SCCR: a generic approach to simultaneously achieve CCA security and collusion-resistance in proxy re-encryption



By allowing a proxy to blindly perform meaningful transformations from one ciphertext to another, proxy re-encryption (PRE) is an important cryptographic primitive in many applications, such as encrypted email forwarding and distributed file system. Due to its usefulness, various PRE schemes have been proposed; however, only one can simultaneously achieve chosen ciphertext security (CCA security) and collusion-resistance. When such schemes are deployed, lack of CCA security will cause secret leaking, and lack of collusion-resistance will cause non-repudiation damage. In this paper, we propose a novel approach (denoted SCCR) to simultaneously achieve CCA security and collusion-resistance in PRE, which faces daunting new challenges. We address these challenges by using CCA-secure (2, 2) threshold cryptosystem to obtain public verifiability, and the method of key management in identity-based encryption (IBE) to achieve collusion-resistance. These two novel techniques have not been yet used in any previous PRE schemes. A unique characteristic of SCCR is that it is a generic construction which has more advantages than a concrete PRE scheme does. Copyright © 2009 John Wiley & Sons, Ltd.