The discovery and development of a new kind of technique must be related tothe realistic. Cryptology does too. For example, proxy re-cryptography. Proxy re-cryptography includes proxy re-signature and proxy re-encryption. In its develop-ment of decades of years, proxy re-encryption has been used in many applications,such as email forwarding, law enforcement, performing cryptographic operations onstorage-limited devicesï¼Œdigital rights management, and cloud-based data sharing,etc. Since we usually need to transform ciphertexts in real life, proxy re-encryptionis just the right technique to realize the transformation. Before the concept of proxyre-encryption was put forward at Eurocrypt,1998, ciphertext conversion between dif-ferent users was accomplished by means of decrypting the message, then-encryptingit with a new key, which implies access to the original plaintext and a reliable copy ofthe new encryption key. It is easy to find that there are two obvious disadvantages inthis way:(1) the delegator has to be online in order to decrypt the ciphertext;(2) themessage is exposed during the decryption and re-encryption. However, in a proxy re-encryption, the proxy performs the transformation from the delegator to the delegateeby using a re-encryption key. During the transformation, the proxy should not be ableto learn the plaintext. The proxy must carry out the scheme correctly.Though proxy re-encryption has been developed for decades of years, and manycryptographic researchers contribute lots to it. There are still some problems to besolved. Considering that it has become a hot spot using bilinear pairings as an impor-tant tool to construct new cryptographic schemes, in this thesis, we mainly engagedin designing new proxy re-encryption schemes with different attributions using bilin-ear pairings. Our work is mainly divided into four parts:(1) proxy re-encryption;(2)identity-based proxy re-encryption:(3)autonomous path proxy re-encryption; and(4)certificateless proxy re-encryption. The contribution is summarized as follows:1. By using the technique of Canetti and Hohenberger, a strongly unforgeable one- time signature technique, we propose a unidirectional and multi-use IND-CCA2secure proxy re-encryption scheme in the standard model. Our work gives adefinite answer to one of the six open problems left by Canetti and Hohenberg-er at ACM CCS,2007. In addition, considering that in all proxy re-encryptionschemes which are implemented in bilinear groups, they all use strongly un-forgeable one-time signature technique to ensure the non-malleablity of a ci-phertext. It directly results in reducing the efficiency of the scheme. Therefore,in this thesis, we propose a new unidirectional and single-use IND-CCA2secureproxy re-encryption scheme in the standard model without strongly unforgeableone-time signature. Compared with other proxy re-encryption schemes, ours arebetter both in computation cost and ciphertext size.2. Relative to public key proxy re-encryption cryptograph, identity based proxyre-encryption has received little attention. There are less papers than that ofpublic key proxy re-encryption. After the study of Greenâ€™s paper, we constructa new unidirectional and multi-use IND-CCA2secure identity-based proxy re-encryption scheme. This work gives a definite answer to the open problem leftby Green and Ateniese.3. In all the existed multi-use proxy re-encryption schemes, no delegator can con-trol the delegation path, which means, the more times the proxy re-encryptionscheme hops, the lower the trust degree becomes between the delegator and thedelegatee. However, in real scenario, the delegator may want to designate anoth-er delegatee by himself if his delegatee is unable to decrypt the ciphertext. It isdesirable to construct a flexible proxy re-encryption scheme which the delega-tor could control the next delegatee if the delegatee of his first choice is unableto complete the delegation. Therefore, in this thesis, we first propose a newcryptographic primitive, autonomous path proxy re-encryption. Meanwhile, weconstruct an IND-CPA secure and an IND-CCA secure schemes under this con-cept. Also, we give a detailed security proof of our schemes in this thesis.4. Certificateless public key cryptography eliminates the requirement of the use ofcertificates in a traditional public key infrastructure (PKI) and the built-in keyescrow feature in an identity-based cryptography. It is reasonable to think aboutdesigning a certificateless proxy re-encryption scheme. Such scheme must have special application in real life. Therefore, we propose a new unidirectional andmulti-use IND-CCA2secure certificateless proxy re-encryption scheme in thestandard model in this thesis. Meanwhile, we describe a concrete applicationscenario of this kind of scheme, a scalable certificateless architecture for multi-cast wireless Mesh network. |