AP-PRE: Autonomous Path Proxy Re-Encryption and Its Applications

In this paper, we introduce a new cryptographic primitive, called autonomous path proxy re-encryption (AP-PRE), which is motivated by several application scenarios where the delegator would like to control the whole delegation path in a multi-hop delegation process. Compared with the traditional proxy re-encryption, AP-PRE provides much better fine-grained access control to delegation path. Briefly speaking, in an AP-PRE scheme, the delegator designates a path of his preferred delegatees. The path consists of several delegatees with the privilege from high to low. If the delegatee in the path cannot complete the decryption, the decryption right is automatically delegated to the next one in the path. In this way, the delegator can ensure that the delegation has always been done among those delegatees the delegator trusts. Moreover, an AP-PRE scheme has to obey the following path rules. The delegation, for ciphertexts of a delegator i, can only be carried out on the autonomous path Pa_i designated by the delegator i, in the sense that (1) re-encrypted ciphertexts along the autonomous path Pa_i cannot branch off Pa_i with meaningful decryption, and (2) original ciphertexts generated under pk_j for j 6¼ i (i.e., for a path Pa_j different from Pa_i) cannot be inserted into (i.e., cannot be transformed along) the autonomous path Pa_i with meaningful decryption. We give the formal definition, as well as the formal security model, for this cryptographic primitive. Under this concept, we construct an IND-CPA secure AP-PRE scheme under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. Our scheme is with the useful properties of proxy re-encryption, i.e., unidirectionality and multi-hop.