Journal of the Institute of Electronics Engineers of Korea CI (전자공학회논문지CI)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

ID-Based Proxy Re-encryption Scheme with Chosen-Ciphertext Security

CCA 안전성을 제공하는 ID기반 프락시 재암호화 기법

  • Koo, Woo-Kwon (Graduate School of Information Management & Security, Korea University) ;
  • Hwang, Jung-Yeon (Graduate School of Information Management & Security, Korea University) ;
  • Kim, Hyoung-Joong (Graduate School of Information Management & Security, Korea University) ;
  • Lee, Dong-Hoon (Graduate School of Information Management & Security, Korea University)
  • 구우권 (고려대학교 정보경영공학전문대학원) ;
  • 황정연 (고려대학교 정보경영공학전문대학원) ;
  • 김형중 (고려대학교 정보경영공학전문대학원) ;
  • 이동훈 (고려대학교 정보경영공학전문대학원)
  • Published : 2009.01.25
Download PDF
⟨ Previous Next ⟩

Abstract

A proxy re-encryption scheme allows Alice to temporarily delegate the decryption rights to Bob via a proxy. Alice gives the proxy a re-encryption key so that the proxy can convert a ciphertext for Alice into the ciphertext for Bob. Recently, ID-based proxy re-encryption schemes are receiving considerable attention for a variety of applications such as distributed storage, DRM, and email-forwarding system. And a non-interactive identity-based proxy re-encryption scheme was proposed for achieving CCA-security by Green and Ateniese. In the paper, we show that the identity-based proxy re-encryption scheme is unfortunately vulnerable to a collusion attack. The collusion of a proxy and a malicious user enables two parties to derive other honest users' private keys and thereby decrypt ciphertexts intended for only the honest user. To solve this problem, we propose two ID-based proxy re-encryption scheme schemes, which are proved secure under CPA and CCA in the random oracle model. For achieving CCA-security, we present self-authentication tag based on short signature. Important features of proposed scheme is that ciphertext structure is preserved after the ciphertext is re-encrypted. Therefore it does not lead to ciphertext expansion. And there is no limitation on the number of re-encryption.

ID기반 재암호화 기법(ID-based foxy re-encryption scheme)은 사용자 간의 복호 능력 위임을 가능하게 하며 분산 데이터 저장, DRM, 이메일 전달 시스템 등의 다양한 분산 암호시스템을 위해 활발히 연구되고 있다. 최근 재암호화키 생성의 비상호성(Non-interactivity)을 제공하는 기법이 Green과 Ateniese에 의해 제안되었다. 이 기법은 선택 암호문 공격에 대한 안전성을 제공하기 위해 설계되었다. 본 논문에서는 Green-Ateniese ID기반 재암호화 기법이 근본적으로 사용자 키 노출 공격에 취약함을 보이고 선택 암호문 공격에 대한 안전성이 보장되지 않음을 증명한다. 그리고 이러한 보안 취약점을 해결하는 새로운 두 가지 ID기반 재암호화 기법들을 제안한다. 제안 기법들이 랜덤 오라클 모델(Random Oracle Model)에서 단순 평문 공격과 선택 암호문 공격에 대해 각각 안전함을 증명한다. 선택 암호문 공격에 안전한 제안 기법을 구성하기 위해, 본 논문에서는 최초로 짧은 서명에 기반한 자가 인증 기법을 고안하여 적용한다. 제안 기법의 중요한 특징은 재암호화 후 암호문의 구조가 유지되는 것이다. 따라서 이전 기법들과는 대조적으로 암호문 확장이 발생되지 않는다. 또한 재암호화의 횟수에 제한이 없어서 연속적인 암호문 변환이 가능하여 다중의 사용자를 위한 복호 능력 위임을 구현할 수 있다.

Keywords

References

  1. G. Ateniese, K. Fu, M. Green and S. Hohenberger, 'Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage', In: NDSS (2005)
  2. G. Ateniese, K, Fu, M. Green, S. Hohenberger, 'Improved proxy re-encryption schemes with applications to secure distributed storage', ACM TISSEC 9(1), 1–.30 (2006) https://doi.org/10.1145/1127345.1127346
  3. M. Blaze, G. Bleumer, M. Strauss, 'Divertible protocols and atomic proxy cryptography', In: Proceedings of Eurocrypt '98. Volume 1403. (1998) 127–44 https://doi.org/10.1007/BFb0054122
  4. D. Boneh, M. Franklin, 'Identity-based encryption from the Weil pairing', In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–.229. Springer, Heidelberg (2001) https://doi.org/10.1007/3-540-44647-8_13
  5. D. Boneh, E.J. Goh, T. Matsuo, 'Proposal for P1363.3 Proxy Re-encryption' (http: //grouper.ieee.org/groups/1363/IBC/submissions/NTTDataProposalfor-P1363.3-2006-09-01.pdf)
  6. R. Canetti, S. Halevi, J. Katz., 'Chosen- Ciphertext Security from Identity-Based Encryption', In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–.222. Springer, Heidelberg (2004) https://doi.org/10.1007/978-3-540-24676-3_13
  7. R. Canetti, S. Hohenberger, 'Chosen-Ciphertext Secure Proxy Re-Encryption', In: ACM CCS 2007, pp. 185–.194. New York (2007)
  8. Y. Dodis, A. Ivan, 'Proxy cryptography revisited', In: Proceedings of the Tenth Network and Distributed System Security Symposium. (2003)
  9. E. Fujisaki, T. Okamoto, 'Secure integration of asymmetric and symmetric encryption schemes' In: Proceedings of Crypto '99. Volume 1666 of Lecture Notes in Computer Science., Springer (1999) 537–54 https://doi.org/10.1007/3-540-48405-1_34
  10. M. Green, G. Ateniese, 'Identity-Based Proxy Re-encryption', In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 288–.306. Springer, Heidelberg (2007) https://doi.org/10.1007/978-3-540-72738-5_19
  11. B. Libert, D. Vergnaud,, 'Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption', In: PKC 2008. LNCS, vol. 4939, pp. 360–.379. Springer, Heidelberg (2008) https://doi.org/10.1007/978-3-540-78440-1_21
  12. M. Mambo, E. Okamoto,: Proxy Cryptosystems, 'Delegation of the Power to Decrypt Ciphertexts', IEICE Trans. Fund. Elect. Communications and CS, E80-A/1, 54–.63 (1997)
  13. T. Matsuo, 'Proxy Re-encryption Systems for Identity-Based Encryption', In: Pairing 2007. LNCS, vol. 4575, pp. 247–.367. Springer, Heidelberg https://doi.org/10.1007/978-3-540-73489-5_13
  14. P. Yang, T. Kitagawa, G. Hanaoka, R. Zhang, K. Matsurra, H. Imai, 'Applying Fugisaki-Okamoto to Identity-Based Encryption,' Applied Algebra, Algebraic Algorithms and Error-Correcting Codes (AAECC-16). LNCS, vol. 3857, pp. 183–192. Springer, Heidelberg (2006) https://doi.org/10.1007/11617983_18