Proxy Impersonation Safe Conditional Proxy Re-Encryption

摘要

Proxy Re-Encryption (PRE) allows a proxy to convert a ciphertext encrypted under the public key of a user A to a ciphertext encrypted under the public key of another user B, without knowing the plaintext. If A wishes that encrypted message (under his public key) in the cloud be accessible / readable to another user B, then a protocol involving A, B and proxy is run to generate re-encryption key. Proxy may now convert any message encrypted under the key of A to the another ciphertext encrypted under the key of B. In order to prevent the proxy from converting all the encrypted messages, the notion of Conditional Proxy Re-encryption (CPRE) was introduced in the literature. In CPRE, the user A specifies not only the target user B, but also the type of messages that the proxy is allowed to re-encrypt for B. One obvious security requirement for such a scheme is that the proxy should not be able to obtain the secret key of A or B by colluding with B or A respectively. Designing a collusion resistant CPRE is an interesting and challenging task. While the existing ID based CPRE schemes have the collusion resistance property, they lack another important security requirement which we refer as the Proxy Impersonation (PI). Suppose, B gets a re-encrypted ciphertext through a proxy. If this enables B to convert this encrypted message from A to another message for user C (without the involvement of proxy or A), then B is said to Impersonate the proxy. If such an impersonation is possible, then that would lead to distribution rights violation of encrypted contents, specifically, in the context of media content streaming and networked file storage on cloud. We first show that the existing ID based CPRE scheme suffers from Proxy Impersonation weakness. Then, we move to the design of a novel ID based CPRE that is secure against Proxy Impersonation. We formally prove the security property in random oracle model.