Cryptanalysis of Unidirectional Proxy Re-Encryption Scheme

摘要

At Eurocrypt 1998, Blaze, Bleumer and Strauss presented a new primitive called Proxy Re-Encryption (PRE). This new primitive allows semi trusted proxy to transform a ciphertext for Alice (delegator) into a ciphertext for Bob (delegatee) without knowing the message. Ateniese et al introduced master secret security as another security requirement for unidirectional PRE. Master secret security demands that no coalition of dishonest proxy and malicious delegatees can compute the master secret key (private key) of the delegator. In this paper, first we have shown that Aono et al's scheme is not secure under master secret security model. In other words if proxy and delegatee collude they can compute the private key of the delegator. Second, based on Aono et al's paper we have constructed unidirectional PRE which is also secure under master secret security model. Like, our scheme is also multi-use.