Proxy re-encryption scheme supporting a selection of delegatees

Abstract

Proxy re-encryption is a cryptographic primitive proposed by Blaze, Bleumer and Strauss in 1998. It allows a user, Alice, to decide that in case of unavailability, one (or several) particular user, the delegatee, Bob, will be able to read her confidential messages. This is made possible thanks to a semi-trusted third party, the proxy, which is given by Alice a re-encryption key, computed with Alice's secret key and Bob's public key. This information allows the proxy to transform a ciphertext intended to Alice into a ciphertext intended to Bob. Very few constructions of proxy re-encryption scheme actually handle the concern that the original sender may not want his message to be read by Bob instead of Alice. In this article, we adapt the primitive of proxy re-encryption to allow a sender to choose who among the potential delegatees will be able to decrypt his messages, and propose a simple and efficient scheme which is secure under chosen plaintext attack under standard algorithmic assumptions in a bilinear setting. We also add to our scheme a traceability of the proxy so that Alice can detect if it has leaked some re-encryption keys. © 2014 Springer International Publishing.