Proxy re-encryption (PRE), introduced by Blaze, Bleumer, and Strauss at EUROCRYPT 98, offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. PRE allows a semi-trusted third party termed as a “proxy” to securely divert ciphertexts of a user (delegator) to another user (delegatee) without revealing any information about the underlying messages to the proxy. Attribute-based proxy re-encryption (ABPRE) generalizes PRE by allowing such transformation of ciphertext under an access-policy into another ciphertext under a new access policy. Such a primitive facilitates fine-grained secure sharing of encrypted data in the cloud. In order to capture the application goals of PRE, the security model of (Attribute-based) PRE evolves over the decades. There are two well-established notions of security for (Attribute-based) proxy re-encryption schemes: security under chosen-plaintext attacks (C
Abstract
The concept of proxy re-encryption (PRE) dates back to the work of Blaze, Bleumer, and Strauss in 1998. PRE offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. PRE allows a semi-trusted third party termed as a “proxy” to securely divert encrypted files of user A (delegator) to user B (delegatee) without revealing any information about the underlying files to the proxy. To eliminate the necessity of having a costly certificate verification process, Green and Ateniese introduced an identity-based PRE (IB-PRE). The potential applicability of IB-PRE sprung up a long line of intensive research from its first instantiation. Unfortunately, till today, there is no collusion-resistant unidirectional IB-PRE secure in the standard model, which can withstand quantum attack. In this paper, we present the first concrete constructions of collusion-resistant unidirectional IB-PRE