A new proxy re-encryption scheme for protecting critical information systems

摘要

The risks of critical systems involved in key-recovery, key-escrow have barely taken to be seriously treated by the researchers. And the failures of even the best cryptographic techniques are often caused by the inherent security weaknesses in our computer systems rather than breaking the cryptographic mechanism directly. Thus key-recovery and key-escrow attacks are among the most important issues in protecting critical information systems. Proxy re-encryption, introduced by Blaze et al. in 1998, allows a proxy to transform a ciphertext computed under Alice's public key into one that can be opened under Bob's decryption key, without the proxy knowing any secret key of Alice and Bob, thus it can be used in modern critical information system well to avoid the key-recovery and key-escrow attack. In CANS'08, Deng et al. proposed the first IND-CCA2 secure proxy re-encryption without bilinear parings in the random oracle model. They left an open problem of constructing IND-CCA2 secure proxy re-encryption scheme in the standard model yet without pairings. In this paper, based on Cramer-Shoup encryption scheme, we try to solve this open problem by presenting a new proxy re-encryption scheme, which is IND-CCA2 secure in the standard model in a relatively weak model and does not use bilinear parings. Our main idea is roughly using the Cramer-Shoup encryption twice, but also taking care of the security in the security model of proxy re-encryption. We compare our work with Canetti-Hohen-berger scheme Ⅱ, the results show our scheme is more efficient. We also show its application in protecting the security of critical information systems.