Attacks to the Proxy Re-Encryption Schemes from IWSEC2011
Proxy re-encryption (PRE) allows a proxy to convert a ciphertext encrypted for Alice (delegator) into a ciphertext for Bob (delegatee) by using a re-encryption key generated by Alice. In PRE, non-transferability is a property that colluding proxies and delegatees cannot re-delegate decryption rights to a malicious user. In IWSEC 2011, Hayashi, Matsushita, Yoshida, Fujii, and Okada introduced the unforgeability of re-encryption keys against collusion attack (UFReKey-CA), which is a relaxed notion of the non-transferability. They also proposed a stronger security notion, the strong unforgeability of re-encryption keys against collusion attack (sUFReKey-CA). Since sUFReKey-CA implies UFReKey-CA and sUFReKey-CA is simpler (i.e. easier to treat) definition than UFReKey-CA, sUFReKey-CA is useful to prove UFReKey-CA. They then proposed two concrete constructions of PRE and claimed that they meet both replayable-CCA security and sUFReKey-CA under two new variants of the Diffi-Hellman inversion assumption. In this paper, we present two concrete attacks to their PRE schemes. The first attack is to the sUFReKey-CA property on their two schemes. The second attack is to the assumptions employed in the security proofs for sUFReKey-CA of their two schemes.
KeywordsProxy re-encryption non-transferability unforgeability of re-encryption keys
Unable to display preview. Download preview PDF.
- 1.Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: NDSS (2005)Google Scholar
- 4.He, Y., Chim, T., Hui, L., Yiu, S.: Non-transferable proxy re-encryption. In: Cryptology ePrint Archive (2010), http://eprint.iacr.org/2010/192
- 7.Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E85-A(2), 481–484 (2002)Google Scholar