In a proxy re-encryption (PRE) scheme, a proxy is given special information that allows it to translate a ciphertext under one key into a ciphertext of the same message under a different key. The proxy cannot, however, learn anything about the messages encrypted under either key. PRE schemes have many practical applications, including distributed storage, email, and DRM. Previously proposed re-encryption schemes achieved only semantic security; in contrast, applications often require security against chosen ciphertext attacks. We propose a definition of security against chosen ciphertext attacks for PRE schemes, and present a scheme that satisfies the definition. Our construction is efficient and based only on the Decisional Bilinear Diffie-Hellman assumption in the standard model. We also formally capture CCA security for PRE schemes via both a game-based definition and simulation-based definitions that guarantee universally composable security. We note that, simultaneously with our work, Green and Ateniese proposed a CCA-secure PRE, discussed herein.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. In NDSS, pages 29--43, 2005.
	2	Giuseppe Ateniese , Kevin Fu , Matthew Green , Susan Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.1-30, February 2006  [doi>10.1145/1127345.1127346]
	3	Boaz Barak , Ran Canetti , Jesper Buus Nielsen , Rafael Pass, Universally Composable Protocols with Relaxed Set-Up Assumptions, Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science, p.186-195, October 17-19, 2004  [doi>10.1109/FOCS.2004.71]
	4	Boaz Barak , Oded Goldreich , Russell Impagliazzo , Steven Rudich , Amit Sahai , Salil P. Vadhan , Ke Yang, On the (Im)possibility of Obfuscating Programs, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.1-18, August 19-23, 2001
	5	Matt Blaze, Gerrit Bleumer, and Martin Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT, vol. 1403, pages 127--144, 1998.
	6	Matt Blaze and Martin Strauss. Atomic proxy cryptography. Technical report, AT&T Research, 1997.
	7	Dan Boneh and Xavier Boyen. Efficient selective-ID secure identity-based encryption without random oracles. In EUROCRYPT '04, vol. 3027 of LNCS, pages 223--238, 2004.
	8	Dan Boneh , Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.213-229, August 19-23, 2001
	9	Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, 2001. See Cryptology ePrint Archive: Report 2000/067.
	10	Ran Canetti, Shai Halevi, and Jonathan Katz. A forward-secure public-key encryption scheme. In EUROCRYPT, vol 2656 of LNCS, pp. 255--271, 2003.
	11	Ran Canetti, Shai Halevi, and Jonathan Katz. Chosen-ciphertext security from identity-based encryption. In EUROCRYPT, vol. 3027 of LNCS, pages 207--222, 2004.
	12	Ran Canetti and Susan Hohenberger. Chosen-ciphertext secure proxy re-encryption. Cryptology ePrint Report 2007/171, 2007.
	13	Ran Canetti, Hugo Krawczyk, and Jesper B. Nielsen. Relaxing chosen-ciphertext security. In CRYPTO '03, vol. 2729 of LNCS, pages 565--582, 2003.
	14	Yevgeniy Dodis and Anca-Andreea Ivan. Proxy cryptography revisited. In NDSS '03, 2003.
	15	Steven D. Galbraith, Kenneth G. Paterson, and Nigel P. Smart. Pairings for cryptographers, 2006. Cryptology ePrint Archive: Report 2006/165.
	16	Shafi Goldwasser , Yael Tauman Kalai, On the Impossibility of Obfuscation with Auxiliary Input, Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science, p.553-562, October 23-25, 2005  [doi>10.1109/SFCS.2005.60]
	17	Philippe Golle, Markus Jakobsson, Ari Juels, and Paul F. Syverson. Universal re-encryption for mixnets. In CT-RSA, vol 2964 of LNCS, pages 163--178, 2004.
	18	Matthew Green and Giuseppe Ateniese. Identity-based proxy re-encryption. In ACNS '07, vol. 4521 of LNCS, pages 288--306, 2007.
	19	Jens Groth. Re-randomizable and replayable adaptive chosen ciphertext attack secure cryptosystems. In TCC '04, pages 152--170, 2004.
	20	Satoshi Hada, Zero-Knowledge and Code Obfuscation, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.443-457, December 03-07, 2000
	21	Susan Hohenberger, Guy N. Rothblum, abhi shelat, and Vinod Vaikuntanathan. Securely obfuscating re-encryption. In TCC, vol. 4392, pages 233--252, 2007.
	22	Markus Jakobsson, On Quorum Controlled Asymmetric Proxy Re-encryption, Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography, p.112-121, March 01-03, 1999
	23	Masahiro Mambo and Eiji Okamoto. Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts. IEICE Trans. Fund. Elect. Communications and CS, E80-A/1:54--63, 1997.
	24	Manoj Prabhakaran and Mike Rosulek. Rerandomizable RCCA encryption. In CRYPTO 2007.
	25	Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457--473, 2005.
	26	Tony Smith. DVD Jon: buy DRM-less Tracks from Apple iTunes, March 18, 2005. Available at http://www.theregister.co.uk/2005/03/18/itunes_pymusique.
	27	Lidong Zhou, Michael A. Marsh, Fred B. Schneider, and Anna Redz. Distributed blinding for El Gamal re-encryption. TR 1924, Cornell CS Dept., 2004.