform into a CCA-secure scheme in the random oracle model). Both schemes enjoy highly desirable properties such as uni-directionality and multi-hop delegation.
Unlike (the few) prior constructions of PRE and KP-PRE that typically rely on bilinear maps under ad hoc assumptions, security of our construction is based on the hardness of the standard Learning-With-Errors (LWE) problem, itself reducible from worst-case lattice hard problems that are conjectured immune to quantum cryptanalysis, or “post-quantum”.
Of independent interest, we further examine the practical hardness of the LWE assumption, using Kannan’s exhaustive search algorithm coupling with pruning techniques. This leads to state-of-the-art parameters not only for our scheme, but also for a number of other primitives based on LWE published the literature.
Keywordsproxy re-encryption key privacy learning with errors chosen ciphertext security LWE practical hardness
Unable to display preview. Download preview PDF.