An Efficient Non-transferable Proxy Re-encryption Scheme
- First Online:
Proxy re-encryption (PRE) allows re-encryption of a ciphertext for Alice (delegator) into a ciphertext for Bob (delegatee) via a semi-trusted proxy, who should not obtain the underlying plaintext. Alice generates a re-encryption key (re-key) for the proxy using which, the proxy transforms the ciphertexts. The basic notion of PRE provides security against the proxy from learning anything about the encrypted message given the re-encryption key. However, this is not sufficient in all situations as the proxy can collude with Bob and re-delegate Alice’s decryption rights. Hence, non-transferability is a desirable property in real-time scenarios wherein an illegal attempt to transfer Alice’s decryption rights exposes Bob’s private key as a penalty. In Pairing 2010, Wang et al. presented a CPA secure non-transferable Identity Based PRE scheme in the random oracle model. However, we show that the scheme violates the non-transferable property. Also, we present the first construction of a non-transferable unidirectional PRE scheme in the PKI setting using bilinear maps which meets CCA security under a variant of the decisional Diffie-Hellman hardness assumption in the random oracle model.