Key-Private Proxy Re-encryption under LWE

  • Yoshinori Aono
  • Xavier Boyen
  • Le Trieu Phong
  • Lihua Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8250)


Proxy re-encryption (PRE) is a highly useful cryptographic primitive whereby Alice and Bob can endow a proxy with the capacity to change ciphertext recipients from Alice to Bob, without the proxy itself being able to decrypt, thereby providing delegation of decryption authority. Key-private PRE (KP-PRE) specifies an additional level of confidentiality, requiring pseudo-random proxy keys that leak no information on the identity of the delegators and delegatees.

In this paper, we propose a CPA-secure PK-PRE scheme in the standard model (which we then transform into a CCA-secure scheme in the random oracle model). Both schemes enjoy highly desirable properties such as uni-directionality and multi-hop delegation.

Unlike (the few) prior constructions of PRE and KP-PRE that typically rely on bilinear maps under ad hoc assumptions, security of our construction is based on the hardness of the standard Learning-With-Errors (LWE) problem, itself reducible from worst-case lattice hard problems that are conjectured immune to quantum cryptanalysis, or “post-quantum”.

Of independent interest, we further examine the practical hardness of the LWE assumption, using Kannan’s exhaustive search algorithm coupling with pruning techniques. This leads to state-of-the-art parameters not only for our scheme, but also for a number of other primitives based on LWE published the literature.


proxy re-encryption key privacy learning with errors chosen ciphertext security LWE practical hardness 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Benson, K., Hohenberger, S.: Key-private proxy re-encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 279–294. Springer, Heidelberg (2009), Full version at
  3. 3.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)CrossRefGoogle Scholar
  4. 4.
    Banaszczyk, W.: New bounds in some transference theorems in the geometry of numbers. Mathematische Annalen 296(1), 625–635 (1993)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Banaszczyk, W.: Inequalities for convex bodies and polar reciprocal lattices in ℝn. Discrete & Computational Geometry 13(1), 217–231 (1995)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press, New York (1993)Google Scholar
  7. 7.
    Blaze, M., Bleumer, G., Strauss, M.J.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical gapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 868–886. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) STOC, pp. 575–584. ACM (2013)Google Scholar
  10. 10.
    Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 185–194. ACM (2007)Google Scholar
  11. 11.
  12. 12.
    Dawson, E. (ed.): CT-RSA 2013. LNCS, vol. 7779. Springer, Heidelberg (2013)MATHGoogle Scholar
  13. 13.
    Deng, R.H., Weng, J., Liu, S., Chen, K.: Chosen-ciphertext secure proxy re-encryption without pairings. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 1–17. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  15. 15.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptology 26(1), 80–101 (2013)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Hanaoka, G., Kawai, Y., Kunihiro, N., Matsuda, T., Weng, J., Zhang, R., Zhao, Y.: Generic construction of chosen ciphertext secure proxy re-encryption. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 349–364. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Hohenberger, S., Rothblum, G.N., Shelat, A., Vaikuntanathan, V.: Securely obfuscating re-encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 233–252. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Isshiki, T., Nguyen, M.H., Tanaka, K.: Proxy re-encryption in a stronger security model extended from CT-RSA2012. In: Dawson [12], pp. 277–292Google Scholar
  20. 20.
    Kannan, R.: Improved algorithms for integer programming and related lattice problems. In: Johnson, D.S., Fagin, R., Fredman, M.L., Harel, D., Karp, R.M., Lynch, N.A., Papadimitriou, C.H., Rivest, R.L., Ruzzo, W.L., Seiferas, J.I. (eds.) STOC, pp. 193–206. ACM (1983)Google Scholar
  21. 21.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. IEEE Transactions on Information Theory 57(3), 1786–1802 (2011)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: An update. In: Dawson [12], pp. 293–309Google Scholar
  24. 24.
    Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Rckert, M., Schneider, M.: Estimating the security of lattice-based cryptosystems. Cryptology ePrint Archive, Report 2010/137 (2010),
  26. 26.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) STOC, pp. 84–93. ACM (2005)Google Scholar
  27. 27.
    Schnorr, C.-P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Seo, J.W., Yum, D.H., Lee, P.J.: Comments on “unidirectional chosen-ciphertext secure proxy re-encryption”. IEEE Transactions on Information Theory 59(5), 32–56 (2013)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Shao, J.: Anonymous ID-based proxy re-encryption. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 364–375. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Shao, J., Cao, Z., Liu, P.: SCCR: a generic approach to simultaneously achieve cca security and collusion-resistance in proxy re-encryption. Security and Communication Networks 4(2), 122–135 (2011)CrossRefGoogle Scholar
  31. 31.
    Shao, J., Liu, P., Cao, Z., Wei, G.: Multi-use unidirectional proxy re-encryption. In: ICC, pp. 1–5. IEEE (2011)Google Scholar
  32. 32.
    Shao, J., Liu, P., Wei, G., Ling, Y.: Anonymous proxy re-encryption. Security and Communication Networks 5(5), 439–449 (2012)CrossRefGoogle Scholar
  33. 33.
    Shao, J., Liu, P., Zhou, Y.: Achieving key privacy without losing cca security in proxy re-encryption. Journal of Systems and Software 85(3), 655–665 (2012)CrossRefGoogle Scholar
  34. 34.
    Wang, L., Wang, L., Mambo, M., Okamoto, E.: New identity-based proxy re-encryption schemes to prevent collusion attacks. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 327–346. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  35. 35.
    Weng, J., Chen, M.-R., Yang, Y., Deng, R.H., Chen, K., Bao, F.: CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles. SCIENCE CHINA Information Sciences 53(3), 593–606 (2010)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Yoshinori Aono
    • 1
  • Xavier Boyen
    • 2
  • Le Trieu Phong
    • 1
  • Lihua Wang
    • 1
  1. 1.NICTJapan
  2. 2.Queensland University of TechnologyAustralia

Personalised recommendations