Unforgeability Of Re-Encryption Keys Against Collusion Attack In Proxy Re-Encryption

Proxy re-encryption (PRE) allows a proxy to convert a ciphertext encrypted for Alice (delegator) into a ciphertext for Bob (delegatee) by using a re-encryption key generated by Alice. In PRE, non-transferability is a desirable property that colluding proxies and delegatees cannot re-delegate decryption rights to a malicious user. However, it seems to be very difficult to directly construct a non-transferable PRE scheme albeit such attempts as in [9,15,8]. In this paper, we discuss the non-transferability and introduce a relaxed notion of the non-transferability, the unforgeability of re-encryption keys against collusion attack (UFReKey-CA), as one approach toward the non-transferability. We then propose two concrete constructions of PRE without random oracles that meet replayable-CCA security and UFReKey-CA assuming the q-wDBDHI and a variant of DHI problems are hard. Although the proposed schemes are partial solutions to non-transferable PRE, we believe that the results are significant steps toward the non-transferability.