TY - GEN
T1 - Tightly, Adaptively Secure Proxy Re-encryption in Multi-challenge Setting
AU - Ling, Yunhao
AU - Chen, Jie
AU - Bao, Zijian
AU - Au, Man Ho
AU - Wang, Luping
AU - Qian, Haifeng
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2026.
PY - 2026
Y1 - 2026
N2 - Proxy Re-Encryption (PRE) enables a proxy to transform ciphertexts encrypted under Alice’s key into ciphertexts under Bob’s key, allowing Bob to decrypt them. As a powerful cryptographic primitive, PRE has been extensively studied over the past two decades. However, an open problem remains unresolved, namely constructing an adaptively secure PRE scheme where the security reduction is tight. In this paper, we present the first PRE scheme that achieves adaptive security in multi-challenge setting, with a tight security reduction, i.e., constant security loss O(1). In our setting, the adversary can obtain multiple challenge ciphertexts for multiple target users, capturing a more realistic and powerful adversary. In contrast, previous works established adaptive security only under the single-challenge setting, where the adversary is restricted to a single challenge query, and such schemes incur security losses of nO(logn) for trees and chains, and nO(n) for general graphs, where n is the number of users. Our construction is based on composite-order bilinear groups, and we prove the security in the standard model. The results indicate that our security guarantees do not degrade with respect to either the number of users or the number of ciphertexts, thanks to the tight reduction.
AB - Proxy Re-Encryption (PRE) enables a proxy to transform ciphertexts encrypted under Alice’s key into ciphertexts under Bob’s key, allowing Bob to decrypt them. As a powerful cryptographic primitive, PRE has been extensively studied over the past two decades. However, an open problem remains unresolved, namely constructing an adaptively secure PRE scheme where the security reduction is tight. In this paper, we present the first PRE scheme that achieves adaptive security in multi-challenge setting, with a tight security reduction, i.e., constant security loss O(1). In our setting, the adversary can obtain multiple challenge ciphertexts for multiple target users, capturing a more realistic and powerful adversary. In contrast, previous works established adaptive security only under the single-challenge setting, where the adversary is restricted to a single challenge query, and such schemes incur security losses of nO(logn) for trees and chains, and nO(n) for general graphs, where n is the number of users. Our construction is based on composite-order bilinear groups, and we prove the security in the standard model. The results indicate that our security guarantees do not degrade with respect to either the number of users or the number of ciphertexts, thanks to the tight reduction.
KW - Adaptive security
KW - Multi-challenge setting
KW - Multi-user security
KW - Proxy re-encryption
KW - Tight security
UR - https://www.scopus.com/pages/publications/105024751454
U2 - 10.1007/978-981-95-5119-4_6
DO - 10.1007/978-981-95-5119-4_6
M3 - 会议稿件
AN - SCOPUS:105024751454
SN - 9789819551187
T3 - Lecture Notes in Computer Science
SP - 174
EP - 204
BT - Advances in Cryptology - ASIACRYPT 2025 - 31st International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
A2 - Hanaoka, Goichiro
A2 - Yang, Bo-Yin
PB - Springer Science and Business Media Deutschland GmbH
T2 - 31st Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2025
Y2 - 8 December 2025 through 12 December 2025
ER -