Proxy Re-Cryptography Revisited

Proxy re-cryptography, proposed by Blaze et al. at Eurocrypt 1998 and formalized by Ateniese et al. at ACM CCS 2005 and NDSS 2005, allows a semi-trusted proxy with rekey to transform Alice's ciphertext (signature) to Bob's ciphertext (signature), but the proxy cannot get the corresponding plaintext (cannot generate any signature of Alice or Bob). Due to its transformation functionality, proxy re-cryptography can be used in many applications, such as DRM interoperable architecture, privacy for public transportation.Though it has been about 10 years since its invention, proxy re-cryptography is still in the infant stage. There are many open problems on proxy re-cryptography, and most of them are proposed at ACM CCS 2005 and ACM CCS 2007. In this thesis, many results on proxy re-cryptography, including the answers to four open problems, are obtained. They are listed as following.1. By using the hash function proposed by Waters at Eurocrypt 2005, the first proxy re-signature scheme which can be proved secure in the standard model is proposed. In this scheme, it only needs 2 exponentiation computation, 2 exponentiation computation and 2 pairing computation, and 2 pairing computation in signing algorithm, re-signing algorithm and verifying algorithm, respectively. This scheme is the answer of one of the open problems on proxy re-signature proposed in "New Technical Trends in Asymmetric Cryptography" (2007) by ECRYPT.2. In proxy re-signature, public keys are arbitrary strings unrelated to their owners' identities. A certificate issued by an authority is needed to bind the public key to its owner's identity before the public key is used by others. This implies complexity of certificate management. To solve this problem, we introduce the idea of ID-based into proxy re-signature. In such kind of proxy re-signature, the public key is its owner's identity information. Furthermore, we propose the security model of ID-based proxy re-signature, and give an ID-based proxy re-signature in the proposed model.3. We find that the current security model for multi-use unidirectional proxy re-signature does not cover all possible attacks, such as the collusion attack by Alice in a former level and a proxy in a latter level. Hence, we improve the security model, and propose the first multi-use unidirectional proxy re-signature scheme, which is proven secure in the random oracle model. This scheme is the answer of one of the open problems on proxy re-signature proposed by Ateniese and Hohenberger at ACM CCS 2005.4. As we know, the more properties the proxy re-signature scheme holds, the more applications it can be used in. However, we find that many proxy re-signature schemes do not hold collusion-resistant and temporary properties. Hence, we propose a compiler which adds collusion-resistant and temporary properties to proxy re-signature schemes.5. A new application of proxy re-signature is proposed, i.e., fair exchange.6. Two efficient CCA secure and collusion-resistant unidirectional proxy re-encryption schemes are proposed, which are proven secure in the random oracle model. To our best knowledge, they are more efficient than the existing CCA secure and collusion-resistant unidirectional proxy re-encryption schemes.7. By applying Canetti-Hohenberger technique, one time signature, and one time symmetric encryption, we propose the first CCA secure and collusion-resistant proxy re-encryption scheme which can be proven secure in the standard model. This scheme is the answer of one of the open problems on proxy re-encryption proposed by Canetti-Hohenberger at ACM CCS 2007.8. To our best knowledge, all existing CCA secure unidirectional proxy re-encryption schemes are implemented by pairings. However, it is shown that the cost of pairing computation is more than that of exponentiation computation. Hence, we propose three proxy re-encryption schemes without pairings, which can be proven secure in the random oracle model. These schemes are the answer one of the open problems on proxy re-encryption proposed by Canetti-Hohenberger at ACM CCS 2007.