On the security of two multi-use CCA-secure proxy re-encryption schemes

Abstract

In proxy re-encryption PRE, a semi-trusted proxy can convert a ciphertext originally intended for Alice into one which can be decrypted by Bob, while the proxy cannot know the corresponding plaintext. PRE can be classified as single-use PRE and multi-use PRE according to the times the ciphertext can be transformed. In multi-use PRE schemes, the ciphertext can be transformed from A to B and to C and so on. In CCS'09 post session, Wang et al. proposed a multi-use unidirectional CCA-secure proxy re-encryption scheme. Unfortunately, we show their proposal is not CCA-secure in the corresponding security models by giving concrete attacks. In 2010, Ren et al. proposed a hierarchical identity-based proxy re-encryption scheme without random oracles, and claimed their scheme was also multi-use and CCA-secure, we also show their scheme is not secure.