Proxy re-encryption (PRE) allows a semi-honest party (called a proxy) to convert ciphertexts under a public key into ciphertexts under another public key. Due to this functionality, there are various applications such as encrypted email forwarding, key escrow, and secure distributed file systems. On the other hand, post-quantum cryptography (PQC) is one of the most important research areas. However, there is no post-quantum PRE scheme with security against adaptive chosen ciphertext attacks (denoted by \(\textsf{CCA}2\) security) while many PRE schemes have been proposed so far. In this paper, we propose a bounded \(\textsf{CCA}2\) -secure PRE scheme based on CRYSTALS-Kyber (Kyber, for short) which is a selected algorithm in the NIST PQC competition. To this end, we present a generic construction of bounded \(\textsf{CCA}2\) -secure PRE. Our generic construction starts from PRE with (a variant of) security against chosen plaintext attacks (denoted by \(\textsf{CPA}\) security) and a new PRE’s property introduced in this paper. In order to instantiate our generic construction, we present a lattice-based PRE scheme with the required property. As a result, we can construct a bounded \(\textsf{CCA}2\) -secure PRE scheme from lattices.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Bounded CCA2-Secure Proxy Re-encryption from Lattices

  • Shingo Sato,
  • Junji Shikata

摘要

Proxy re-encryption (PRE) allows a semi-honest party (called a proxy) to convert ciphertexts under a public key into ciphertexts under another public key. Due to this functionality, there are various applications such as encrypted email forwarding, key escrow, and secure distributed file systems. On the other hand, post-quantum cryptography (PQC) is one of the most important research areas. However, there is no post-quantum PRE scheme with security against adaptive chosen ciphertext attacks (denoted by \(\textsf{CCA}2\) security) while many PRE schemes have been proposed so far. In this paper, we propose a bounded \(\textsf{CCA}2\) -secure PRE scheme based on CRYSTALS-Kyber (Kyber, for short) which is a selected algorithm in the NIST PQC competition. To this end, we present a generic construction of bounded \(\textsf{CCA}2\) -secure PRE. Our generic construction starts from PRE with (a variant of) security against chosen plaintext attacks (denoted by \(\textsf{CPA}\) security) and a new PRE’s property introduced in this paper. In order to instantiate our generic construction, we present a lattice-based PRE scheme with the required property. As a result, we can construct a bounded \(\textsf{CCA}2\) -secure PRE scheme from lattices.