Bounded CCA2-Secure Proxy Re-encryption from Lattices
摘要
Proxy re-encryption (PRE) allows a semi-honest party (called a proxy) to convert ciphertexts under a public key into ciphertexts under another public key. Due to this functionality, there are various applications such as encrypted email forwarding, key escrow, and secure distributed file systems. On the other hand, post-quantum cryptography (PQC) is one of the most important research areas. However, there is no post-quantum PRE scheme with security against adaptive chosen ciphertext attacks (denoted by \(\textsf{CCA}2\) security) while many PRE schemes have been proposed so far. In this paper, we propose a bounded \(\textsf{CCA}2\) -secure PRE scheme based on CRYSTALS-Kyber (Kyber, for short) which is a selected algorithm in the NIST PQC competition. To this end, we present a generic construction of bounded \(\textsf{CCA}2\) -secure PRE. Our generic construction starts from PRE with (a variant of) security against chosen plaintext attacks (denoted by \(\textsf{CPA}\) security) and a new PRE’s property introduced in this paper. In order to instantiate our generic construction, we present a lattice-based PRE scheme with the required property. As a result, we can construct a bounded \(\textsf{CCA}2\) -secure PRE scheme from lattices.