On the Security of a Bidirectional Proxy Re-encryption Scheme from PKC 2010

  • Jian Weng
  • Yunlei Zhao
  • Goichiro Hanaoka
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6571)


In ACM CCS 2007, Canetti and Hohenberger left an interesting open problem of how to construct a chosen-ciphertext secure proxy re-encryption (PRE) scheme without bilinear maps. This is a rather interesting problem and has attracted great interest in recent years. In PKC 2010, Matsuda, Nishimaki and Tanaka introduced a novel primitive named re-applicable lossy trapdoor function, and then used it to construct a PRE scheme without bilinear maps. Their scheme is claimed to be chosen-ciphertext secure in the standard model. In this paper, we make a careful observation on their PRE scheme, and indicate that their scheme does not satisfy chosen-ciphertext security. The purpose of this paper is to clarify the fact that, it is still an open problem to come up with a chosen-ciphertext secure PRE scheme without bilinear maps in the standard model.


bilinear map proxy re-encryption chosen-ciphertext security standard model 


  1. 1.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage. In: NDSS. The Internet Society, San Diego (2005)Google Scholar
  2. 2.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage. ACM Trans. Inf. Syst. Secur. 9(1), 1–30 (2006)CrossRefGoogle Scholar
  3. 3.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible Protocols and Atomic Proxy Cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Boyen, X., Waters, B.: Shrinking the keys of discrete-log-type lossy trapdoor functions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 35–52. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Goldreich, O., Halevi, S.: The Random Oracle Methodology, Revisited (Preliminary Version). In: STOC, pp. 209–218 (1998)Google Scholar
  6. 6.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)MathSciNetMATHCrossRefGoogle Scholar
  7. 7.
    Canetti, R., Hohenberger, S.: Chosen-Ciphertext Secure Proxy Re-Encryption. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 185–194. ACM, New York (2007)Google Scholar
  8. 8.
    Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing Chosen-Ciphertext Security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Chow, S.S.M., Weng, J., Yang, Y., Deng, R.H.: Efficient Unidirectional Proxy Re-Encryption. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 316–332. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Deng, R.H., Weng, J., Liu, S., Chen, K.: Chosen-Ciphertext Secure Proxy Re-encryption without Pairings. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 1–17. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 279–295. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Hemenway, B., Ostrovsky, R.: Lossy trapdoor functions from smooth homomorphic hash proof systems (2010) (manuscript),
  13. 13.
    Libert, B., Vergnaud, D.: Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption,; This is the extended version [14]
  14. 14.
    Libert, B., Vergnaud, D.: Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Matsuda, T., Nishimaki, R., Tanaka, K.: CCA Proxy Re-Encryption without Bilinear Maps in the Standard Model. In: Nguyen, P., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 261–278. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Ladner, R.E., Dwork, C. (eds.) STOC, pp. 187–196. ACM, New York (2008)Google Scholar
  17. 17.
    Shao, J., Cao, Z.: CCA-Secure Proxy Re-encryption without Pairings. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 357–376. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Weng, J., Chen, M.-R., Yang, Y., Deng, R.H., Chen, K., Bao, F.: CCA-Secure Unidirectional Proxy Re-Encryption in the Adaptive Corruption Model without Random Oracles. Science China: Information Science 53(3), 593–606 (2010)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Weng, J., Deng, R.H., Liu, S., Chen, K.: Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings. Inf. Sci. 180(24), 5077–5089 (2010)MATHCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Jian Weng
    • 1
    • 2
    • 3
  • Yunlei Zhao
    • 4
  • Goichiro Hanaoka
    • 5
  1. 1.Department of Computer ScienceJinan UniversityGuangzhouChina
  2. 2.State Key Laboratory of Networking and Switching TechnologyBeijing University of Posts and TelecommunicationsBeijingChina
  3. 3.State Key Laboratory of Information SecurityInstitute of Software, Chinese Academy of SciencesBeijingChina
  4. 4.Software SchoolFudan UniversityShanghaiChina
  5. 5.National Institute of Advanced Industrial Science and TechnologyTokyoJapan

Personalised recommendations