Attacks to the Proxy Re-Encryption Schemes from IWSEC2011

  • Toshiyuki Isshiki
  • Manh Ha Nguyen
  • Keisuke Tanaka
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8231)


Proxy re-encryption (PRE) allows a proxy to convert a ciphertext encrypted for Alice (delegator) into a ciphertext for Bob (delegatee) by using a re-encryption key generated by Alice. In PRE, non-transferability is a property that colluding proxies and delegatees cannot re-delegate decryption rights to a malicious user. In IWSEC 2011, Hayashi, Matsushita, Yoshida, Fujii, and Okada introduced the unforgeability of re-encryption keys against collusion attack (UFReKey-CA), which is a relaxed notion of the non-transferability. They also proposed a stronger security notion, the strong unforgeability of re-encryption keys against collusion attack (sUFReKey-CA). Since sUFReKey-CA implies UFReKey-CA and sUFReKey-CA is simpler (i.e. easier to treat) definition than UFReKey-CA, sUFReKey-CA is useful to prove UFReKey-CA. They then proposed two concrete constructions of PRE and claimed that they meet both replayable-CCA security and sUFReKey-CA under two new variants of the Diffi-Hellman inversion assumption. In this paper, we present two concrete attacks to their PRE schemes. The first attack is to the sUFReKey-CA property on their two schemes. The second attack is to the assumptions employed in the security proofs for sUFReKey-CA of their two schemes.


Proxy re-encryption non-transferability unforgeability of re-encryption keys 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: NDSS (2005)Google Scholar
  2. 2.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Hayashi, R., Matsushita, T., Yoshida, T., Fujii, Y., Okada, K.: Unforgeability of re-encryption keys against collusion attack in proxy re-encryption. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 210–229. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    He, Y., Chim, T., Hui, L., Yiu, S.: Non-transferable proxy re-encryption. In: Cryptology ePrint Archive (2010),
  5. 5.
    Libert, B., Vergnaud, D.: Tracing malicious proxies in proxy re-encryption. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 332–353. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Libert, B., Vergnaud, D.: Unidirectional chosen-ciphertext secure proxy re-encryption. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 360–379. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E85-A(2), 481–484 (2002)Google Scholar
  8. 8.
    Wang, L., Wang, L., Mambo, M., Okamoto, E.: New identity-based proxy re-encryption schemes to prevent collusion attacks. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 327–346. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Toshiyuki Isshiki
    • 1
  • Manh Ha Nguyen
    • 2
  • Keisuke Tanaka
    • 2
  1. 1.NEC CorporationJapan
  2. 2.Tokyo Institute of TechnologyJapan

Personalised recommendations