¡@

Identity-based proxy re-encryption (IBPRE) is a useful primitive, in the sense that a semi-trust proxy can translate ciphertexts originally intended for one identity into ciphertexts intended for another identity. The proxy, however, cannot learn anything about the underlying plaintexts. Mediated identity-based encryption (MIBE), introduced by Ding et al., is particularly useful for the immediate revocation of identities. In this paper, we study the relation between IBPRE and MIBE. We show that, under the chosenplaintext attack (CPA), IBPRE and MIBE are equivalent: we give a generic construction of CPA-secure IBPRE scheme from any CPA-secure MIBE scheme; and a generic construction for the opposite direction is also given. However, under the chosen-ciphertext attack (CCA), we show that IBPRE and MIBE are not equivalent: for an IBPRE scheme generically constructed from CCA-secure MIBE, we can give a concrete attack against this resulting IBPRE scheme; similarly, we also give a concrete attack against the MIBE scheme generically constructed from CCA-secure IBPRE. We believe that our results are theoretically interesting, since for the first time they clarify the relation between IBPRE and MIBE.

Keywords: identity-based proxy re-encryption, mediated identity-based encryption, chosen- plaintext attack, chosen-ciphertext attack, generic construction

Retrieve PDF document (201101_16.pdf)

Received January 12, 2009; revised July 1, 2009; accepted August 18, 2009.
Communicated by Wen-Guey Tzeng.
^* Project (No. 60573032, 60773092, 90604036, 60873229, 60903178, 60842002, 60673070) supported by the National Natural Science Foundation of China, and Project No. 2007AA01Z409 supported by the National High-Tech Research and Development Plan of China.