Chosen Public Key and Ciphertext Secure Proxy Re-encryption Schemes

A proxy re-encryption scheme enables a proxy to re-encrypt a ciphertext and designate it to a delegatee. Proxy re-encryption schemes have been found useful in many applications, including e-mail forwarding, law-enforcement monitoring, and content distribution. Libert and Vergnaud presented the first construction of unidirectional proxy re-encryption scheme with chosen ciphertext security in the standard model in PKC 2008. In this paper, we show the insecurity of Libert and Vergnaud's scheme against chosen public key attack. We note that this insecurity is not considered in the original model proposed by Libert and Vergnaud's, but we argue that our attack is very realistic and important in this scenario. Furthermore, we present a new and efficient construction proxy re-encryption (PRE) scheme. We provide chosen public key and chosen ciphertext attack security analysis for our scheme and compare their performance.